6310 lines
4.9 MiB
JSON
6310 lines
4.9 MiB
JSON
|
{
|
||
|
"type": "bundle",
|
||
|
"id": "bundle--7360197a-48e6-4792-b7c6-5d616d5c79c9",
|
||
|
"objects": [
|
||
|
{
|
||
|
"type": "identity",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-09-29T09:27:24.000Z",
|
||
|
"modified": "2022-09-29T09:27:24.000Z",
|
||
|
"name": "CIRCL",
|
||
|
"identity_class": "organization"
|
||
|
},
|
||
|
{
|
||
|
"type": "report",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "report--7360197a-48e6-4792-b7c6-5d616d5c79c9",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-09-29T09:27:24.000Z",
|
||
|
"modified": "2022-09-29T09:27:24.000Z",
|
||
|
"name": "Hezb cryptomining malware",
|
||
|
"published": "2022-09-29T09:35:39Z",
|
||
|
"object_refs": [
|
||
|
"indicator--6031c6d8-5936-4668-876f-69912ed3fbb4",
|
||
|
"observed-data--df342cf6-a3bf-4a81-9082-a449f3d17edf",
|
||
|
"url--df342cf6-a3bf-4a81-9082-a449f3d17edf",
|
||
|
"observed-data--fc11fba4-bab5-4802-b5c1-6b39fca801dc",
|
||
|
"url--fc11fba4-bab5-4802-b5c1-6b39fca801dc",
|
||
|
"observed-data--6d633617-d0aa-4e49-8eba-eaa325eebdbd",
|
||
|
"url--6d633617-d0aa-4e49-8eba-eaa325eebdbd",
|
||
|
"indicator--fcb7c25d-9b1f-4dff-b901-b4ecf396d1ba",
|
||
|
"indicator--c9a150b3-dba6-43da-b574-30543b8b927e",
|
||
|
"indicator--636aeeac-f1c6-4e60-8e79-412595af53b5",
|
||
|
"observed-data--8690ab87-bbd1-4d0a-8ded-b3486499d594",
|
||
|
"url--8690ab87-bbd1-4d0a-8ded-b3486499d594",
|
||
|
"indicator--cdcb8b5a-c8b6-4b56-95d0-7ca6f9451a0d",
|
||
|
"x-misp-object--f20444c8-e756-44a4-ac79-0799566b1356",
|
||
|
"x-misp-object--839fe75f-0418-49ab-8118-172e81700111",
|
||
|
"x-misp-object--cc93a09e-7ab2-4efc-a538-63a2f9eb8548",
|
||
|
"x-misp-object--c1084d7d-bb02-42df-82ba-a5bb6fc7b6d1",
|
||
|
"x-misp-object--23fb93e2-84c5-45eb-ac44-5ac52e3baa7b",
|
||
|
"x-misp-object--aaa26480-e20b-4467-981f-e70fc613819b",
|
||
|
"x-misp-object--69d75dd5-1b99-43d9-a8d4-d393e30aaa0b",
|
||
|
"x-misp-object--1cf9ac2d-93cb-4e8f-941e-e69e89f8e248",
|
||
|
"x-misp-object--62b00107-a884-40f8-ae40-b61004666ca3",
|
||
|
"x-misp-object--17f77158-0735-4093-8b9c-d738db162699",
|
||
|
"x-misp-object--77716830-69b3-4078-907d-a86ff72eada2",
|
||
|
"x-misp-object--387ad845-011a-4be6-8fe4-869f04b7bd4c",
|
||
|
"x-misp-object--82994316-c33d-4f20-b1cb-43ebcfccfacf",
|
||
|
"x-misp-object--a3fd4ad8-adc2-409c-b333-db24c1d505b2",
|
||
|
"x-misp-object--a20f6096-5314-4218-83a0-38e46724cef6",
|
||
|
"x-misp-object--c2ab6b17-9938-4977-8d55-a2618dadb2e2",
|
||
|
"x-misp-object--5bd40820-14d2-4783-b4f9-cf9fd0483b9b",
|
||
|
"x-misp-object--dd6b54d8-8ec9-42d3-99d4-6db1e3f8e8f7",
|
||
|
"x-misp-object--fea3f084-e86e-47f3-9f7b-a7aba74ccb3b",
|
||
|
"x-misp-object--0a72bfd3-3a03-425c-9da6-e5bf14a73b87",
|
||
|
"x-misp-object--8d56336e-f1af-4d1f-be74-4699c6d39eac",
|
||
|
"x-misp-object--98eaace2-d74a-43cf-a02a-a969867df3c1",
|
||
|
"x-misp-object--08648093-7012-4d42-81d2-0902d0524679",
|
||
|
"x-misp-object--bec89af8-5394-47fa-9672-9d179eaaedc4",
|
||
|
"x-misp-object--e9e76732-f3d5-489e-8bd2-d07d354d049f",
|
||
|
"x-misp-object--9e9dbee4-7953-4545-adf7-0004efc1961d",
|
||
|
"x-misp-object--5cefde66-49fe-405b-b656-de6024c7e6fb",
|
||
|
"x-misp-object--30791caf-9875-4da1-ac7e-f51a97da1ed0",
|
||
|
"x-misp-object--c6546b6f-4721-4c71-9fe1-22353750a63c",
|
||
|
"x-misp-object--6c5b84ab-b2e3-472d-9317-547fb1574f75",
|
||
|
"x-misp-object--ad44aa8d-152c-4d6d-9b30-4328764b620f",
|
||
|
"x-misp-object--182c0855-8a58-47ab-bce0-b3ddfd1ade8c",
|
||
|
"x-misp-object--635ce2ad-e872-4956-8118-0fdb473c8424",
|
||
|
"indicator--aef7ae69-d72e-4380-be6d-e90aab5dbd4c",
|
||
|
"x-misp-object--8847fb72-8125-4aaa-abd0-4166578e03ac",
|
||
|
"x-misp-object--78163fa7-83f0-47b3-a928-07c7c9ba6129",
|
||
|
"x-misp-object--35c65cc6-6518-4cde-a4b6-cec38544378e",
|
||
|
"x-misp-object--31a3875d-3d00-470d-9eab-e935795182ae",
|
||
|
"x-misp-object--00e353d5-9326-4c8d-9a60-5c8238e4aca3",
|
||
|
"x-misp-object--d38ccd29-55c6-4b3b-bd60-2dbab2f8297f",
|
||
|
"x-misp-object--e7545497-50cc-4820-bf57-e33b3801fa54",
|
||
|
"x-misp-object--4895ca7f-421c-4989-a3f9-b5b742ec3d41",
|
||
|
"x-misp-object--ab8360ad-eba5-4e63-9bb4-e3c4a277065b",
|
||
|
"x-misp-object--f3c99379-9e7f-410f-a8bb-2c16f31ca224",
|
||
|
"x-misp-object--4d143e2d-2ae6-4075-929c-55b703a3dc8b",
|
||
|
"x-misp-object--fe14160c-ea48-40c3-863e-1c4642119e30",
|
||
|
"x-misp-object--643684a3-9c11-49b4-b15c-1cd11e5eee7d",
|
||
|
"x-misp-object--8392d8e8-a37f-43d4-a253-1866673d3a98",
|
||
|
"x-misp-object--fc3db4a6-26cd-4f2a-a94b-12c4f3ac31e6",
|
||
|
"x-misp-object--d60e3399-e0df-4a6c-b190-20a8cc37235a",
|
||
|
"x-misp-object--4e17149a-e3e6-4747-999c-d3271f4e9647",
|
||
|
"x-misp-object--77ab2c67-d278-498e-8072-8478dcf8ce7d",
|
||
|
"x-misp-object--4e112835-f8f5-4e54-980d-cea083e23eaf",
|
||
|
"x-misp-object--d0f21b10-3917-464b-b045-608dcd9e5963",
|
||
|
"x-misp-object--7efdfc81-f628-47d5-a390-ec16011fb036",
|
||
|
"x-misp-object--be6c85f9-0493-4474-a28d-0927723fe5b2",
|
||
|
"x-misp-object--85d9e171-534b-4471-b7a8-283384907889",
|
||
|
"x-misp-object--bea8b655-ac97-4fe0-b601-6a935509fd1c",
|
||
|
"x-misp-object--a75fbab5-5c56-4112-8d3d-da255941a91e",
|
||
|
"x-misp-object--30fc9ba1-5c67-4f0e-bc2e-190385bbf94c",
|
||
|
"indicator--c1e8e21e-f823-495d-a919-b3c00d071a7c",
|
||
|
"indicator--c3873df4-3829-492a-8003-e17851563f38",
|
||
|
"indicator--f5169a57-e7c1-45ae-aa1f-e7447ea823c4",
|
||
|
"observed-data--49fdac04-cbb9-4602-b340-4352e70d22c7",
|
||
|
"user-account--49fdac04-cbb9-4602-b340-4352e70d22c7",
|
||
|
"relationship--f7ea468e-015c-4ff8-8401-e65a4dead3bf",
|
||
|
"relationship--2c7ba1e6-6069-483d-ab76-40461b3c9916",
|
||
|
"relationship--331c9e7e-b8a5-4d06-9922-b5429815798d",
|
||
|
"relationship--1472f38a-bba1-4fc3-bf25-27b75152f413",
|
||
|
"relationship--c2ba1f77-63c8-4fa1-b830-de2e9315217b",
|
||
|
"relationship--b986553b-3156-4ed3-948f-387d53844ca4",
|
||
|
"relationship--fce5086c-9459-4c17-a487-ad32b29cc12c",
|
||
|
"relationship--846d732f-9884-4cb2-8ad6-69b2f10df5ab",
|
||
|
"relationship--a4fad920-5888-4e1d-a791-128b26f088fa",
|
||
|
"relationship--865a12f4-5ff7-4b9d-8a46-a607c1301e13",
|
||
|
"relationship--f43793dd-5b3b-40fc-bf5a-f67bddcef1ff",
|
||
|
"relationship--c5fe3207-1686-492d-aa81-c46b7368016b",
|
||
|
"relationship--6db93fe0-c46c-4b87-a04d-6c16f7174f3d",
|
||
|
"relationship--5acf0036-5c14-4030-85ff-cfee660f92ce",
|
||
|
"relationship--c46e9105-47d1-484b-8a66-dd5167c09393",
|
||
|
"relationship--003c1beb-81b4-4488-aa29-bc4af83f9052",
|
||
|
"relationship--cece2afd-7f74-4026-be0b-93369ea1214c",
|
||
|
"relationship--88b6be2a-9f4a-4531-81f1-ff8b9f0d425e",
|
||
|
"relationship--b0937ce3-60b1-4dab-a678-9b4547b7263f",
|
||
|
"relationship--9b6e2610-9fbf-433e-9b29-4086ef2c52f7",
|
||
|
"relationship--b2df9807-3f50-49b4-969e-a91497dac429",
|
||
|
"relationship--818b4ec9-31a5-41f0-a1d3-e3a11c440501",
|
||
|
"relationship--8a4b1d1c-430a-4b78-a7c7-3be178b06216",
|
||
|
"relationship--52f0c31b-c3ef-40ce-b688-1eb74dbb091f",
|
||
|
"relationship--fd93c859-fc74-46b1-ac9d-01b1f0aa6268",
|
||
|
"relationship--f3e742ca-1180-4296-8a43-4558df9ad18d",
|
||
|
"relationship--81764822-5c83-40df-810c-352292c1eb88",
|
||
|
"relationship--86e73391-7a80-4e35-af58-b8f9bb29096a",
|
||
|
"relationship--2d39e483-67fe-4db0-9fc9-f5d0093a1ca1",
|
||
|
"relationship--49762e4c-b130-4f02-93be-7bfd911f2c60",
|
||
|
"relationship--eae31763-5201-4920-8507-6d94302ba310",
|
||
|
"relationship--6fdb913f-bade-47f0-b242-6715ee9bba67",
|
||
|
"relationship--b9986189-e194-4c4a-b1eb-6f082eb8cf1e",
|
||
|
"relationship--2c0dc013-8290-49d8-bb93-2598ad406e8f",
|
||
|
"relationship--a8a7a879-3f56-4744-af7f-b778a9620341",
|
||
|
"relationship--df531ea5-4157-4149-b2dc-a041b9aeb13f",
|
||
|
"relationship--a6ca9575-d1ce-487c-8965-bf24eaf211cf",
|
||
|
"relationship--32860004-42e7-491d-88cb-d1289b29874c",
|
||
|
"relationship--41cc2908-eb6d-4219-b466-96d07ae1c365",
|
||
|
"relationship--d2491d24-3fbb-487c-8876-f8a4af3d7254",
|
||
|
"relationship--1e2602ad-ffcb-4eb1-92e3-0b47ffaf8b67",
|
||
|
"relationship--c875ad86-452b-4f3d-8bf0-d478469a6a8c",
|
||
|
"relationship--bb4775aa-adc5-4453-a793-c1668dce0cc4",
|
||
|
"relationship--272f2785-b789-47a9-904d-47ae06db3981",
|
||
|
"relationship--89b26104-2f12-483d-859f-daa49be49083",
|
||
|
"relationship--7cfd8fd0-6bc5-4b93-a0d2-8a5ed090662a",
|
||
|
"relationship--0fc0b322-561c-4b2f-be07-5a0d699f27c6",
|
||
|
"relationship--c4e086e0-c13d-444b-9953-0b88c35c443f",
|
||
|
"relationship--2169fd85-526d-417e-86be-0face10f065c",
|
||
|
"relationship--a82f5786-784a-4bd1-83ce-b7ad8ed5a3b7",
|
||
|
"relationship--578e0d50-45f7-4889-b86f-d4371055eb52",
|
||
|
"relationship--bf7f1aa5-c634-4cb5-85e0-033260cfc605",
|
||
|
"relationship--eaa442cd-9f70-4cae-b905-6047319801ed",
|
||
|
"relationship--a796c539-259b-4cab-9fa6-6728d35f5701",
|
||
|
"relationship--846ffb48-e2a7-4efa-9ed7-209a67a95db9",
|
||
|
"relationship--23802a33-d8a5-42f8-85cc-8e2d5036917e",
|
||
|
"relationship--e4c71524-099a-4972-806b-a825de3cf03a",
|
||
|
"relationship--392944ca-0234-4604-b53a-aab533332226",
|
||
|
"relationship--dd02263f-4910-4e0d-b95d-85f17daa8a41"
|
||
|
],
|
||
|
"labels": [
|
||
|
"Threat-Report",
|
||
|
"misp:tool=\"MISP-STIX-Converter\"",
|
||
|
"maec-malware-behavior:maec-malware-behavior=\"mine-for-cryptocurrency\"",
|
||
|
"misp-galaxy:mitre-attack-pattern=\"Exploit Public-Facing Application - T1190\"",
|
||
|
"misp-galaxy:mitre-attack-pattern=\"Resource Hijacking - T1496\"",
|
||
|
"misp-galaxy:threat-actor=\"Hezb\"",
|
||
|
"estimative-language:confidence-in-analytic-judgment=\"high\"",
|
||
|
"estimative-language:likelihood-probability=\"almost-certain\"",
|
||
|
"admiralty-scale:information-credibility=\"1\""
|
||
|
],
|
||
|
"object_marking_refs": [
|
||
|
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--6031c6d8-5936-4668-876f-69912ed3fbb4",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-09-12T12:43:58.000Z",
|
||
|
"modified": "2022-09-12T12:43:58.000Z",
|
||
|
"description": "On port 4545",
|
||
