adulau/misp-circl-feed
1
0
Fork 0
Code Issues 1 Pull requests Projects 1 Releases Packages Wiki Activity Actions
misp-circl-feed/feeds/circl/stix-2.1/5c0661f7-77a0-4ec9-bdcf-d447950d210f.json

662 lines
95 KiB
JSON
Raw Normal View History

chg: [misp-stix] STIX 2.1 export added
2023-04-21 14:44:17 +00:00
{
"type": "bundle",
"id": "bundle--5c0661f7-77a0-4ec9-bdcf-d447950d210f",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-12-05T10:18:18.000Z",
"modified": "2018-12-05T10:18:18.000Z",
"name": "CIRCL",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--5c0661f7-77a0-4ec9-bdcf-d447950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-12-05T10:18:18.000Z",
"modified": "2018-12-05T10:18:18.000Z",
"name": "MAR-10219351.r1.v2 (SamSam ransomware)",
"published": "2018-12-05T10:18:24Z",
"object_refs": [
"observed-data--9c22cd87-034c-4f13-b5b6-0b11ce921c19",
"mutex--9c22cd87-034c-4f13-b5b6-0b11ce921c19",
"x-misp-object--0b3ce6aa-7d13-4598-89df-292867dc711b",
"indicator--2e42e17e-129e-4a50-8b85-e25017e4a200",
"indicator--51613051-81c4-4d8f-b654-9128d8855103",
"observed-data--cf57100b-06e3-462b-baf1-71d4b0096983",
"file--cf57100b-06e3-462b-baf1-71d4b0096983",
"observed-data--bb019b83-bcaa-4353-bf2e-ea2425d398de",
"file--bb019b83-bcaa-4353-bf2e-ea2425d398de",
"indicator--8168c6de-3598-40b0-af61-205f042834f9",
"indicator--df23d0f6-2ef5-45f3-b3c5-58c636b121e7",
"x-misp-object--b9f6c4b6-1431-4e3d-915a-2dc447d81df0",
"x-misp-object--affa0461-629a-4426-bb76-4fa931bae09d",
"x-misp-object--a214b755-106e-4570-ac46-183981271166",
"x-misp-object--32245044-b56d-462f-923f-2aab9aec023a",
"x-misp-object--b0883323-1009-4304-b5b4-f6a365e3132a",
"x-misp-object--b7245318-b001-4969-a858-0bd38e20c62c",
"x-misp-object--9510431d-6748-44fb-be9d-08dfb6db091a",
"x-misp-object--1dd02ead-249e-41ed-a5c6-dd1ba5848048",
"relationship--f2416703-0993-4e28-a956-f0c80bf766d0",
"relationship--7e45859b-6189-4413-bb41-9d2383217c11",
"relationship--b26e345e-25e1-4099-9e9c-154695df9026"
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"misp-galaxy:malpedia=\"SamSam\"",
"misp-galaxy:ransomware=\"Samas-Samsam\""
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--9c22cd87-034c-4f13-b5b6-0b11ce921c19",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-12-04T11:16:07.000Z",
"modified": "2018-12-04T11:16:07.000Z",
"first_observed": "2018-12-04T11:16:07Z",
"last_observed": "2018-12-04T11:16:07Z",
"number_observed": 1,
"object_refs": [
"mutex--9c22cd87-034c-4f13-b5b6-0b11ce921c19"
],
"labels": [
"misp:type=\"mutex\"",
"misp:category=\"Artifacts dropped\""
]
},
{
"type": "mutex",
"spec_version": "2.1",
"id": "mutex--9c22cd87-034c-4f13-b5b6-0b11ce921c19",
"name": "Global\\\u00e5\u2020\u00b0\u00c7\u00a3"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--0b3ce6aa-7d13-4598-89df-292867dc711b",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-12-04T11:16:07.000Z",
"modified": "2018-12-04T11:16:07.000Z",