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '106.251.252.226' AND network-traffic:dst_port = '4545']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-09-12T12:43:58Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst|port\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--df342cf6-a3bf-4a81-9082-a449f3d17edf",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-09-12T12:45:03.000Z",
|
||
|
"modified": "2022-09-12T12:45:03.000Z",
|
||
|
"first_observed": "2022-09-12T12:45:03Z",
|
||
|
"last_observed": "2022-09-12T12:45:03Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--df342cf6-a3bf-4a81-9082-a449f3d17edf"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--df342cf6-a3bf-4a81-9082-a449f3d17edf",
|
||
|
"value": "https://www.lacework.com/blog/kinsing-dark-iot-botnet-among-threats-targeting-cve-2022-26134/"
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--fc11fba4-bab5-4802-b5c1-6b39fca801dc",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-09-12T12:45:24.000Z",
|
||
|
"modified": "2022-09-12T12:45:24.000Z",
|
||
|
"first_observed": "2022-09-12T12:45:24Z",
|
||
|
"last_observed": "2022-09-12T12:45:24Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--fc11fba4-bab5-4802-b5c1-6b39fca801dc"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--fc11fba4-bab5-4802-b5c1-6b39fca801dc",
|
||
|
"value": "https://www.pwndefend.com/2022/06/04/cve-2022-26134-honeypot-payload-analysis-example/"
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--6d633617-d0aa-4e49-8eba-eaa325eebdbd",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-09-12T12:52:16.000Z",
|
||
|
"modified": "2022-09-12T12:52:16.000Z",
|
||
|
"first_observed": "2022-09-12T12:52:16Z",
|
||
|
"last_observed": "2022-09-12T12:52:16Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--6d633617-d0aa-4e49-8eba-eaa325eebdbd"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--6d633617-d0aa-4e49-8eba-eaa325eebdbd",
|
||
|
"value": "https://twitter.com/uk_daniel_card/status/1533038796144578560"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--fcb7c25d-9b1f-4dff-b901-b4ecf396d1ba",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-09-12T14:15:06.000Z",
|
||
|
"modified": "2022-09-12T14:15:06.000Z",
|
||
|
"description": "On port 82",
|
||
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '205.147.101.170' AND network-traffic:dst_port = '82']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-09-12T14:15:06Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst|port\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--c9a150b3-dba6-43da-b574-30543b8b927e",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-09-12T14:15:06.000Z",
|
||
|
"modified": "2022-09-12T14:15:06.000Z",
|
||
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '202.28.229.174']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-09-12T14:15:06Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--636aeeac-f1c6-4e60-8e79-412595af53b5",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-09-12T14:49:00.000Z",
|
||
|
"modified": "2022-09-12T14:49:00.000Z",
|
||
|
"pattern": "[url:value = 'http://205.147.101.170:82/kthmimu.txt']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-09-12T14:49:00Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--8690ab87-bbd1-4d0a-8ded-b3486499d594",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-09-12T14:53:18.000Z",
|
||
|
"modified": "2022-09-12T14:53:18.000Z",
|
||
|
"first_observed": "2022-09-12T14:53:18Z",
|
||
|
"last_observed": "2022-09-12T14:53:18Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--8690ab87-bbd1-4d0a-8ded-b3486499d594"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--8690ab87-bbd1-4d0a-8ded-b3486499d594",
|
||
|
"value": "https://www.virustotal.com/gui/file/aaa4aaa14e351350fccbda72d442995a65bd1bb8281d97d1153401e31365a3e9/community"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--cdcb8b5a-c8b6-4b56-95d0-7ca6f9451a0d",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-09-12T14:28:23.000Z",
|
||
|
"modified": "2022-09-12T14:28:23.000Z",
|
||
|
"pattern": "[file:hashes.MD5 = '471b3640b5cb688e662813b5a837f754' AND file:hashes.SHA1 = '88ea5111e5c4e79bd4831c6f25f0efe789f24763' AND file:hashes.SHA256 = '18e40563564aa496178c91ed5c0e073e412f4134000cbf3cfe438b1388babac7' AND file:name = 'ldr.sh' AND file:size = '7197' AND (file:content_ref.payload_bin = 'UEsDBBQACQAIAIxzLFXP+ifdvQoAAB0cAAAgABwANDcxYjM2NDBiNWNiNjg4ZTY2MjgxM2I1YTgzN2Y3NTRVVAkAAwdCH2MHQh9jdXgLAAEEIQAAAAQhAAAAj03EfH0yfiODctSlSFv0FJzouoFptMVdgI9xq04uzSIv3GFaqGGFVzBHoHVXW4Z/v67bPj9taRFEtgkg+LbA0QnCuh3keGdWrZ0eKLWxzKm9To/X78wCSefYMrvGjYgWAofUvg168y4p6BsApgN61qgG5KqAQJSR+gwQzy/WblUToxUmHLup6yA+YBfXk1dTgu0zSWbY0IJU6pNPVZBbaYyb908M0A3qrGvykTdFD6bA0+XpFuj+T7T4Om9fZ1bIqMKP6fht13kJfoKTjLLG/A8C3YhbMRTqO8rtzf7IinG+nAyHt+M1eOmR3dvP4ktmbAoWITZZbAQdeAGEQU6Di49EYEztFvZluYA2igmVm9sS1bIGGXyKLO3XYqe9/rDcVIFq2tPx5gp4uWD5wIQ+P/0ctmLKlDuqio28qYBM94y6R63CeGXhJjyL34KCLduvNHPFBsdrHphxzBctSTjM2v1c566p9JOf/VqNE2/INp2RUcow3Yk+9Mny8wruMBCf9AMQ6UvOav4sYJyy2AIBFvyIHsQA0z12tZQUSFMAKrjsQzlLPlG9Cg8oMRTu7zU+w97qfRgDya1jtx+qOdqEm2US0A6DUCz0i8zh5qREbSdBtdw8H2EHI+jLZ2Dn65VA7VbKIVu3KkdkXnp0MT4D9fOQwNkjo46SHEhRndqTgVj8FWCzHoeeggsCCH7VO7ww4w3EELuHY4Y1q10SQjQ+2eFeXOcOzgH4zQtufFfIJk7p2Cb5B8kilAIlafc8k2HRZ5AVspKPOADrB528V1cMOzw2UnJpY0gSiP4K6fGSZ//qXGeLQNKUhwvjUhJbWFXeL+7tDcNBlOJqtH6JU8D6StPnpLmpW5RnC4mEa0Nc4IUdqej21jZ9zQ8sUB9OWBH58VvFmwnr19W0X9vbPiWpmnvVN3dL4d3xZ0cV9Amv/1NWMqzJb1leIQV6bu3VnF4ma3JZiqYz1TPhdUnL32Iogh9WTzzc8YspMA9uwfKs2uP6nZ+h39DpUC5moTXUzQPCKVp2DrGWUbdV6qMouPqZ4CZHoPCKej9xZNFsr1dTpu4W34SRnh/qANWK8Ailcw7hHgGRgV12QkXQyzt9rCCzidmVox6AAuiw2CfKfxudNLDvCHHqjR6PKFJRgKutcwzL9kneAJixQc0tDZpOdnKsCb9CdZy/WkYdpooNZG7fRZCgFqF/5tKjzIucw8hJ9NJQBGRFbyZQZQ+M7e8ISYcl7WVDZto4TBELZ3ANVdowwyzdM3a0Q6YMS3RqOC+cKf6Es2h/HmvgPHp0xQ7WJy8gK4jb8sewoLuRDdyvXDS0fIoIShHkyYus6F2aUW7aJ5w7vruJH8pANO4E8jGg6Mt+Xmg0rVyhJgk7tI02gK/qekJEhY3YWgNYAxdtzaeufdUx6UUP1qBYK+On1R8cj6otCOxD0lQLo7X/aeEUDtW9TUNmk53yDZuyRWGu4+VV+h5AqYfoCA1UqgzM0OzNfAu6TJhd6Wb0AiT+j68fPub1siexDK5gas2SAUpXLOOtDy6kd17fklmrSPBbSNqnxtPE2AeUBfAoFA/Qy2qJus7BhWrOR6MHXvKY3eak7ORVZ6JDz0b8z8QbgQuMP3eTElLD2Fm0zyA0rTV35a1iBOm7Nervo5Im6kYY9uLm/j3zLeZq4SvSCwraGzSpybntLBqWDln3xMPuI2l+ck9OWt7bJuZJ7HhlDLug30WjuXncf4+k6pAiAugvNjItuuqfMoH/B2XvWSYiZEZfK8Zf1JvXk8YsqO32WxhGyG0Hogcvea42OoADI4QfF5a+PhqZdMgWMH0maeYMr5H8H148cpt9Esxmdxx7vkciQb0RvpsKcsdujSS76GnjbKUSk5Dmz8RE+AM0AiLW4/z7ReLYMwIDW0QdR+fmOujN3JRqx1EKr3hoTDMzEECLqoPOzSJ5CcZLDF3yKNaORRS4inR+mXtEuimjgRHIwh84MBkBgvIHic+aa8hAmtZ9xOTOr5L+R2tuYmJQeMUWwE+bADz/7RxRs2IHkpuH7irIL7iiLOyBNjElmIVlP7T/y/f6QW+LrhsbsIXIIa3Kg66CaxnbZC3QnHPk0fyDNFhToBx8t/uDA2isUhW8qJPPCRDzL9PrwZ/PHyjQO8Wz4BUix2SRIE7dKHEFXAqOlNxcD0TEtOa8lwVgKpZHGbMr6hu7wpjwT+UQn4DJPFmmAtNOfZb1kD7DtwbFFPBIrUW8Ns1jwdzL/dUcWHreKBa8aR6lv3mOgIrqgAwrzrzvBGK9LwcVsQ3nYjeW1w+OEwPggsEiC3MVehBnQ4abUm40l3Qnq1C6MFi+GCzHyy4PFqYhlh7GDi62UeOXCmyZ4gf+3+YoyWLQHCXD/Hf7TZnsi24Q4UK8Dl10+WiUjnszwioZ0UGkowz/l1rKrlRtx502g4FMqhgxfHwPXXtFW1w1lN8RxkbgJBWRK+LfXUNiQsmHfccucM6daZ4s7GAtSrX5AhcXR4JhKuntlK3APUFrqcfDwBRRNk89Tc2rwT/4ildAx2AOSi6D2xX0hXktEgowpeMovjy/YQfMKuDufICHMRprYo3x0gRCfrT6WUulCb43Ir4+tPVnWfd+0EDb8SEetiuRysvdrvYOIj2rDxwml+PH2fVCJGhUx19YLmlviJoUj8mMfW5NhPVicLLLcWMgvUo/k/sjQneW/QNuiTV6IcFGFipl4ChqXkZcSOP8wddfrUx1EGfPQ0BNLAH/yX1/c0UK0PAPbpObWLFxcZmxNYkS2u9OQcXlkrO54pB7Tsh9ShNbHIIb27R9SEx7303jUNS8WrXt7BnxxhmiVnOWjXqCHzf9NmxFz6V+Sklgzgn6XKEbr3awk4mWAFFEg5HrlReirAUPBNC05UIhxwlUAfK7NfLFdkI1xiHH6GQPk9VOMNpNjcOFWUkCdJA1m6ui+bFYXq6jkemof63W/ZoQvvtkpPvc1Wfw8BO+8d/pwMN3OqMgHQhV3djPSfzsn8h+l9k8J+UCeomhRzwN+R6+THStFEAhHU/QlqpL0wtL3gtJ1k3U7qeBylTR2Rh5siNRaQTzumLS4W79zrthb5Vg1ALLxzq9oBtQtin4Pu9e1l4Acjkjd4W+mOdzCPPVRTUGPiRP6m6bjR0kU+YnlFQCVlpBx+WlLgAKV/I+d83SERpWe92IDAjsWkYbdntBP1vyft8ge0K5dDPj2yB1siN0bmTRvkf91v0AhL19hLEZ9WrJqgTiAU61/DmXE5pH+R3rpPOKz4YVk36ptd84b7osZOekPV2y4hqLFfy1YKOnKCDuv3NPW/EQH77RUiV3dDe/ZPR2HSIIGnJJDc/72esSLHIr5IN0QuAeZeIq0KCSAzzg2SXV5YwHfGg2S+NCtOvqiNK3o9W6TvTtFkCSyIM+0lPGuNYu3pP0kfxlfY3llaUE71R4T0k+3y0xOumJgaj0T3uEXCoubbfLkmiSl9OQO/t9tobLr5AndeB39X9G+/3iN5QtkxPxKAcQ1lxBMXWo+jigJOlgjiVvXjcvy32Viw+Qcgi7XZ0iWjdEF+OQIEzzZzuUtApwMdZPB/7kONCGvp5AchSxmCOkAiqOUnVaJ63PIcgP4aplidl5Obszx/TreZV9Ps1YYbKEUPSnE723gfQBhjnB8vBJIpGtkj
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-09-12T14:28:23Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "file"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:name=\"file\"",
|
||
|
"misp:meta-category=\"file\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-object",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-object--f20444c8-e756-44a4-ac79-0799566b1356",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-09-12T14:41:50.000Z",
|
||
|
"modified": "2022-09-12T14:41:50.000Z",
|
||
|
"labels": [
|
||
|
"misp:name=\"elf-section\"",
|
||
|
"misp:meta-category=\"file\""
|
||
|
],
|
||
|
"x_misp_attributes": [
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "type",
|
||
|
"value": "NULL",
|
||
|
"category": "Other",
|
||
|
"uuid": "d55a0b83-99f5-44ec-9213-0fcb73ba4cf2"
|
||
|
},
|
||
|
{
|
||
|
"type": "size-in-bytes",
|
||
|
"object_relation": "size-in-bytes",
|
||
|
"value": "0",
|
||
|
"category": "Other",
|
||
|
"uuid": "fc909292-3d90-492e-9df8-8ba31505e25a"
|
||
|
}
|
||
|
],
|
||
|
"x_misp_meta_category": "file",
|
||
|
"x_misp_name": "elf-section"
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-object",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-object--839fe75f-0418-49ab-8118-172e81700111",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-09-12T14:41:50.000Z",
|
||
|
"modified": "2022-09-12T14:41:50.000Z",
|
||
|
"labels": [
|
||
|
"misp:name=\"elf-section\"",
|
||
|
"misp:meta-category=\"file\""
|
||
|
],
|
||
|
"x_misp_attributes": [
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "name",
|
||
|
"value": ".note.ABI-tag",
|
||
|
"category": "Other",
|
||
|
"uuid": "5429ab8b-6be3-4953-ac37-cbd3ef1ad7be"
|
||
|
},
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "type",
|
||
|
"value": "NOTE",
|
||
|
"category": "Other",
|
||
|
"uuid": "f6d4a956-8e3e-4816-8ed8-94f55542a638"
|
||
|
},
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "flag",
|
||
|
"value": "ALLOC",
|
||
|
"category": "Other",
|
||
|
"uuid": "a166379d-470c-409e-b9dc-8ef42782df24"
|
||
|
},
|
||
|
{
|
||
|
"type": "size-in-bytes",
|
||
|
"object_relation": "size-in-bytes",
|
||
|
"value": "32",
|
||
|
"category": "Other",
|
||
|
"uuid": "5afbcae9-9889-4014-925c-f0d656cc4bfc"
|
||
|
},
|
||
|
{
|
||
|
"type": "float",
|
||
|
"object_relation": "entropy",
|
||
|
"value": "1.748689844084",
|
||
|
"category": "Other",
|
||
|
"uuid": "6ded0d64-72c5-4ef8-b808-cc8d9d155162"
|
||
|
},
|
||
|
{
|
||
|
"type": "md5",
|
||
|
"object_relation": "md5",
|
||
|
"value": "9a61e47e6c90a03fdb2c981b2315d002",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "a88abd41-ee91-4ab2-ae57-bbf5107a7caf"
|
||
|
},
|
||
|
{
|
||
|
"type": "sha1",
|
||
|
"object_relation": "sha1",
|
||
|
"value": "447eeb9da047efc5f7eb3192776c9ea489e36e07",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "a36c18da-cc27-4938-a614-ffba1e5289b1"
|
||
|
},
|
||
|
{
|
||
|
"type": "sha256",
|
||
|
"object_relation": "sha256",
|
||
|
"value": "c70fbcfeb5350db4d207149d87960e2f23fb322c20552a9cac4eb6b3e95e5e73",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "b97d2cff-640f-4f56-8263-301bce2747fe"
|
||
|
},
|
||
|
{
|
||
|
"type": "sha512",
|
||
|
"object_relation": "sha512",
|
||
|
"value": "04af1d0b1e4eeb2f637aa9680804c596f2a1b841bdf21acbb4a6723e9ad73b74d9b18897bb993a973e83e8ee98d3d5e0899c6d50c406f9028104b3fec95754f7",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "5aa7633f-3f62-4bf9-9cff-00af8e78d7f0"
|
||
|
},
|
||
|
{
|
||
|
"type": "ssdeep",
|
||
|
"object_relation": "ssdeep",
|
||
|
"value": "3:hlslqklllHlxn:wlqk5",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "27c27e9c-990d-46ef-b325-6a37a49deba0"
|
||
|
}
|
||
|
],
|
||
|
"x_misp_meta_category": "file",
|
||
|
"x_misp_name": "elf-section"
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-object",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-object--cc93a09e-7ab2-4efc-a538-63a2f9eb8548",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-09-12T14:41:50.000Z",
|
||
|
"modified": "2022-09-12T14:41:50.000Z",
|
||
|
"labels": [
|
||
|
"misp:name=\"elf-section\"",
|
||
|
"misp:meta-category=\"file\""
|
||
|
],
|
||
|
"x_misp_attributes": [
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "name",
|
||
|
"value": ".note.gnu.build-id",
|
||
|
"category": "Other",
|
||
|
"uuid": "0f4053ce-1159-44a6-9e69-32a1374292f7"
|
||
|
},
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "type",
|
||
|
"value": "NOTE",
|
||
|
"category": "Other",
|
||
|
"uuid": "0f1279f3-1d17-428b-915d-2e1600ac6b0c"
|
||
|
},
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "flag",
|
||
|
"value": "ALLOC",
|
||
|
"category": "Other",
|
||
|
"uuid": "0ac9e834-e67e-49c2-8514-004edd7ed465"
|
||
|
},
|
||
|
{
|
||
|
"type": "size-in-bytes",
|
||
|
"object_relation": "size-in-bytes",
|
||
|
"value": "36",
|
||
|
"category": "Other",
|
||
|
"uuid": "85f1991a-605c-4e93-a380-14f8b98b3763"
|
||
|
},
|
||
|
{
|
||
|
"type": "float",
|
||
|
"object_relation": "entropy",
|
||
|
"value": "4.0805005306403",
|
||
|
"category": "Other",
|
||
|
"uuid": "36b92ee9-3f57-4d56-b226-00856fc51310"
|
||
|
},
|
||
|
{
|
||
|
"type": "md5",
|
||
|
"object_relation": "md5",
|
||
|
"value": "7cbbb459a2d21e2b1ef8b13e481a7a9b",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "b3ac4842-f595-4c53-96a8-6ab4ab69734d"
|
||
|
},
|
||
|
{
|
||
|
"type": "sha1",
|
||
|
"object_relation": "sha1",
|
||
|
"value": "d9b9184a9a0134488d53de4e53f75760518ab4cc",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "aa264ee6-6136-4860-b25a-2c46809daf50"
|
||
|
},
|
||
|
{
|
||
|
"type": "sha256",
|
||
|
"object_relation": "sha256",
|
||
|
"value": "7d80a99828d123d42f7d0735d05a670d449293ecaced2aead2507c1c7e0dd001",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "805b9ff8-bfe2-4756-a2a8-b0a7b8023582"
|
||
|
},
|
||
|
{
|
||
|
"type": "sha512",
|
||
|
"object_relation": "sha512",
|
||
|
"value": "8870d4dc577c1bfdaf94338c85b02b667bad7d2deface20777024274efec5b9d3e31bf5ff2bb8a2e9004780971dc475c5a75babe8e86496492969f5774f7300c",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "1f47d649-1665-4093-abfc-66aacaae04cc"
|
||
|
},
|
||
|
{
|
||
|
"type": "ssdeep",
|
||
|
"object_relation": "ssdeep",
|
||
|
"value": "3:ll/ylIeukhK:iSeH8",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "89e5ad54-cfc4-484a-9c36-4693712b825f"
|
||
|
}
|
||
|
],
|
||
|
"x_misp_meta_category": "file",
|
||
|
"x_misp_name": "elf-section"
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-object",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-object--c1084d7d-bb02-42df-82ba-a5bb6fc7b6d1",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-09-12T14:41:50.000Z",
|
||
|
"modified": "2022-09-12T14:41:50.000Z",
|
||
|
"labels": [
|
||
|
"misp:name=\"elf-section\"",
|
||
|
"misp:meta-category=\"file\""
|
||
|
],
|
||
|
"x_misp_attributes": [
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "name",
|
||
|
"value": ".rela.plt",
|
||
|
"category": "Other",
|
||
|
"uuid": "6fa28726-a84a-4b77-bf25-9a38ef146235"
|
||
|
},
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "type",
|
||
|
"value": "RELA",
|
||
|
"category": "Other",
|
||
|
"uuid": "659b0640-eb7c-4384-b991-861d3017ccee"
|
||
|
},
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "flag",
|
||
|
"value": "INFO_LINK",
|
||
|
"category": "Other",
|
||
|
"uuid": "afa9a058-bb98-416c-957d-f9d1d7ae334f"
|
||
|
},
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "flag",
|
||
|
"value": "ALLOC",
|
||
|
"category": "Other",
|
||
|
"uuid": "a8f75dbe-7e99-4943-824d-fb53be70dfb7"
|
||
|
},
|
||
|
{
|
||
|
"type": "size-in-bytes",
|
||
|
"object_relation": "size-in-bytes",
|
||
|
"value": "504",
|
||
|
"category": "Other",
|
||
|
"uuid": "85c308d1-2c17-4668-ae12-fa5fc6855e3b"
|
||
|
},
|
||
|
{
|
||
|
"type": "float",
|
||
|
"object_relation": "entropy",
|
||
|
"value": "2.1358676285528",
|
||
|
"category": "Other",
|
||
|
"uuid": "80760c77-5d54-4e95-bbb8-a8df6f6b5408"
|
||
|
},
|
||
|
{
|
||
|
"type": "md5",
|
||
|
"object_relation": "md5",
|
||
|
"value": "c7c3b06b20d25bade8a5e93d7b7d1068",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "189f1b71-be46-4a06-bde8-e6c308a48b96"
|
||
|
},
|
||
|
{
|
||
|
"type": "sha1",
|
||
|
"object_relation": "sha1",
|
||
|
"value": "6c7403435b331ce767fc2499a9c2ec9b997dc37b",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "a2c2d1a3-4016-4b48-86c0-65117dcd4109"
|
||
|
},
|
||
|
{
|
||
|
"type": "sha256",
|
||
|
"object_relation": "sha256",
|
||
|
"value": "85bee9ba4ddbfd26fda8da0f8912eae916e61370341a2705e8728bdeca680b21",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "01950e46-9d47-461d-b2bc-40fe62ab4498"
|
||
|
},
|
||
|
{
|
||
|
"type": "sha512",
|
||
|
"object_relation": "sha512",
|
||
|
"value": "911d38e0582c3cd20ae2572d7d387844fd6fedb14e34c96e35a0de50d1648192076fd0998d1afb56b5067335c9a3e1bcbc6fdcf91aec0272f2850a3ca46ba32c",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "063abd07-2970-4616-8b68-8db9c93cfa43"
|
||
|
},
|
||
|
{
|
||
|
"type": "ssdeep",
|
||
|
"object_relation": "ssdeep",
|
||
|
"value": "12:Ajv/eS3Ov/WK6PWx2lA2olEQmPwgQVZ3n:AjHeS3OHWK6ux2lAtlEQmPwgQVZ3",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "93e3a2a5-cdef-4475-90f0-2b6c6c8ec99b"
|
||
|
}
|
||
|
],
|
||
|
"x_misp_meta_category": "file",
|
||
|
"x_misp_name": "elf-section"
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-object",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-object--23fb93e2-84c5-45eb-ac44-5ac52e3baa7b",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-09-12T14:41:51.000Z",
|
||
|
"modified": "2022-09-12T14:41:51.000Z",
|
||
|
"labels": [
|
||
|
"misp:name=\"elf-section\"",
|
||
|
"misp:meta-category=\"file\""
|
||
|
],
|
||
|
"x_misp_attributes": [
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "name",
|
||
|
"value": ".init",
|
||
|
"category": "Other",
|
||
|
"uuid": "9706ed41-ef25-4c9a-a9c2-7ee11670f7d6"
|
||
|
},
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "type",
|
||
|
"value": "PROGBITS",
|
||
|
"category": "Other",
|
||
|
"uuid": "19158370-cde9-4c89-b52b-71835adddbc8"
|
||
|
},
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "flag",
|
||
|
"value": "ALLOC",
|
||
|
"category": "Other",
|
||
|
"uuid": "5f5d3db7-6cc1-4c30-b73b-1e61069352f9"
|
||
|
},
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "flag",
|
||
|
"value": "EXECINSTR",
|
||
|
"category": "Other",
|
||
|
"uuid": "9166cf2c-72ec-4f1e-9ed0-0c3dcb7309f7"
|
||
|
},
|
||
|
{
|
||
|
"type": "size-in-bytes",
|
||
|
"object_relation": "size-in-bytes",
|
||
|
"value": "26",
|
||
|
"category": "Other",
|
||
|
"uuid": "daf8dc7b-c7b4-427a-9ce3-f96c2af7bd3d"
|
||
|
},
|
||
|
{
|
||
|
"type": "float",
|
||
|
"object_relation": "entropy",
|
||
|
"value": "4.1619781796796",
|
||
|
"category": "Other",
|
||
|
"uuid": "7e5d8aff-ef82-452c-a276-2db76b79f35c"
|
||
|
},
|
||
|
{
|
||
|
"type": "md5",
|
||
|
"object_relation": "md5",
|
||
|
"value": "ea1769ae7fd708ae2012b3e995d20220",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "d05e3efa-bd39-418b-81d4-3c7fc20d3532"
|
||
|
},
|
||
|
{
|
||
|
"type": "sha1",
|
||
|
"object_relation": "sha1",
|
||
|
"value": "e4ee398ed59ab42b03b1d93fe8775d39673ef701",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "f8729c13-f4ae-4a14-947f-e55f954cdfd1"
|
||
|
},
|
||
|
{
|
||
|
"type": "sha256",
|
||
|
"object_relation": "sha256",
|
||
|
"value": "c8a191208bf27808387195aff6ab1157f693be24ed488497872ceb497efcb34a",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "478f441d-2278-4d01-80a3-685bf6ead6f8"
|
||
|
},
|
||
|
{
|
||
|
"type": "sha512",
|
||
|
"object_relation": "sha512",
|
||
|
"value": "1242760746f839282f45af454c41a4d9c061c249a72d405e4a04efec372425a7dfe31b6bf58589a3ffa4456ce246a16b7704b46ab581802146bc2b371a343830",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "c0e927d3-7b75-441a-a573-754300dd3815"