"labels": [
"misp:name=\"original-imported-file\"",
"misp:meta-category=\"file\""
],
"x_misp_attributes": [
{
"type": "attachment",
"object_relation": "imported-sample",
"value": "MAR-10219351.r1.v2.stix.xml",
"category": "External analysis",
"uuid": "95aeb609-955a-4d6d-a5a2-9f2ae2e99756",
"data": "PHN0aXg6U1RJWF9QYWNrYWdlIHhtbG5zOmN5Ym94Q29tbW9uPSJodHRwOi8vY3lib3gubWl0cmUub3JnL2NvbW1vbi0yIiB4bWxuczpjeWJveD0iaHR0cDovL2N5Ym94Lm1pdHJlLm9yZy9jeWJveC0yIiB4bWxuczpjeWJveFZvY2Ficz0iaHR0cDovL2N5Ym94Lm1pdHJlLm9yZy9kZWZhdWx0X3ZvY2FidWxhcmllcy0yIiB4bWxuczpGaWxlT2JqPSJodHRwOi8vY3lib3gubWl0cmUub3JnL29iamVjdHMjRmlsZU9iamVjdC0yIiB4bWxuczpNdXRleE9iaj0iaHR0cDovL2N5Ym94Lm1pdHJlLm9yZy9vYmplY3RzI011dGV4T2JqZWN0LTIiIHhtbG5zOldpbkV4ZWN1dGFibGVGaWxlT2JqPSJodHRwOi8vY3lib3gubWl0cmUub3JnL29iamVjdHMjV2luRXhlY3V0YWJsZUZpbGVPYmplY3QtMiIgeG1sbnM6V2luRmlsZU9iaj0iaHR0cDovL2N5Ym94Lm1pdHJlLm9yZy9vYmplY3RzI1dpbkZpbGVPYmplY3QtMiIgeG1sbnM6bWFya2luZz0iaHR0cDovL2RhdGEtbWFya2luZy5taXRyZS5vcmcvTWFya2luZy0xIiB4bWxuczp0bHBNYXJraW5nPSJodHRwOi8vZGF0YS1tYXJraW5nLm1pdHJlLm9yZy9leHRlbnNpb25zL01hcmtpbmdTdHJ1Y3R1cmUjVExQLTEiIHhtbG5zOlRPVU1hcmtpbmc9Imh0dHA6Ly9kYXRhLW1hcmtpbmcubWl0cmUub3JnL2V4dGVuc2lvbnMvTWFya2luZ1N0cnVjdHVyZSNUZXJtc19PZl9Vc2UtMSIgeG1sbnM6bWFlY0J1bmRsZT0iaHR0cDovL21hZWMubWl0cmUub3JnL1hNTFNjaGVtYS9tYWVjLWJ1bmRsZS00IiB4bWxuczptYWVjUGFja2FnZT0iaHR0cDovL21hZWMubWl0cmUub3JnL1hNTFNjaGVtYS9tYWVjLXBhY2thZ2UtMiIgeG1sbnM6bWFlY1ZvY2Ficz0iaHR0cDovL21hZWMubWl0cmUub3JnL2RlZmF1bHRfdm9jYWJ1bGFyaWVzLTEiIHhtbG5zOmluY2lkZW50PSJodHRwOi8vc3RpeC5taXRyZS5vcmcvSW5jaWRlbnQtMSIgeG1sbnM6aW5kaWNhdG9yPSJodHRwOi8vc3RpeC5taXRyZS5vcmcvSW5kaWNhdG9yLTIiIHhtbG5zOnR0cD0iaHR0cDovL3N0aXgubWl0cmUub3JnL1RUUC0xIiB4bWxuczpzdGl4Q29tbW9uPSJodHRwOi8vc3RpeC5taXRyZS5vcmcvY29tbW9uLTEiIHhtbG5zOnN0aXhWb2NhYnM9Imh0dHA6Ly9zdGl4Lm1pdHJlLm9yZy9kZWZhdWx0X3ZvY2FidWxhcmllcy0xIiB4bWxuczpzdGl4LW1hZWM9Imh0dHA6Ly9zdGl4Lm1pdHJlLm9yZy9leHRlbnNpb25zL01hbHdhcmUjTUFFQzQuMS0xIiB4bWxuczpzdGl4PSJodHRwOi8vc3RpeC5taXRyZS5vcmcvc3RpeC0xIiB4bWxuczpOQ0NJQz0iaHR0cDovL3d3dy51cy1jZXJ0Lmdvdi8iIHhtbG5zOnhzaT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS9YTUxTY2hlbWEtaW5zdGFuY2UiIHhzaTpzY2hlbWFMb2NhdGlvbj0iICBodHRwOi8vY3lib3gubWl0cmUub3JnL2NvbW1vbi0yIGh0dHA6Ly9jeWJveC5taXRyZS5vcmcvWE1MU2NoZW1hL2NvbW1vbi8yLjEvY3lib3hfY29tbW9uLnhzZCAgaHR0cDovL2N5Ym94Lm1pdHJlLm9yZy9jeWJveC0yIGh0dHA6Ly9jeWJveC5taXRyZS5vcmcvWE1MU2NoZW1hL2NvcmUvMi4xL2N5Ym94X2NvcmUueHNkICBodHRwOi8vY3lib3gubWl0cmUub3JnL2RlZmF1bHRfdm9jYWJ1bGFyaWVzLTIgaHR0cDovL2N5Ym94Lm1pdHJlLm9yZy9YTUxTY2hlbWEvZGVmYXVsdF92b2NhYnVsYXJpZXMvMi4xL2N5Ym94X2RlZmF1bHRfdm9jYWJ1bGFyaWVzLnhzZCAgaHR0cDovL2N5Ym94Lm1pdHJlLm9yZy9vYmplY3RzI0ZpbGVPYmplY3QtMiBodHRwOi8vY3lib3gubWl0cmUub3JnL1hNTFNjaGVtYS9vYmplY3RzL0ZpbGUvMi4xL0ZpbGVfT2JqZWN0LnhzZCAgaHR0cDovL2N5Ym94Lm1pdHJlLm9yZy9vYmplY3RzI011dGV4T2JqZWN0LTIgaHR0cDovL2N5Ym94Lm1pdHJlLm9yZy9YTUxTY2hlbWEvb2JqZWN0cy9NdXRleC8yLjEvTXV0ZXhfT2JqZWN0LnhzZCAgaHR0cDovL2N5Ym94Lm1pdHJlLm9yZy9vYmplY3RzI1dpbkV4ZWN1dGFibGVGaWxlT2JqZWN0LTIgaHR0cDovL2N5Ym94Lm1pdHJlLm9yZy9YTUxTY2hlbWEvb2JqZWN0cy9XaW5fRXhlY3V0YWJsZV9GaWxlLzIuMS9XaW5fRXhlY3V0YWJsZV9GaWxlX09iamVjdC54c2QgIGh0dHA6Ly9jeWJveC5taXRyZS5vcmcvb2JqZWN0cyNXaW5GaWxlT2JqZWN0LTIgaHR0cDovL2N5Ym94Lm1pdHJlLm9yZy9YTUxTY2hlbWEvb2JqZWN0cy9XaW5fRmlsZS8yLjEvV2luX0ZpbGVfT2JqZWN0LnhzZCAgaHR0cDovL2RhdGEtbWFya2luZy5taXRyZS5vcmcvTWFya2luZy0xIGh0dHA6Ly9zdGl4Lm1pdHJlLm9yZy9YTUxTY2hlbWEvZGF0YV9tYXJraW5nLzEuMS4xL2RhdGFfbWFya2luZy54c2QgIGh0dHA6Ly9kYXRhLW1hcmtpbmcubWl0cmUub3JnL2V4dGVuc2lvbnMvTWFya2luZ1N0cnVjdHVyZSNUTFAtMSBodHRwOi8vc3RpeC5taXRyZS5vcmcvWE1MU2NoZW1hL2V4dGVuc2lvbnMvbWFya2luZy90bHAvMS4xLjEvdGxwX21hcmtpbmcueHNkICBodHRwOi8vZGF0YS1tYXJraW5nLm1pdHJlLm9yZy9leHRlbnNpb25zL01hcmtpbmdTdHJ1Y3R1cmUjVGVybXNfT2ZfVXNlLTEgaHR0cDovL3N0aXgubWl0cmUub3JnL1hNTFNjaGVtYS9leHRlbnNpb25zL21hcmtpbmcvdGVybXNfb2ZfdXNlLzEuMC4xL3Rlcm1zX29mX3VzZV9tYXJraW5nLnhzZCAgaHR0cDovL21hZWMubWl0cmUub3JnL1hNTFNjaGVtYS9tYWVjLWJ1bmRsZS00IGh0dHA6Ly9tYWVjLm1pdHJlLm9yZy9sYW5ndWFnZS92ZXJzaW9uNC4xL21hZWNfYnVuZGxlX3NjaGVtYS54c2QgIGh0dHA6Ly9tYWVjLm1pdHJlLm9yZy9YTUxTY2hlbWEvbWFlYy1wYWNrYWdlLTIgaHR0cDovL21hZWMubWl0cmUub3JnL2xhbmd1YWdlL3ZlcnNpb240LjEvbWFlY19wYWNrYWdlX3NjaGVtYS54c2QgIGh0dHA6Ly9tYWVjLm1pdHJlLm9yZy9kZWZhdWx0X3ZvY2FidWxhcmllcy0xIGh0dHA6Ly9tYWVjLm1pdHJlLm9yZy9sYW5ndWFnZS92ZXJzaW9uNC4xL21hZWNfZGVmYXVsdF92b2NhYnVsYXJpZXMueHNkICBodHRwOi8vc3RpeC5taXRyZS5vcmcvSW5jaWRlbnQtMSBodHRwOi8vc3RpeC5taXRyZS5vcmcvWE1MU2NoZW1hL2luY2lkZW50LzEuMS4xL2luY2lkZW50LnhzZCAgaHR0cDovL3
},
{
"type": "text",
"object_relation": "format",
"value": "STIX 1.1.1",
"category": "Other",
"uuid": "7aa3cc6a-0875-46ef-b9b1-ab72e318b8d9"
}
],
"x_misp_meta_category": "file",
"x_misp_name": "original-imported-file"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--2e42e17e-129e-4a50-8b85-e25017e4a200",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-12-04T11:16:08.000Z",
"modified": "2018-12-04T11:16:08.000Z",
"pattern": "[file:hashes.MD5 = '222d7fde37ae344824a97087d473cdcd' AND file:hashes.SHA1 = '90205a2761ed7ac3b188230786ec2bebd30effba' AND file:hashes.SHA256 = '5d65ebdde1aef8f23114f95454287e7410965288f144d880ece2a2b8c3128645']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-12-04T11:16:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--51613051-81c4-4d8f-b654-9128d8855103",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-12-04T11:16:09.000Z",
"modified": "2018-12-04T11:16:09.000Z",
"pattern": "[file:hashes.MD5 = 'fe3ae84a8defc809e734bbd0736f82de' AND file:hashes.SHA1 = '04a2ea4c78f78d628800c0a5cb9547a0c0b14378' AND file:hashes.SHA256 = 'd8d919d884b86e4d5977598bc9d637ed53e21d5964629d0427077e08ddbcba68']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-12-04T11:16:09Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--cf57100b-06e3-462b-baf1-71d4b0096983",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-12-04T11:16:13.000Z",
"modified": "2018-12-04T11:16:13.000Z",
"first_observed": "2018-12-04T11:16:13Z",