|
||
|
},
|
||
|
{
|
||
|
"type": "ssdeep",
|
||
|
"object_relation": "ssdeep",
|
||
|
"value": "3:4c2ld4tmn:rCymn",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "c475d911-6b80-4008-a2ad-5bf51feda32a"
|
||
|
}
|
||
|
],
|
||
|
"x_misp_meta_category": "file",
|
||
|
"x_misp_name": "elf-section"
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-object",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-object--aaa26480-e20b-4467-981f-e70fc613819b",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-09-12T14:41:51.000Z",
|
||
|
"modified": "2022-09-12T14:41:51.000Z",
|
||
|
"labels": [
|
||
|
"misp:name=\"elf-section\"",
|
||
|
"misp:meta-category=\"file\""
|
||
|
],
|
||
|
"x_misp_attributes": [
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "name",
|
||
|
"value": ".plt",
|
||
|
"category": "Other",
|
||
|
"uuid": "a86eccee-6543-44b9-9ab8-aee390d1b75e"
|
||
|
},
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "type",
|
||
|
"value": "PROGBITS",
|
||
|
"category": "Other",
|
||
|
"uuid": "c366bb7e-c71f-46cf-b8db-bdfa340844a9"
|
||
|
},
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "flag",
|
||
|
"value": "ALLOC",
|
||
|
"category": "Other",
|
||
|
"uuid": "4a965433-d2cf-47c8-bb8f-79b1e4f6146c"
|
||
|
},
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "flag",
|
||
|
"value": "EXECINSTR",
|
||
|
"category": "Other",
|
||
|
"uuid": "a2ebb4de-1fa4-4670-a818-d2af5a895415"
|
||
|
},
|
||
|
{
|
||
|
"type": "size-in-bytes",
|
||
|
"object_relation": "size-in-bytes",
|
||
|
"value": "336",
|
||
|
"category": "Other",
|
||
|
"uuid": "807f2070-bfe3-4176-b57b-1c0c309b3d4b"
|
||
|
},
|
||
|
{
|
||
|
"type": "float",
|
||
|
"object_relation": "entropy",
|
||
|
"value": "2.5409281726478",
|
||
|
"category": "Other",
|
||
|
"uuid": "b0f91a81-2e94-4cb5-9940-125c2a5571ea"
|
||
|
},
|
||
|
{
|
||
|
"type": "md5",
|
||
|
"object_relation": "md5",
|
||
|
"value": "609697fd60162ca8c09868f2c630a908",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "d9a668f0-1bb0-4b26-ad18-1ce566c18a9b"
|
||
|
},
|
||
|
{
|
||
|
"type": "sha1",
|
||
|
"object_relation": "sha1",
|
||
|
"value": "4c263d9cc7c0135994274c2f6d1f017dad46a8db",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "f232786d-f878-4b3e-b4ad-a43da73c5c12"
|
||
|
},
|
||
|
{
|
||
|
"type": "sha256",
|
||
|
"object_relation": "sha256",
|
||
|
"value": "3dc709e7bffdcf9fc0c94f6c8672a1b2f33cb6c707d77c0c4f60aa255e3a704a",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "71272384-4d1e-45ab-b70c-891307571963"
|
||
|
},
|
||
|
{
|
||
|
"type": "sha512",
|
||
|
"object_relation": "sha512",
|
||
|
"value": "ae2107c196f360d127d3ad3e6ab7eca7cb97c64ab093029a09e3408b01fe9f8dcdedc2f89aa8d3f876f1b389e695a5d4cb55eb0322ffaa5d1367f2187459aba2",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "aafc9066-3b88-4946-9a40-aa5196d9a53f"
|
||
|
},
|
||
|
{
|
||
|
"type": "ssdeep",
|
||
|
"object_relation": "ssdeep",
|
||
|
"value": "6:HX0R0ZkTaZ0F6sN9V2ad6sPXcVsHF2aN6sV9d2aMVsX/0Vsl:W5DbTrDbTn",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "f83c68f1-9001-478b-9bb3-6a0449dd4e07"
|
||
|
}
|
||
|
],
|
||
|
"x_misp_meta_category": "file",
|
||
|
"x_misp_name": "elf-section"
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-object",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-object--69d75dd5-1b99-43d9-a8d4-d393e30aaa0b",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-09-12T14:41:51.000Z",
|
||
|
"modified": "2022-09-12T14:41:51.000Z",
|
||
|
"labels": [
|
||
|
"misp:name=\"elf-section\"",
|
||
|
"misp:meta-category=\"file\""
|
||
|
],
|
||
|
"x_misp_attributes": [
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "name",
|
||
|
"value": ".text",
|
||
|
"category": "Other",
|
||
|
"uuid": "15624b01-70dc-4786-b653-54de8a12da15"
|
||
|
},
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "type",
|
||
|
"value": "PROGBITS",
|
||
|
"category": "Other",
|
||
|
"uuid": "b4f8a074-631c-42fb-84d1-141322b5d610"
|
||
|
},
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "flag",
|
||
|
"value": "ALLOC",
|
||
|
"category": "Other",
|
||
|
"uuid": "c83638b8-27b0-4616-a9a6-10ff3014782d"
|
||
|
},
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "flag",
|
||
|
"value": "EXECINSTR",
|
||
|
"category": "Other",
|
||
|
"uuid": "c91a4352-d690-407a-a6c0-91b9e35f4e47"
|
||
|
},
|
||
|
{
|
||
|
"type": "size-in-bytes",
|
||
|
"object_relation": "size-in-bytes",
|
||
|
"value": "4626660",
|
||
|
"category": "Other",
|
||
|
"uuid": "af79d5ae-73dd-4f89-a1e7-87822dcfbecf"
|
||
|
},
|
||
|
{
|
||
|
"type": "float",
|
||
|
"object_relation": "entropy",
|
||
|
"value": "6.413984465203",
|
||
|
"category": "Other",
|
||
|
"uuid": "eb311951-6b98-4b4d-80db-e5667f746997"
|
||
|
},
|
||
|
{
|
||
|
"type": "md5",
|
||
|
"object_relation": "md5",
|
||
|
"value": "369d8ed728fdbfe01c9a20a2db082dd1",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "730bb609-9666-40ac-965c-b177f27ab7ad"
|
||
|
},
|
||
|
{
|
||
|
"type": "sha1",
|
||
|
"object_relation": "sha1",
|
||
|
"value": "9a47c42f30fd1a164be94b84b3b4bf17e3892710",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "61f42b35-983c-4574-ae58-a4d57c75450a"
|
||
|
},
|
||
|
{
|
||
|
"type": "sha256",
|
||
|
"object_relation": "sha256",
|
||
|
"value": "226376abcc5825ea14b2fab853f2ec293aad18fbc665b1a2446665fd9b621163",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "954dd93a-7a73-485f-a12a-4eb6c1164727"
|
||
|
},
|
||
|
{
|
||
|
"type": "sha512",
|
||
|
"object_relation": "sha512",
|
||
|
"value": "16e5294be805d280b218bbff6dcefe6ff244671d03fd9263017d20305cd88e78789eedd800b966803c6e2d548502f4e233fa3391a7248221ef02c3295bddd6c7",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "231b92d1-01b3-4b50-86c6-bc9a7076ddc7"
|
||
|
},
|
||
|
{
|
||
|
"type": "ssdeep",
|
||
|
"object_relation": "ssdeep",
|
||
|
"value": "98304:lMqzx/c2OP+7c2kgfGWmWngXg6ut3t3t+6Xn6Xn6XUgXpMSM3MqgXZgX4/45Sanj:lNco7cW/VyIBhT3ZMh",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "13cf128d-18f5-4d8e-b1c3-3b3dea2cfb80"
|
||
|
}
|
||
|
],
|
||
|
"x_misp_meta_category": "file",
|
||
|
"x_misp_name": "elf-section"
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-object",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-object--1cf9ac2d-93cb-4e8f-941e-e69e89f8e248",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-09-12T14:41:51.000Z",
|
||
|
"modified": "2022-09-12T14:41:51.000Z",
|
||
|
"labels": [
|
||
|
"misp:name=\"elf-section\"",
|
||
|
"misp:meta-category=\"file\""
|
||
|
],
|
||
|
"x_misp_attributes": [
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "name",
|
||
|
"value": "__libc_freeres_fn",
|
||
|
"category": "Other",
|
||
|
"uuid": "62ee7da0-273e-4bf3-ae5a-4838695343d8"
|
||
|
},
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "type",
|
||
|
"value": "PROGBITS",
|
||
|
"category": "Other",
|
||
|
"uuid": "50cffdbc-e23e-4f21-b92d-5405674347a8"
|
||
|
},
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "flag",
|
||
|
"value": "ALLOC",
|
||
|
"category": "Other",
|
||
|
"uuid": "41f2ff5e-5063-412c-8cbc-6f1d6c412c30"
|
||
|
},
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "flag",
|
||
|
"value": "EXECINSTR",
|
||
|
"category": "Other",
|
||
|
"uuid": "fab5619d-1424-43cf-af2f-9883ac2b033a"
|
||
|
},
|
||
|
{
|
||
|
"type": "size-in-bytes",
|
||
|
"object_relation": "size-in-bytes",
|
||
|
"value": "10572",
|
||
|
"category": "Other",
|
||
|
"uuid": "9294992c-37a7-4906-8077-ac42b7f08f35"
|
||
|
},
|
||
|
{
|
||
|
"type": "float",
|
||
|
"object_relation": "entropy",
|
||
|
"value": "6.1170663590378",
|
||
|
"category": "Other",
|
||
|
"uuid": "63d15489-b1ef-4f0f-a637-24afe5eb51bd"
|
||
|
},
|
||
|
{
|
||
|
"type": "md5",
|
||
|
"object_relation": "md5",
|
||
|
"value": "19624d21557c0236fbdc6ad14bdc014e",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "6a8793ee-2974-40d3-8eec-79fd4ceccbc2"
|
||
|
},
|
||
|
{
|
||
|
"type": "sha1",
|
||
|
"object_relation": "sha1",
|
||
|
"value": "2150e7cae7268b7dc72e9c1640df779f21016dbd",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "bfc123d9-aba9-466e-aa23-3fadcc3d5255"
|
||
|
},
|
||
|
{
|
||
|
"type": "sha256",
|
||
|
"object_relation": "sha256",
|
||
|
"value": "91a729ee112e98c3331710d6b908f3ea410e42a3042fe1514d5407a26b362278",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "59c3e83c-220f-4699-8ddc-4f4d20314dde"
|
||
|
},
|
||
|
{
|
||
|
"type": "sha512",
|
||
|
"object_relation": "sha512",
|
||
|
"value": "0c7f0252f23b18d66bdf5edc28914ebe5c4d11186017d3a40d0e9472e71fc2e006b0111b9479359982f5fa4dc74576deeb5a64356f73c0470304d7c5d308a907",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "d93b5279-ab34-48a7-bb6c-a6f5d41d3b47"
|
||
|
},
|
||
|
{
|
||
|
"type": "ssdeep",
|
||
|
"object_relation": "ssdeep",
|
||
|
"value": "192:l57nLS7miKlmqbWRllQnuH7KQDy814Ej2EOlqOfwfiJmCZWii5ujaV8:L7nLS7miKlmqO0G7BdjJ6J7",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "1ecc890e-bf9a-4dc3-a83f-ebf9e8d1386e"
|
||
|
}
|
||
|
],
|
||
|
"x_misp_meta_category": "file",
|
||
|
"x_misp_name": "elf-section"
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-object",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-object--62b00107-a884-40f8-ae40-b61004666ca3",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-09-12T14:41:51.000Z",
|
||
|
"modified": "2022-09-12T14:41:51.000Z",
|
||
|
"labels": [
|
||
|
"misp:name=\"elf-section\"",
|
||
|
"misp:meta-category=\"file\""
|
||
|
],
|
||
|
"x_misp_attributes": [
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "name",
|
||
|
"value": "__libc_thread_freeres_fn",
|
||
|
"category": "Other",
|
||
|
"uuid": "385828fd-7b44-499f-ad85-134694097eb7"
|
||
|
},
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "type",
|
||
|
"value": "PROGBITS",
|
||
|
"category": "Other",
|
||
|
"uuid": "6b9b6844-1373-45c5-90c2-b1efd92625e1"
|
||
|
},
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "flag",
|
||
|
"value": "ALLOC",
|
||
|
"category": "Other",
|
||
|
"uuid": "2c28406c-b30d-4e41-90c9-61bda20c450b"
|
||
|