"last_observed": "2018-12-04T11:16:13Z",
"number_observed": 1,
"object_refs": [
"file--cf57100b-06e3-462b-baf1-71d4b0096983"
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"False\""
]
},
{
"type": "file",
"spec_version": "2.1",
"id": "file--cf57100b-06e3-462b-baf1-71d4b0096983",
"hashes": {
"MD5": "222d7fde37ae344824a97087d473cdcd",
"SHA-1": "90205a2761ed7ac3b188230786ec2bebd30effba",
"SHA-256": "5d65ebdde1aef8f23114f95454287e7410965288f144d880ece2a2b8c3128645",
"SHA-512": "177f25c2e454b5366719a5536e25dbf16ab5cb01b1886b18ea1477671651191cbf663cf1754990c618be1d7c36bf523aaac8528d94a1d49583213dc8a0dee98a",
"SSDEEP": "24576:PLvqxk7+y/4NmWPWKrbE6qqE56Hglx8zudJhTyGwcKe:+"
},
"size": 1024512,
"name": "prelecturedexe.exe",
"x_misp_entropy": "4.695794",
"x_misp_mimetype": "PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--bb019b83-bcaa-4353-bf2e-ea2425d398de",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-12-04T11:16:18.000Z",
"modified": "2018-12-04T11:16:18.000Z",
"first_observed": "2018-12-04T11:16:18Z",
"last_observed": "2018-12-04T11:16:18Z",
"number_observed": 1,
"object_refs": [
"file--bb019b83-bcaa-4353-bf2e-ea2425d398de"
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"False\""
]
},
{
"type": "file",
"spec_version": "2.1",
"id": "file--bb019b83-bcaa-4353-bf2e-ea2425d398de",
"hashes": {
"MD5": "fe3ae84a8defc809e734bbd0736f82de",
"SHA-1": "04a2ea4c78f78d628800c0a5cb9547a0c0b14378",
"SHA-256": "d8d919d884b86e4d5977598bc9d637ed53e21d5964629d0427077e08ddbcba68",
"SHA-512": "9cb6ddb8a0b9329fe08fcf8a02d45c43222432d6e145f55deacb019f772970513d3ddfa589a002c0abf190fa8712d41e08aab51836685aed9bf30d118ea00a5e",
"SSDEEP": "3072:Sa6J+OIazQ94ZPaqa7YHmIZwUSToQemTIC6:A+OIa094ZPRakH/+USE"
},
"size": 409600,
"name": "proteusdlll.dll",
"x_misp_entropy": "4.645654",
"x_misp_mimetype": "PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--8168c6de-3598-40b0-af61-205f042834f9",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-12-04T11:16:13.000Z",
"modified": "2018-12-04T11:16:13.000Z",
"pattern": "[file:extensions.'windows-pebinary-ext'.number_of_sections = '4' AND file:extensions.'windows-pebinary-ext'.x_misp_internal_filename = 'prelecturedexe.exe' AND file:extensions.'windows-pebinary-ext'.x_misp_original_filename = 'prelecturedexe.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-12-04T11:16:13Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"pe\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--df23d0f6-2ef5-45f3-b3c5-58c636b121e7",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-12-04T11:16:18.000Z",
"modified": "2018-12-04T11:16:18.000Z",
"pattern": "[file:extensions.'windows-pebinary-ext'.number_of_sections = '4' AND file:extensions.'windows-pebinary-ext'.x_misp_internal_filename = 'proteusdlll.dll' AND file:extensions.'windows-pebinary-ext'.x_misp_original_filename = 'proteusdlll.dll']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-12-04T11:16:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"pe\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--b9f6c4b6-1431-4e3d-915a-2dc447d81df0",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-12-04T11:16:11.000Z",
"modified": "2018-12-04T11:16:11.000Z",
"labels": [
"misp:name=\"pe-section\"",
"misp:meta-category=\"file\""
],
"x_misp_attributes": [
{
"type": "float",
"object_relation": "entropy",
"value": "2.723403",
"category": "Other",
"uuid": "2a4e7fb4-85c8-4da3-bb1d-be93062d9444"
},
{
"type": "md5",
"object_relation": "md5",
"value": "5e1317af9956be12deebdea49aae14f5",
"category": "Payload delivery",
"to_ids": true,
"uuid": "bf4fd2d9-7ad0-4172-b4fa-12a0be895bc5"
},
{
"type": "size-in-bytes",
"object_relation": "size-in-bytes",
"value": "512",
"category": "Other",
"uuid": "3dc62ee6-e861-4b05-8425-4d79c832f431"
}
],
"x_misp_meta_category": "file",
"x_misp_name": "pe-section"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--affa0461-629a-4426-bb76-4fa931bae09d",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-12-04T11:16:11.000Z",
"modified": "2018-12-04T11:16:11.000Z",
"labels": [
"misp:name=\"pe-section\"",
"misp:meta-category=\"file\""
],
"x_misp_attributes": [
{
"type": "md5",
"object_relation": "md5",
"value": "124120a6b861fdfff756e19a77a53e05",
"category": "Payload delivery",
"to_ids": true,
"uuid": "24b62f15-8d15-46e0-b1b0-92ea7e962a5c"
},
{
"type": "float",
"object_relation": "entropy",
"value": "4.695157",
"category": "Other",
"uuid": "cf77c83f-9f13-47d8-98a9-361b15d1c38f"
},
{
"type": "text",
"object_relation": "name",
"value": ".text",
"category": "Other",
"uuid": "7110ab48-dbd9-474c-a87f-5739d545da02"
},
{
"type": "size-in-bytes",
"object_relation": "size-in-bytes",
"value": "1020928",
"category": "Other",
"uuid": "2775bd54-4637-4b2b-932e-b0573f245d89"
}
],
"x_misp_meta_category": "file",
"x_misp_name": "pe-section"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--a214b755-106e-4570-ac46-183981271166",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-12-04T11:16:12.000Z",
"modified": "2018-12-04T11:16:12.000Z",
"labels": [
"misp:name=\"pe-section\"",
"misp:meta-category=\"file\""
],
"x_misp_attributes": [
{
"type": "md5",
"object_relation": "md5",
"value": "8a2d72fec9d2535440e0f83b59253f2b",
"category": "Payload delivery",
"to_ids": true,
"uuid": "34dd915c-7730-49ad-9623-a70be5b872be"
},
{
"type": "float",
"object_relation": "entropy",
"value": "3.7223",
"category": "Other",
"uuid": "a35e6550-5ef3-4341-85c5-24d80395c9e7"
},
{
"type": "text",
"object_relation": "name",
"value": ".rsrc",
"category": "Other",
"uuid": "5708c09d-9b70-47e4-a405-00e1d08936c2"
},
{
"type": "size-in-bytes",
"object_relation": "size-in-bytes",
"value": "2560",
"category": "Other",
"uuid": "88a73596-5316-4d58-b275-12a8a9874310"
}
],
"x_misp_meta_category": "file",