},
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "flag",
|
||
|
"value": "EXECINSTR",
|
||
|
"category": "Other",
|
||
|
"uuid": "465831c5-af97-4049-887e-b91ed702421c"
|
||
|
},
|
||
|
{
|
||
|
"type": "size-in-bytes",
|
||
|
"object_relation": "size-in-bytes",
|
||
|
"value": "481",
|
||
|
"category": "Other",
|
||
|
"uuid": "308aa9bb-ad74-4474-b2cf-3afa34660d90"
|
||
|
},
|
||
|
{
|
||
|
"type": "float",
|
||
|
"object_relation": "entropy",
|
||
|
"value": "5.7994373207879",
|
||
|
"category": "Other",
|
||
|
"uuid": "90a4bdd4-46ca-4b15-bc61-2996320cd735"
|
||
|
},
|
||
|
{
|
||
|
"type": "md5",
|
||
|
"object_relation": "md5",
|
||
|
"value": "2dff6b15ddaf66773b78b7e14038d211",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "2c9c57a7-9f49-4bfa-af53-b444d580d861"
|
||
|
},
|
||
|
{
|
||
|
"type": "sha1",
|
||
|
"object_relation": "sha1",
|
||
|
"value": "3475678f7121d7d85a6a9035b00c067b2bd5af5a",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "b8d2a035-bdad-4aa5-a5e3-632a647cd969"
|
||
|
},
|
||
|
{
|
||
|
"type": "sha256",
|
||
|
"object_relation": "sha256",
|
||
|
"value": "f22bd568e7edf04b54e0db6b1961254f059c7fd179538da217b0e5e91e5a08b0",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "9aaa4825-6e1b-48ec-a967-da4ae8bf33af"
|
||
|
},
|
||
|
{
|
||
|
"type": "sha512",
|
||
|
"object_relation": "sha512",
|
||
|
"value": "a72cbc98b113cb259a4027528f468c8af260fd83925ed564390af445a0bd06f0b6dc58579bb6a77601bebdfed419f7bbe4ba696e88fe6c612767bb41fc9aaa19",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "7bc5d2fe-2f4e-47ca-82a9-76b8b92d4449"
|
||
|
},
|
||
|
{
|
||
|
"type": "ssdeep",
|
||
|
"object_relation": "ssdeep",
|
||
|
"value": "12:VbA+4RK7EWFQv5P7Nay31pMy3m3DSLzftoM1B:V8+cKTi0W1eyWTmzftoM1B",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "fc41b20a-6e23-43ad-9ebb-e390363a4936"
|
||
|
}
|
||
|
],
|
||
|
"x_misp_meta_category": "file",
|
||
|
"x_misp_name": "elf-section"
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-object",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-object--17f77158-0735-4093-8b9c-d738db162699",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-09-12T14:41:51.000Z",
|
||
|
"modified": "2022-09-12T14:41:51.000Z",
|
||
|
"labels": [
|
||
|
"misp:name=\"elf-section\"",
|
||
|
"misp:meta-category=\"file\""
|
||
|
],
|
||
|
"x_misp_attributes": [
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "name",
|
||
|
"value": ".fini",
|
||
|
"category": "Other",
|
||
|
"uuid": "ba5211e7-346f-483b-a5a4-3505937a87ab"
|
||
|
},
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "type",
|
||
|
"value": "PROGBITS",
|
||
|
"category": "Other",
|
||
|
"uuid": "704c1912-de4c-42c3-8354-56a6759d9de4"
|
||
|
},
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "flag",
|
||
|
"value": "ALLOC",
|
||
|
"category": "Other",
|
||
|
"uuid": "098ad264-0b02-47ac-be0f-c929587d2e91"
|
||
|
},
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "flag",
|
||
|
"value": "EXECINSTR",
|
||
|
"category": "Other",
|
||
|
"uuid": "4967dc77-cf73-4d9b-90b5-6a68d8a19d5e"
|
||
|
},
|
||
|
{
|
||
|
"type": "size-in-bytes",
|
||
|
"object_relation": "size-in-bytes",
|
||
|
"value": "9",
|
||
|
"category": "Other",
|
||
|
"uuid": "cda9c447-0d8c-426d-ae71-0d2c1d0bd1d2"
|
||
|
},
|
||
|
{
|
||
|
"type": "float",
|
||
|
"object_relation": "entropy",
|
||
|
"value": "2.5032583347756",
|
||
|
"category": "Other",
|
||
|
"uuid": "16e50009-c96b-4b70-bd73-85f68883d96f"
|
||
|
},
|
||
|
{
|
||
|
"type": "md5",
|
||
|
"object_relation": "md5",
|
||
|
"value": "c0ebd410fb9cd5628270064c1ed937ed",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "1476d125-1418-474f-948f-2d280fd23f18"
|
||
|
},
|
||
|
{
|
||
|
"type": "sha1",
|
||
|
"object_relation": "sha1",
|
||
|
"value": "fa7de3c1bbc31c0cfd7a16048b53b1bce8d2c590",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "0dabd3cb-1e41-41ad-84f4-c7f981e57c6e"
|
||
|
},
|
||
|
{
|
||
|
"type": "sha256",
|
||
|
"object_relation": "sha256",
|
||
|
"value": "66e6f54550612182b4ad78f30b140dd08318b968db3878de2db65fef87dc04d7",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "f6fb775f-0f91-41b5-9e69-7ac8ec9b53ff"
|
||
|
},
|
||
|
{
|
||
|
"type": "sha512",
|
||
|
"object_relation": "sha512",
|
||
|
"value": "4852df44be27a842795bdc6d623c510b381f027399198ec6d481d90f29dbd6c5a3721460086e1080bb53b9fb5cf852e710f97f1dd4912ad61711150979c9e715",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "06eb416b-3d43-44bb-a1d9-a0c3e3f059bc"
|
||
|
},
|
||
|
{
|
||
|
"type": "ssdeep",
|
||
|
"object_relation": "ssdeep",
|
||
|
"value": "3:4Ui:ji",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "3094e59b-e540-476d-8d02-950710567e6a"
|
||
|
}
|
||
|
],
|
||
|
"x_misp_meta_category": "file",
|
||
|
"x_misp_name": "elf-section"
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-object",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-object--77716830-69b3-4078-907d-a86ff72eada2",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-09-12T14:41:51.000Z",
|
||
|
"modified": "2022-09-12T14:41:51.000Z",
|
||
|
"labels": [
|
||
|
"misp:name=\"elf-section\"",
|
||
|
"misp:meta-category=\"file\""
|
||
|
],
|
||
|
"x_misp_attributes": [
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "name",
|
||
|
"value": ".rodata",
|
||
|
"category": "Other",
|
||
|
"uuid": "e7bcabae-ff15-43d9-92fe-f60a4d39c131"
|
||
|
},
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "type",
|
||
|
"value": "PROGBITS",
|
||
|
"category": "Other",
|
||
|
"uuid": "4d94e1fe-dc4c-4077-ac81-e9242eca9c05"
|
||
|
},
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "flag",
|
||
|
"value": "ALLOC",
|
||
|
"category": "Other",
|
||
|
"uuid": "855f0c4d-1e24-4514-9f12-8ad11b2d967e"
|
||
|
},
|
||
|
{
|
||
|
"type": "size-in-bytes",
|
||
|
"object_relation": "size-in-bytes",
|
||
|
"value": "670352",
|
||
|
"category": "Other",
|
||
|
"uuid": "25e9abee-b290-4c2e-af5d-d0c8162860e5"
|
||
|
},
|
||
|
{
|
||
|
"type": "float",
|
||
|
"object_relation": "entropy",
|
||
|
"value": "6.4052123470059",
|
||
|
"category": "Other",
|
||
|
"uuid": "8a317da4-6474-45da-98cc-270aef19074a"
|
||
|
},
|
||
|
{
|
||
|
"type": "md5",
|
||
|
"object_relation": "md5",
|
||
|
"value": "cd775d3116c23321a8cd3ceaa9e965c3",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "5085cfcf-1ea6-41d7-9ad7-df61b8fe5254"
|
||
|
},
|
||
|
{
|
||
|
"type": "sha1",
|
||
|
"object_relation": "sha1",
|
||
|
"value": "c7316c92f57b5baad7f4422b83c6e6e720d1d4d6",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "88de6759-7003-4182-a456-fd23b7e59fcf"
|
||
|
},
|
||
|
{
|
||
|
"type": "sha256",
|
||
|
"object_relation": "sha256",
|
||
|
"value": "9977648286246098624bb8ae19ad020ac5cc30104843a738d3c4426698af2a92",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "b60257f7-073d-49c6-906f-95628ea77455"
|
||
|
},
|
||
|
{
|
||
|
"type": "sha512",
|
||
|
"object_relation": "sha512",
|
||
|
"value": "fd9b3838a58451d0a6031b5256a2190f702eefa7821ffd4b6329be49ef57f981aa82615a477136e2bd8d27031918e00b902310e6bd0646f25d4b9d7c247a9b5c",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "9c503503-b361-4d7a-aa96-f6c8c985a0d7"
|
||
|
},
|
||
|
{
|
||
|
"type": "ssdeep",
|
||
|
"object_relation": "ssdeep",
|
||
|
"value": "12288:QtzDQ2qqFJfYcZHvnA8vtKJfYcdUTxb4bGVUejirVFU3kJ46/bU5YrynhvPB:8fEPcZPnxjc+T8rV23OAf",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "8f760cab-1728-4706-b53f-456594606981"
|
||
|
}
|
||
|
],
|
||
|
"x_misp_meta_category": "file",
|
||
|
"x_misp_name": "elf-section"
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-object",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-object--387ad845-011a-4be6-8fe4-869f04b7bd4c",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-09-14T09:06:24.000Z",
|
||
|
"modified": "2022-09-14T09:06:24.000Z",
|
||
|
"labels": [
|
||
|
"misp:name=\"elf-section\"",
|
||
|
"misp:meta-category=\"file\""
|
||
|
],
|
||
|
"x_misp_attributes": [
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "name",
|
||
|
"value": ".stapsdt.base",
|
||
|
"category": "Other",
|
||
|
"uuid": "ef63ee57-43b1-40de-b703-a05ae28ec969"
|
||
|
},
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "type",
|
||
|
"value": "PROGBITS",
|
||
|
"category": "Other",
|
||
|
"uuid": "539cae70-eab8-4d73-b6aa-92ffd9254bd5"
|
||
|
},
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "flag",
|
||
|
"value": "ALLOC",
|
||
|
"category": "Other",
|
||
|
"uuid": "5274798b-a794-4e80-85d8-3a386982def1"
|
||
|
},
|
||
|
{
|
||
|
"type": "size-in-bytes",
|
||
|
"object_relation": "size-in-bytes",
|
||
|
"value": "1",
|
||
|
"category": "Other",
|
||
|
"uuid": "5c916a71-c2af-4065-9711-24e9f33cd319"
|
||
|
},
|
||
|
{
|
||
|
"type": "md5",
|
||
|
"object_relation": "md5",
|
||
|
"value": "93b885adfe0da089cdf634904fd59f71",
|
||
|
"category": "Payload delivery",
|
||
|
"uuid": "6d07d893-cd33-452f-8777-66b79aec1eb2"
|
||
|
},
|
||
|
{
|
||
|
"type": "sha1",
|
||
|
"object_relation": "sha1",
|
||
|
"value": "5ba93c9db0cff93f52b521d7420e43f6eda2784f",
|
||
|
"category": "Payload delivery",
|
||
|
"uuid": "71af2a0a-42a8-49e7-96e3-def9153fc8f7"
|
||
|
},
|
||
|
{
|
||
|
"type": "sha256",
|
||
|
"object_relation": "sha256",
|
||
|
"value": "6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d",
|
||
|
"category": "Payload delivery",
|
||
|
"uuid": "35de68cd-e191-4595-a6dd-31350cb75166"
|
||
|
},
|
||
|
{
|
||
|
"type": "sha512",
|
||
|
"object_relation": "sha512",
|
||
|
"value": "b8244d028981d693af7b456af8efa4cad63d282e19ff14942c246e50d9351d22704a802a71c3580b6370de4ceb293c324a8423342557d4e5c38438f0e36910ee",
|
||
|
"category": "Payload delivery",
|
||
|
"uuid": "c884f215-f769-4278-898d-1d62d57886b1"
|
||
|
},
|
||
|
{
|
||
|
"type": "ssdeep",
|
||
|
"object_relation": "ssdeep",
|
||
|
"value": "3::",
|
||
|
"category": "Payload delivery",
|
||
|
"uuid": "d0d58326-657e-4a7f-b60c-e7589c4629a2"
|
||
|
}
|
||
|
],
|
||
|
"x_misp_meta_category": "file",
|
||
|
"x_misp_name": "elf-section"