"x_misp_name": "pe-section"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--32245044-b56d-462f-923f-2aab9aec023a",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-12-04T11:16:13.000Z",
"modified": "2018-12-04T11:16:13.000Z",
"labels": [
"misp:name=\"pe-section\"",
"misp:meta-category=\"file\""
],
"x_misp_attributes": [
{
"type": "md5",
"object_relation": "md5",
"value": "b227291feae10a83e762c2bc9d959a7f",
"category": "Payload delivery",
"to_ids": true,
"uuid": "e4c6abb2-d277-4c70-9a8d-47414a1e985a"
},
{
"type": "float",
"object_relation": "entropy",
"value": "0.10191",
"category": "Other",
"uuid": "06cedfde-5502-45cf-b575-b3cd0f28c0eb"
},
{
"type": "text",
"object_relation": "name",
"value": ".reloc",
"category": "Other",
"uuid": "411ead27-c48b-460c-b9a1-b2226737fff6"
},
{
"type": "size-in-bytes",
"object_relation": "size-in-bytes",
"value": "512",
"category": "Other",
"uuid": "066a0728-c3a0-49b4-8860-e47df4427ddd"
}
],
"x_misp_meta_category": "file",
"x_misp_name": "pe-section"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--b0883323-1009-4304-b5b4-f6a365e3132a",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-12-04T11:16:16.000Z",
"modified": "2018-12-04T11:16:16.000Z",
"labels": [
"misp:name=\"pe-section\"",
"misp:meta-category=\"file\""
],
"x_misp_attributes": [
{
"type": "float",
"object_relation": "entropy",
"value": "2.714618",
"category": "Other",
"uuid": "9a3d2c33-5c76-45ef-b309-dae961c68a32"
},
{
"type": "md5",
"object_relation": "md5",
"value": "397b763d106b2f347c5a563922273551",
"category": "Payload delivery",
"to_ids": true,
"uuid": "7f387429-26ea-40d6-9124-beca9ee4b6f1"
},
{
"type": "size-in-bytes",
"object_relation": "size-in-bytes",
"value": "512",
"category": "Other",
"uuid": "d7709bd9-4aa8-466f-823c-2673253d311b"
}
],
"x_misp_meta_category": "file",
"x_misp_name": "pe-section"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--b7245318-b001-4969-a858-0bd38e20c62c",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-12-04T11:16:16.000Z",
"modified": "2018-12-04T11:16:16.000Z",
"labels": [
"misp:name=\"pe-section\"",
"misp:meta-category=\"file\""
],
"x_misp_attributes": [
{
"type": "md5",
"object_relation": "md5",
"value": "ad25e96cae2016331129ec4643535822",
"category": "Payload delivery",
"to_ids": true,
"uuid": "906b0979-b91f-4433-ba66-7e9b92d2b506"
},
{
"type": "float",
"object_relation": "entropy",
"value": "4.650477",
"category": "Other",
"uuid": "e8bc8828-c00b-44b9-b825-dc15597fbe99"
},
{
"type": "text",
"object_relation": "name",
"value": ".text",
"category": "Other",
"uuid": "72c24a3d-bad4-4886-b1be-8b960c2bd91c"
},
{
"type": "size-in-bytes",
"object_relation": "size-in-bytes",
"value": "406528",
"category": "Other",
"uuid": "d54b329c-62d7-4857-8201-6c1cdf5d80de"
}
],
"x_misp_meta_category": "file",
"x_misp_name": "pe-section"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--9510431d-6748-44fb-be9d-08dfb6db091a",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-12-04T11:16:17.000Z",