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-object",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-object--82994316-c33d-4f20-b1cb-43ebcfccfacf",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-09-12T14:41:51.000Z",
|
||
|
"modified": "2022-09-12T14:41:51.000Z",
|
||
|
"labels": [
|
||
|
"misp:name=\"elf-section\"",
|
||
|
"misp:meta-category=\"file\""
|
||
|
],
|
||
|
"x_misp_attributes": [
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "name",
|
||
|
"value": "__libc_subfreeres",
|
||
|
"category": "Other",
|
||
|
"uuid": "17ff4837-6778-4ceb-a636-e6c54426bcc3"
|
||
|
},
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "type",
|
||
|
"value": "PROGBITS",
|
||
|
"category": "Other",
|
||
|
"uuid": "55fe27b0-5340-473c-b6a4-2d0f0efe5c8d"
|
||
|
},
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "flag",
|
||
|
"value": "ALLOC",
|
||
|
"category": "Other",
|
||
|
"uuid": "65179f71-4b1d-4df1-9db1-240d30db12b7"
|
||
|
},
|
||
|
{
|
||
|
"type": "size-in-bytes",
|
||
|
"object_relation": "size-in-bytes",
|
||
|
"value": "160",
|
||
|
"category": "Other",
|
||
|
"uuid": "ed118fbb-e38a-4f35-ac8c-ef6530e5f6f4"
|
||
|
},
|
||
|
{
|
||
|
"type": "float",
|
||
|
"object_relation": "entropy",
|
||
|
"value": "2.3520369438738",
|
||
|
"category": "Other",
|
||
|
"uuid": "16779837-4194-455f-ac80-bcb769ba0005"
|
||
|
},
|
||
|
{
|
||
|
"type": "md5",
|
||
|
"object_relation": "md5",
|
||
|
"value": "44d1d58be39708e7061343e8d9362e32",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "873dfa30-cfd6-4668-a550-ba0c5864bc4b"
|
||
|
},
|
||
|
{
|
||
|
"type": "sha1",
|
||
|
"object_relation": "sha1",
|
||
|
"value": "6626efb8bb81abf1562e8241803001b2b6c3d76c",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "aa8a1b63-5f9d-4321-bac4-4dc183af361b"
|
||
|
},
|
||
|
{
|
||
|
"type": "sha256",
|
||
|
"object_relation": "sha256",
|
||
|
"value": "3af0d0880996d41c12b464ff9d4d584117d5a92eb7e3bda93aa5ac6afe24c2e8",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "e5ac5ea6-d57a-411a-b864-d2c15c369326"
|
||
|
},
|
||
|
{
|
||
|
"type": "sha512",
|
||
|
"object_relation": "sha512",
|
||
|
"value": "f28d19e31389d1aac167aa2962bfa47f6099f96565c049ef6c842236ff122f4df92c08effeb9edf68ee08a3281dae92d22d27280ee30d4c72b8e10639ffbe5d6",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "257d9321-9ce2-40d8-819c-0280791e5a6a"
|
||
|
},
|
||
|
{
|
||
|
"type": "ssdeep",
|
||
|
"object_relation": "ssdeep",
|
||
|
"value": "3:9lllbOlCtsx2lC3Q//g//wXc6/lXlNtllttllulZ//:uCqEcZt7",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "144ba2bc-7cc3-43f5-b2b6-7dbfc1288579"
|
||
|
}
|
||
|
],
|
||
|
"x_misp_meta_category": "file",
|
||
|
"x_misp_name": "elf-section"
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-object",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-object--a3fd4ad8-adc2-409c-b333-db24c1d505b2",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-09-12T14:41:52.000Z",
|
||
|
"modified": "2022-09-12T14:41:52.000Z",
|
||
|
"labels": [
|
||
|
"misp:name=\"elf-section\"",
|
||
|
"misp:meta-category=\"file\""
|
||
|
],
|
||
|
"x_misp_attributes": [
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "name",
|
||
|
"value": "__libc_atexit",
|
||
|
"category": "Other",
|
||
|
"uuid": "e93e9393-7d65-428a-921c-4088384dc2a9"
|
||
|
},
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "type",
|
||
|
"value": "PROGBITS",
|
||
|
"category": "Other",
|
||
|
"uuid": "b32e9827-243b-4b32-86d0-802491bcaa0e"
|
||
|
},
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "flag",
|
||
|
"value": "ALLOC",
|
||
|
"category": "Other",
|
||
|
"uuid": "be36adc0-4536-4d69-b4cc-bfeadf3a56cb"
|
||
|
},
|
||
|
{
|
||
|
"type": "size-in-bytes",
|
||
|
"object_relation": "size-in-bytes",
|
||
|
"value": "8",
|
||
|
"category": "Other",
|
||
|
"uuid": "582c1940-7975-43cd-b88f-d15edb2728c6"
|
||
|
},
|
||
|
{
|
||
|
"type": "float",
|
||
|
"object_relation": "entropy",
|
||
|
"value": "1.5487949406954",
|
||
|
"category": "Other",
|
||
|
"uuid": "2a39b2a6-2023-4e2b-85d9-d8ccf73fb00f"
|
||
|
},
|
||
|
{
|
||
|
"type": "md5",
|
||
|
"object_relation": "md5",
|
||
|
"value": "914507733b69f26db4f60eeae575ef21",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "8c20dea4-0ceb-40f7-8270-867ae3ae508d"
|
||
|
},
|
||
|
{
|
||
|
"type": "sha1",
|
||
|
"object_relation": "sha1",
|
||
|
"value": "d42892e1aa2f1c0b8056604c41749f393759e763",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "331a33c1-aaad-43c0-b644-0aaf170748f9"
|
||
|
},
|
||
|
{
|
||
|
"type": "sha256",
|
||
|
"object_relation": "sha256",
|
||
|
"value": "635fd7f01ed13250939e95911cc987d4f2fbcbad47d864881a2e5cfe1a5c9fd9",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "25cc0fdb-cf83-44fa-bd41-02c9a6ea1d43"
|
||
|
},
|
||
|
{
|
||
|
"type": "sha512",
|
||
|
"object_relation": "sha512",
|
||
|
"value": "90ee4764b435d853e705eadc249eed88209e7778adf86b3ac359cf75a689a84fedbb80ff15d008c55782ea8f106d18cb4081280fa4d93fc745357ae7dad84632",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "1fbc52db-31b0-4037-a181-22cecc7e3b80"
|
||
|
},
|
||
|
{
|
||
|
"type": "ssdeep",
|
||
|
"object_relation": "ssdeep",
|
||
|
"value": "3:Mlll/n:M/t",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "65320e9c-1d1e-45b7-a33f-9daeb1523464"
|
||
|
}
|
||
|
],
|
||
|
"x_misp_meta_category": "file",
|
||
|
"x_misp_name": "elf-section"
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-object",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-object--a20f6096-5314-4218-83a0-38e46724cef6",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-09-12T14:41:52.000Z",
|
||
|
"modified": "2022-09-12T14:41:52.000Z",
|
||
|
"labels": [
|
||
|
"misp:name=\"elf-section\"",
|
||
|
"misp:meta-category=\"file\""
|
||
|
],
|
||
|
"x_misp_attributes": [
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "name",
|
||
|
"value": "__libc_thread_subfreeres",
|
||
|
"category": "Other",
|
||
|
"uuid": "fb26c50f-797f-4b90-b7bb-ef8f349ca991"
|
||
|
},
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "type",
|
||
|
"value": "PROGBITS",
|
||
|
"category": "Other",
|
||
|
"uuid": "171b834f-19e3-4dbb-b566-621e554ebd88"
|
||
|
},
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "flag",
|
||
|
"value": "ALLOC",
|
||
|
"category": "Other",
|
||
|
"uuid": "a813f78f-4d03-4798-9833-69d13bb36e6a"
|
||
|
},
|
||
|
{
|
||
|
"type": "size-in-bytes",
|
||
|
"object_relation": "size-in-bytes",
|
||
|
"value": "16",
|
||
|
"category": "Other",
|
||
|
"uuid": "3ca40ede-728e-4be0-970f-fac02330a133"
|
||
|
},
|
||
|
{
|
||
|
"type": "float",
|
||
|
"object_relation": "entropy",
|
||
|
"value": "1.7987949406954",
|
||
|
"category": "Other",
|
||
|
"uuid": "1d93820a-2484-4fd5-bb03-361241214915"
|
||
|
},
|
||
|
{
|
||
|
"type": "md5",
|
||
|
"object_relation": "md5",
|
||
|
"value": "9f28d6e24ac3c236ce526343d6b89725",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "eb9ce0ee-2d59-4a56-8c80-666dfafec1e5"
|
||
|
},
|
||
|
{
|
||
|
"type": "sha1",
|
||
|
"object_relation": "sha1",
|
||
|
"value": "5f4c011f6555895a99969d46a900774e38639697",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "3f3e8c7d-68c5-4f08-a51c-b019e050f434"
|
||
|
},
|
||
|
{
|
||
|
"type": "sha256",
|
||
|
"object_relation": "sha256",
|
||
|
"value": "6365413a2a0210708a929ac8be67d3d00dcaff6ff9cabb42369396db50c33335",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "1aa7c2fc-468e-4d6f-ac97-fb7da51be9e6"
|
||
|
},
|
||
|
{
|
||
|
"type": "sha512",
|
||
|
"object_relation": "sha512",
|
||
|
"value": "8190cfc86663b0a827a7b221cf9646ed2556a7baa891c771a880d1233706fc5ccfdffe4cdd27dc68acfb161d9622b2551a7ae0acda7a9563740e84acb54f20cc",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "4c217c85-dd1a-4049-a6df-4b904a459ba4"
|
||
|
},
|
||
|
{
|
||
|
"type": "ssdeep",
|
||
|
"object_relation": "ssdeep",
|
||
|
"value": "3:6llZ//:O7",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "f46bf489-4fd0-4e35-a799-9dede70439bc"
|
||
|
}
|
||
|
],
|
||
|
"x_misp_meta_category": "file",
|
||
|
"x_misp_name": "elf-section"
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-object",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-object--c2ab6b17-9938-4977-8d55-a2618dadb2e2",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-09-12T14:41:52.000Z",
|
||
|
"modified": "2022-09-12T14:41:52.000Z",
|
||
|
"labels": [
|
||
|
"misp:name=\"elf-section\"",
|
||
|
"misp:meta-category=\"file\""
|
||
|
],
|
||
|
"x_misp_attributes": [
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "name",
|
||
|
"value": ".eh_frame",
|
||
|
"category": "Other",
|
||
|
"uuid": "57fbe3c4-66e0-4c09-93d5-aeb37a3b530e"
|
||
|
},
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "type",
|
||
|
"value": "PROGBITS",
|
||
|
"category": "Other",
|
||
|
"uuid": "ab98758b-f1ec-4be3-a7ac-ad6335e5069a"
|
||
|
},
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "flag",
|
||
|
"value": "ALLOC",
|
||
|
"category": "Other",
|
||
|
"uuid": "d2324b67-b3d3-4216-8817-7694a80ffccb"
|
||
|
},
|
||
|
{
|
||
|
"type": "size-in-bytes",
|
||
|
"object_relation": "size-in-bytes",
|
||
|
"value": "435308",
|
||
|
"category": "Other",
|
||
|
"uuid": "de573d93-c750-4820-b8c9-e7536790d039"
|
||
|
},
|
||
|
{
|
||
|
"type": "float",
|
||
|
"object_relation": "entropy",
|
||
|
"value": "5.1717032646315",
|
||
|
"category": "Other",
|
||
|
"uuid": "d388247f-7846-4830-95b8-fc69360ea16e"
|
||
|
},
|
||
|
{
|
||
|
"type": "md5",
|
||
|
"object_relation": "md5",
|
||
|
"value": "23d2e4b12403d10913149d0c29423993",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "11f8f3e5-b96a-42d9-80c6-93b8f3bc94bd"
|
||
|
},
|
||
|
{
|
||
|
"type": "sha1",
|
||
|
"object_relation": "sha1",
|
||
|
"value": "d8cecbab2355c5bc92b8fe2502791b8e152b4534",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "8a5ef062-a8db-4867-9cfc-283f26fce9ba"
|
||
|
},
|
||
|
{
|
||
|
"type": "sha256",
|
||
|
"object_relation": "sha256",
|
||
|
"value": "281ca1bd3549af5e92585bdaa356184e62dac13073797321c4d004907ac0727e",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "f5973c34-216e-4a85-9e1d-e9503aea24a3"