"modified": "2018-12-04T11:16:17.000Z",
"labels": [
"misp:name=\"pe-section\"",
"misp:meta-category=\"file\""
],
"x_misp_attributes": [
{
"type": "md5",
"object_relation": "md5",
"value": "01784b876d14b1384491318f8fce07d5",
"category": "Payload delivery",
"to_ids": true,
"uuid": "aaf5c367-0af5-493f-b9b7-d36d0498a30f"
},
{
"type": "float",
"object_relation": "entropy",
"value": "2.987471",
"category": "Other",
"uuid": "4f38040b-ac33-4c44-9e3e-93fe954ea37f"
},
{
"type": "text",
"object_relation": "name",
"value": ".rsrc",
"category": "Other",
"uuid": "5b289d10-b74d-49bb-9b44-ff9ae4ee490d"
},
{
"type": "size-in-bytes",
"object_relation": "size-in-bytes",
"value": "2048",
"category": "Other",
"uuid": "cf253008-502f-4c44-84a8-52abe0239bf9"
}
],
"x_misp_meta_category": "file",
"x_misp_name": "pe-section"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--1dd02ead-249e-41ed-a5c6-dd1ba5848048",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-12-04T11:16:17.000Z",
"modified": "2018-12-04T11:16:17.000Z",
"labels": [
"misp:name=\"pe-section\"",
"misp:meta-category=\"file\""
],
"x_misp_attributes": [
{
"type": "md5",
"object_relation": "md5",
"value": "816849886aa28e56db0cd065fae38897",
"category": "Payload delivery",
"to_ids": true,
"uuid": "76ff1b4c-b0c7-48f4-aa55-395a8787cad5"
},
{
"type": "float",
"object_relation": "entropy",
"value": "0.10191",
"category": "Other",
"uuid": "8c68e2ea-cae1-4a9d-b6eb-84b8d9e7c99b"
},
{
"type": "text",
"object_relation": "name",
"value": ".reloc",
"category": "Other",
"uuid": "807b2427-d842-4e1a-a6bf-f1e895e07ece"
},
{
"type": "size-in-bytes",
"object_relation": "size-in-bytes",
"value": "512",
"category": "Other",
"uuid": "139dd827-4041-4680-b235-669a782ce34b"
}
],
"x_misp_meta_category": "file",
"x_misp_name": "pe-section"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--f2416703-0993-4e28-a956-f0c80bf766d0",
"created": "2018-12-04T11:16:21.000Z",
"modified": "2018-12-04T11:16:21.000Z",
"relationship_type": "related-to",
"source_ref": "observed-data--cf57100b-06e3-462b-baf1-71d4b0096983",
"target_ref": "observed-data--bb019b83-bcaa-4353-bf2e-ea2425d398de"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--7e45859b-6189-4413-bb41-9d2383217c11",
"created": "2018-12-04T11:16:21.000Z",
"modified": "2018-12-04T11:16:21.000Z",
"relationship_type": "created",
"source_ref": "observed-data--cf57100b-06e3-462b-baf1-71d4b0096983",
"target_ref": "observed-data--9c22cd87-034c-4f13-b5b6-0b11ce921c19"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--b26e345e-25e1-4099-9e9c-154695df9026",
"created": "2018-12-04T11:16:21.000Z",
"modified": "2018-12-04T11:16:21.000Z",
"relationship_type": "related-to",
"source_ref": "observed-data--bb019b83-bcaa-4353-bf2e-ea2425d398de",
"target_ref": "observed-data--cf57100b-06e3-462b-baf1-71d4b0096983"
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
]
}
Reference in a new issue Copy permalink