|
||
|
},
|
||
|
{
|
||
|
"type": "sha512",
|
||
|
"object_relation": "sha512",
|
||
|
"value": "556faa489660be762c1fcb8a3f69dd5cc429237a87f2954fdfe8b1bdb009376501cdbc51be1968766fe2471af4fc702cf26e75bd1b6a61cb48ec3f4b9f299194",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "9c391f30-d8ff-4efe-bebc-94137f4976fe"
|
||
|
},
|
||
|
{
|
||
|
"type": "ssdeep",
|
||
|
"object_relation": "ssdeep",
|
||
|
"value": "6144:Q2J99aqApTHqKNqTVQyQNXIvM4jILifr0qjVOtDSwE:raRRNXIvM9LiT0s",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "b1771596-ed91-473a-9f20-093581d52659"
|
||
|
}
|
||
|
],
|
||
|
"x_misp_meta_category": "file",
|
||
|
"x_misp_name": "elf-section"
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-object",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-object--5bd40820-14d2-4783-b4f9-cf9fd0483b9b",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-09-12T14:41:52.000Z",
|
||
|
"modified": "2022-09-12T14:41:52.000Z",
|
||
|
"labels": [
|
||
|
"misp:name=\"elf-section\"",
|
||
|
"misp:meta-category=\"file\""
|
||
|
],
|
||
|
"x_misp_attributes": [
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "name",
|
||
|
"value": ".gcc_except_table",
|
||
|
"category": "Other",
|
||
|
"uuid": "bb6928b7-61de-4d38-89dd-7f9cb2c0af7f"
|
||
|
},
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "type",
|
||
|
"value": "PROGBITS",
|
||
|
"category": "Other",
|
||
|
"uuid": "49427562-1b94-462d-9829-31a2606451df"
|
||
|
},
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "flag",
|
||
|
"value": "ALLOC",
|
||
|
"category": "Other",
|
||
|
"uuid": "70a5eb09-e6d3-403e-b8c6-65c92b4db350"
|
||
|
},
|
||
|
{
|
||
|
"type": "size-in-bytes",
|
||
|
"object_relation": "size-in-bytes",
|
||
|
"value": "38134",
|
||
|
"category": "Other",
|
||
|
"uuid": "62644002-619d-4361-bdae-203a52abb227"
|
||
|
},
|
||
|
{
|
||
|
"type": "float",
|
||
|
"object_relation": "entropy",
|
||
|
"value": "5.4414209378793",
|
||
|
"category": "Other",
|
||
|
"uuid": "09891c79-fad5-4235-b12c-f2c62c410405"
|
||
|
},
|
||
|
{
|
||
|
"type": "md5",
|
||
|
"object_relation": "md5",
|
||
|
"value": "9d5495e8824ee288fab3dce3f7597880",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "d2162498-3f85-46d5-b478-e15245eb2471"
|
||
|
},
|
||
|
{
|
||
|
"type": "sha1",
|
||
|
"object_relation": "sha1",
|
||
|
"value": "9b85be3665fa29887c7fd7765488e8fe530a51b2",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "510c9f2f-997c-48da-8998-fef199c85c9d"
|
||
|
},
|
||
|
{
|
||
|
"type": "sha256",
|
||
|
"object_relation": "sha256",
|
||
|
"value": "ddc5d78168a7d642475abffdfa22fb510d0bd5c05cdd502f222ffb21cece2a08",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "c7b7346a-2c45-4d58-9884-895db738accb"
|
||
|
},
|
||
|
{
|
||
|
"type": "sha512",
|
||
|
"object_relation": "sha512",
|
||
|
"value": "6b137e6d67546a081fd9fdb42d31245daec501a9101e8d9cfd89fc29fa6fd285ac3c07eda63853a33a235c9a2022feaaadfe9dd39d041a84515a846a883355dd",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "39ebb6b7-a829-44c2-a392-d72abb0cdd8e"
|
||
|
},
|
||
|
{
|
||
|
"type": "ssdeep",
|
||
|
"object_relation": "ssdeep",
|
||
|
"value": "768:zGCIE8LtiYGe9f8LOwh/fiNlLx7R+gGyQMwVefDi3:zGu8LDGeiLOU/fiHFFu",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "2c3151be-f05a-4560-9957-80ce56ae901d"
|
||
|
}
|
||
|
],
|
||
|
"x_misp_meta_category": "file",
|
||
|
"x_misp_name": "elf-section"
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-object",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-object--dd6b54d8-8ec9-42d3-99d4-6db1e3f8e8f7",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-09-12T14:41:52.000Z",
|
||
|
"modified": "2022-09-12T14:41:52.000Z",
|
||
|
"labels": [
|
||
|
"misp:name=\"elf-section\"",
|
||
|
"misp:meta-category=\"file\""
|
||
|
],
|
||
|
"x_misp_attributes": [
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "name",
|
||
|
"value": ".tdata",
|
||
|
"category": "Other",
|
||
|
"uuid": "79f832b3-20a9-4cf0-816e-50669141a238"
|
||
|
},
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "type",
|
||
|
"value": "PROGBITS",
|
||
|
"category": "Other",
|
||
|
"uuid": "504fe296-7d6b-43b7-98a3-5ef974b14e6d"
|
||
|
},
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "flag",
|
||
|
"value": "TLS",
|
||
|
"category": "Other",
|
||
|
"uuid": "1a4000cc-8d29-4f4a-ae39-60fba185a7c4"
|
||
|
},
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "flag",
|
||
|
"value": "WRITE",
|
||
|
"category": "Other",
|
||
|
"uuid": "83e91bde-9c70-487b-9222-0a23ac0334ae"
|
||
|
},
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "flag",
|
||
|
"value": "ALLOC",
|
||
|
"category": "Other",
|
||
|
"uuid": "5693bf9b-ad28-4978-ac74-e03088e58aa4"
|
||
|
},
|
||
|
{
|
||
|
"type": "size-in-bytes",
|
||
|
"object_relation": "size-in-bytes",
|
||
|
"value": "112",
|
||
|
"category": "Other",
|
||
|
"uuid": "f368563a-90f9-4b01-9116-53a3a4546a7d"
|
||
|
},
|
||
|
{
|
||
|
"type": "float",
|
||
|
"object_relation": "entropy",
|
||
|
"value": "2.143538830137",
|
||
|
"category": "Other",
|
||
|
"uuid": "a997adb6-2c2a-4740-a27c-3e9621774e5c"
|
||
|
},
|
||
|
{
|
||
|
"type": "md5",
|
||
|
"object_relation": "md5",
|
||
|
"value": "077a80dd72ac37e9b9e54c85f9a16a6e",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "72a45e16-8b51-4ac2-bef9-f90df65ffa5e"
|
||
|
},
|
||
|
{
|
||
|
"type": "sha1",
|
||
|
"object_relation": "sha1",
|
||
|
"value": "8f6b2e6a9b33244d583fb87e0043fc2e58cd76e4",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "5b18b966-ed8d-4b41-9185-ecdade1b291d"
|
||
|
},
|
||
|
{
|
||
|
"type": "sha256",
|
||
|
"object_relation": "sha256",
|
||
|
"value": "a7f9d7e81f5fd6d33862616bc188e69aec30408ebac35bcf44db2ffe5887983a",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "528a68df-7e04-4053-97b4-c050cb0bae3c"
|
||
|
},
|
||
|
{
|
||
|
"type": "sha512",
|
||
|
"object_relation": "sha512",
|
||
|
"value": "6f68312ddee5a2b0bfd1d2761a04aa481d87902f50489606072082b3d255f5a900360b61b9c6ad62757e1446540023271fa104279b6b9c3c48cf4501652ea00e",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "f3617351-6c98-4423-a49f-ddeb3ac3e647"
|
||
|
},
|
||
|
{
|
||
|
"type": "ssdeep",
|
||
|
"object_relation": "ssdeep",
|
||
|
"value": "3:k/lFiWt3Wtv6Wt/ztlLJl/nztNDS/ltS/ltOll/l:k/XiP2/i/elX",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "325520a3-3ebf-499d-9425-4ea73143f0fc"
|
||
|
}
|
||
|
],
|
||
|
"x_misp_meta_category": "file",
|
||
|
"x_misp_name": "elf-section"
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-object",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-object--fea3f084-e86e-47f3-9f7b-a7aba74ccb3b",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-09-12T14:41:52.000Z",
|
||
|
"modified": "2022-09-12T14:41:52.000Z",
|
||
|
"labels": [
|
||
|
"misp:name=\"elf-section\"",
|
||
|
"misp:meta-category=\"file\""
|
||
|
],
|
||
|
"x_misp_attributes": [
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "name",
|
||
|
"value": ".tbss",
|
||
|
"category": "Other",
|
||
|
"uuid": "127730bc-4eee-4a4b-9b89-7f9078cf7c32"
|
||
|
},
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "type",
|
||
|
"value": "NOBITS",
|
||
|
"category": "Other",
|
||
|
"uuid": "33db414d-b3db-41ed-9fd7-266cdbf2532e"
|
||
|
},
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "flag",
|
||
|
"value": "TLS",
|
||
|
"category": "Other",
|
||
|
"uuid": "731d13db-59c1-4539-9fe2-d9739ece4f20"
|
||
|
},
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "flag",
|
||
|
"value": "WRITE",
|
||
|
"category": "Other",
|
||
|
"uuid": "16e33d97-9094-48b7-81b7-a038b3debb16"
|
||
|
},
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "flag",
|
||
|
"value": "ALLOC",
|
||
|
"category": "Other",
|
||
|
"uuid": "3618e9e7-bb4e-41fd-a6f9-3a006d330700"
|
||
|
},
|
||
|
{
|
||
|
"type": "size-in-bytes",
|
||
|
"object_relation": "size-in-bytes",
|
||
|
"value": "88",
|
||
|
"category": "Other",
|
||
|
"uuid": "07ecf5be-a84b-4e2d-9e11-1cb2824c27b2"
|
||
|
},
|
||
|
{
|
||
|
"type": "float",
|
||
|
"object_relation": "entropy",
|
||
|
"value": "2.2413172414472",
|
||
|
"category": "Other",
|
||
|
"uuid": "c2230b92-7e8c-48b0-809a-b2455cc18b38"
|
||
|
},
|
||
|
{
|
||
|
"type": "md5",
|
||
|
"object_relation": "md5",
|
||
|
"value": "b7d98e2bff1d0cabff1c12ea6f42c530",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "340e64e5-7d7f-45a8-917c-d6942cacf986"
|
||
|
},
|
||
|
{
|
||
|
"type": "sha1",
|
||
|
"object_relation": "sha1",
|
||
|
"value": "90772a68ebd602896292832af2eacb1a9eae7fb2",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "2bca9b8c-1103-459a-b713-845995299a79"
|
||
|
},
|
||
|
{
|
||
|
"type": "sha256",
|
||
|
"object_relation": "sha256",
|
||
|
"value": "6f673fab90741fcbfe19a6553bbe402d3479a71c550b4c762b0d0efd68ba5cb3",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "3b43a63e-1268-4b6b-9758-3f2355b1dbd0"
|
||
|
},
|
||
|
{
|
||
|
"type": "sha512",
|
||
|
"object_relation": "sha512",
|
||
|
"value": "e14b4ecbda2dfeeb65a9595f09b2ab67a82aaec1d7f715ce910c2de16d27ef8008038a61afc9b25a05255727ededd28bd8bcdadd459e1ba23334b577e733e430",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "3fc2a0b2-f173-475e-b755-2913bc3c9f4c"
|
||
|
},
|
||
|
{
|
||
|
"type": "ssdeep",
|
||
|
"object_relation": "ssdeep",
|
||
|
"value": "3:xX1yPxllMlllNMPMllnMP3ll1fX1VlFf//n:um/c0/M1",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "113f838b-1e7a-4cad-a077-19298e105b94"
|
||
|
}
|
||
|
],
|
||
|
"x_misp_meta_category": "file",
|
||
|
"x_misp_name": "elf-section"
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-object",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-object--0a72bfd3-3a03-425c-9da6-e5bf14a73b87",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-09-12T14:41:52.000Z",
|
||
|
"modified": "2022-09-12T14:41:52.000Z",
|
||
|
"labels": [
|
||
|
"misp:name=\"elf-section\"",
|
||
|
"misp:meta-category=\"file\""
|
||
|
],
|
||
|
"x_misp_attributes": [
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "name",
|
||
|
"value": ".preinit_array",
|
||
|
"category": "Other",
|
||
|
"uuid": "e71a3dba-d236-44f3-85ee-3efecd2870cf"
|
||
|
},
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "type",
|
||
|
"value": "PREINIT_ARRAY",
|
||
|
"category": "Other",
|
||
|
"uuid": "9c3b6a48-75d5-43e1-b330-16c85f6c9c3f"
|
||
|
},
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "flag",
|
||
|
"value": "WRITE",
|
||
|
"category": "Other",
|
||
|
"uuid": "55f933c9-de12-4f73-9df3-d930c9899fe7"
|
||
|
},
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "flag",
|
||
|
"value": "ALLOC",
|
||
|
"category": "Other",
|
||
|
"uuid": "ad789c2c-9e49-4f4f-bba5-bdb5be9d36ea"
|
||
|
},
|
||
|
{
|
||
|
"type": "size-in-bytes",
|
||
|
"object_relation": "size-in-bytes",
|
||
|
"value": "8",
|
||
|
"category": "Other",
|
||
|
"uuid": "6589fffe-a438-45a6-945c-6a925d72b5d2"
|
||
|
},
|
||
|
{
|
||
|
"type": "float",
|
||
|
"object_relation": "entropy",
|
||
|
"value": "1.5487949406954",
|
||
|
"category": "Other",
|
||
|
"uuid": "a0d7bc70-b1ae-450b-9056-f346142653d0"
|
||
|
},
|
||
|
{
|
||
|
"type": "md5",
|
||
|
"object_relation": "md5",
|
||
|
"value": "704c0956833842b61d2dd32e29e425ab",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "5e48f7cc-5462-4164-86f1-7d9bd6502874"
|
||
|
},
|
||
|
{
|
||
|
"type": "sha1",
|
||
|
"object_relation": "sha1",
|
||
|
"value": "9bab30ca69f307cef2c2ce2cb4078a23c040a12f",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "d9ad84b0-95a3-4301-85f1-33e3bd58fd68"
|
||
|
},
|
||
|
{
|
||
|
"type": "sha256",
|
||
|
"object_relation": "sha256",
|
||
|
"value": "daffa496c8e073247a516be2b71e86bb88a524a8f2aac94830804dc66d123180",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "95f0900e-af53-4e31-80b7-86bf4ba3d72a"
|
||
|
},
|
||
|
{
|
||
|
"type": "sha512",
|
||
|
"object_relation": "sha512",
|
||
|
"value": "1bfb54d0c6dec984aca99d68068b90981faa8cb0548a586ed565fb59b2337afb1095a69489fae133188e7ac30b4e68b03f7892b9e2af4bfba1afdbc2ac38dba8",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "091b03ff-17a8-469a-8abe-9660cabcf592"
|
||
|
},
|
||
|
{
|
||
|
"type": "ssdeep",
|
||
|
"object_relation": "ssdeep",
|
||
|
"value": "3:xXn:B",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "f750bf6b-3cc6-4ad7-b9a0-058614834cc2"
|
||
|
}
|
||
|
],
|
||
|
"x_misp_meta_category": "file",
|
||
|
"x_misp_name": "elf-section"
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-object",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-object--8d56336e-f1af-4d1f-be74-4699c6d39eac",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-09-12T14:41:52.000Z",
|
||
|
"modified": "2022-09-12T14:41:52.000Z",
|
||
|
"labels": [
|
||
|
"misp:name=\"elf-section\"",
|
||
|
"misp:meta-category=\"file\""
|
||
|
],
|
||
|
"x_misp_attributes": [
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "name",
|
||
|
"value": ".init_array",
|
||
|
"category": "Other",
|
||
|
"uuid": "44b422aa-94d1-48e2-b919-a67ba3867dfc"
|
||
|
},
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "type",
|
||
|
"value": "INIT_ARRAY",
|
||
|
"category": "Other",
|
||
|
"uuid": "bdd2d926-f88e-49e1-98e0-74dbb1c5736d"
|
||
|
},
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "flag",
|
||
|
"value": "WRITE",
|
||
|
"category": "Other",
|
||
|
"uuid": "ba957ceb-3af6-4943-84d1-aba76a628a08"
|
||
|
},
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "flag",
|
||
|
"value": "ALLOC",
|
||
|
"category": "Other",
|
||
|
"uuid": "5a788840-c7e8-4d14-94fe-4b53068687cf"
|
||
|
},
|
||
|
{
|
||
|
"type": "size-in-bytes",
|
||
|
"object_relation": "size-in-bytes",
|
||
|
"value": "392",
|
||
|
"category": "Other",
|
||
|
"uuid": "f89406e6-7827-4549-aa68-72fdc62a0345"
|
||
|
},
|
||
|
{
|
||
|
"type": "float",
|
||
|
"object_relation": "entropy",
|
||
|
"value": "2.4922750210396",
|
||
|
"category": "Other",
|
||
|
"uuid": "af023a44-3a82-4f28-ae44-03d207a59976"
|
||
|
},
|
||
|
{
|
||
|
"type": "md5",
|
||
|
"object_relation": "md5",
|
||
|
"value": "026ad4569b5afa6dad1c43fcdd407433",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "f1352658-b34b-44cf-8bb6-831fc9a12004"
|
||
|
},
|
||
|
{
|
||
|
"type": "sha1",
|
||
|
"object_relation": "sha1",
|
||
|
"value": "04ba46557cefa41c869df9b7eb477723a28c3abf",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "e0a4e473-ec56-40c6-90c0-b63d060eee82"
|
||
|
},
|
||
|
{
|
||
|
"type": "sha256",
|
||
|
"object_relation": "sha256",
|
||
|
"value": "b1150f2a61d3835e05f54f31628465cad22c9f174f56a1f79f64e1331d1b52a7",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "e5f65eb8-3b64-4734-b2ab-72e9cf2092e8"
|
||
|
},
|
||
|
{
|
||
|
"type": "sha512",
|
||
|
"object_relation": "sha512",
|
||
|
"value": "b45a60933ea2ad065db22408e7f070f19fff5b53622bc9488700152c0fdfb0a4cc44fb361a0120c0500b43691e7a3bd99501fe8bfed5f899e1213df6acce7789",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "12fe5b3f-fb7b-4168-b9af-ef60c12b1c62"
|
||
|
},
|
||
|
{
|
||
|
"type": "ssdeep",
|
||
|
"object_relation": "ssdeep",
|
||
|
"value": "3:EPxllMlllNMPMllnMP3ll1fX1VlFf//lylX1WlWlDl1AXV5ll5l/9mtlPkttsVd7:Em/c0/M6RXctiyCVCS/ytIHP",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "5b8e7370-7777-4467-87b9-59e600d1f31c"
|
||
|
}
|
||
|
],
|
||
|
"x_misp_meta_category": "file",
|
||
|
"x_misp_name": "elf-section"
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-object",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-object--98eaace2-d74a-43cf-a02a-a969867df3c1",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-09-12T14:41:52.000Z",
|
||
|
"modified": "2022-09-12T14:41:52.000Z",
|
||
|
"labels": [
|
||
|
"misp:name=\"elf-section\"",
|
||
|
"misp:meta-category=\"file\""
|
||
|
],
|
||
|
"x_misp_attributes": [
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "name",
|
||
|
"value": ".fini_array",
|
||
|
"category": "Other",
|
||
|
"uuid": "fefb422e-1577-4ce7-8360-3b6c6ae56d87"
|
||
|
},
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "type",
|
||
|
"value": "FINI_ARRAY",
|
||
|
"category": "Other",
|
||
|
"uuid": "771e17ce-ada4-47b8-9cc5-7e6b115e7e13"
|
||
|
},
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "flag",
|
||
|
"value": "WRITE",
|
||
|
"category": "Other",
|
||
|
"uuid": "f8afb6e5-cd0a-48ea-ab21-6982505ed319"
|
||
|
},
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "flag",
|
||
|
"value": "ALLOC",
|
||
|
"category": "Other",
|
||
|
"uuid": "b9567976-2b39-43b3-b656-d0ae7c214318"
|
||
|
},
|
||
|
{
|
||
|
"type": "size-in-bytes",
|
||
|
"object_relation": "size-in-bytes",
|
||
|
"value": "24",
|
||
|
"category": "Other",
|
||
|
"uuid": "b8e595c7-59e5-48b1-88ec-8c4ed31266f7"
|
||
|
},
|
||
|
{
|
||
|
"type": "float",
|
||
|
"object_relation": "entropy",
|
||
|
"value": "1.7264892117992",
|
||
|
"category": "Other",
|
||
|
"uuid": "920a3a8b-70a3-40f5-a147-f418d040ea9d"
|
||
|
},
|
||
|
{
|
||
|
"type": "md5",
|
||
|
"object_relation": "md5",
|
||
|
"value": "61da51275742d0bcbe9d91d913b073c7",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "1b64f8f5-3723-4bc3-8a24-1d13491628d2"
|
||
|
},
|
||
|
{
|
||
|
"type": "sha1",
|
||
|
"object_relation": "sha1",
|
||
|
"value": "7fa699f97efc478c80b4ee3bf3985f45a47dd29e",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "c9f588a5-9176-4eb9-b75e-dfd67b1052e8"
|
||
|
},
|
||
|
{
|
||
|
"type": "sha256",
|
||
|
"object_relation": "sha256",
|
||
|
"value": "b3c5fac1a040b33d87a301390a59205b0aa98c1fdcc85cf6ad185e7df1a2e886",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "52aeb109-7f42-43f7-b6d4-96dc575adacf"
|
||
|
},
|
||
|
{
|
||
|
"type": "sha512",
|
||
|
"object_relation": "sha512",
|
||
|
"value": "5ed2d744a9a3200ee37850b71feda657c7aaa77f347c570fee3cb24eb256c0d2575ecaf1ac5bda9a872f1b789f11ec8d9d51d814d5f8040e1c588ab1d548d1b7",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "90015775-7a22-4bda-aa92-e933a4ebce5a"
|
||
|
},
|
||
|
{
|
||
|
"type": "ssdeep",
|
||
|
"object_relation": "ssdeep",
|
||
|
"value": "3:clvxl1xlX:U1",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "0d4b8188-d288-4030-b22d-0ba424754508"
|
||
|
}
|
||
|
],
|
||
|
"x_misp_meta_category": "file",
|
||
|
"x_misp_name": "elf-section"
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-object",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-object--08648093-7012-4d42-81d2-0902d0524679",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-09-14T09:05:59.000Z",
|
||
|
"modified": "2022-09-14T09:05:59.000Z",
|
||
|
"labels": [
|
||
|
"misp:name=\"elf-section\"",
|
||
|
"misp:meta-category=\"file\""
|
||
|
],
|
||
|
"x_misp_attributes": [
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "name",
|
||
|
"value": ".jcr",
|
||
|
"category": "Other",
|
||
|
"uuid": "5eab2e7a-3bb7-419d-82e3-390bad24c8fc"
|
||
|
},
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "type",
|
||
|
"value": "PROGBITS",
|
||
|
"category": "Other",
|
||
|
"uuid": "096b104d-334a-47ec-bf51-e62c387f6a88"
|
||
|
},
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "flag",
|
||
|
"value": "WRITE",
|
||
|
"category": "Other",
|
||
|
"uuid": "b6922499-2a55-4ab5-83f6-6cefd00585dc"
|
||
|
},
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "flag",
|
||
|
"value": "ALLOC",
|
||
|
"category": "Other",
|
||
|
"uuid": "36bfb651-b48f-47fd-abfd-c0d08eb0fd81"
|
||
|
},
|
||
|
{
|
||
|
"type": "size-in-bytes",
|
||
|
"object_relation": "size-in-bytes",
|
||
|
"value": "8",
|
||
|
"category": "Other",
|
||
|
"uuid": "08d3e66a-33b0-4b73-8d79-18d888b83554"
|
||
|
},
|
||
|
{
|
||
|
"type": "md5",
|
||
|
"object_relation": "md5",
|
||
|
"value": "7dea362b3fac8e00956a4952a3d4f474",
|
||
|
"category": "Payload delivery",
|
||
|
"uuid": "c5a32235-2076-4ad5-81c3-e8ac4d091532"
|
||
|
},
|
||
|
{
|
||
|
"type": "sha1",
|
||
|
"object_relation": "sha1",
|
||
|
"value": "05fe405753166f125559e7c9ac558654f107c7e9",
|
||
|
"category": "Payload delivery",
|
||
|
"uuid": "29f2ea9d-36da-4d3e-9230-c260c9e353da"
|
||
|
},
|
||
|
{
|
||
|
"type": "sha256",
|
||
|
"object_relation": "sha256",
|
||
|
"value": "af5570f5a1810b7af78caf4bc70a660f0df51e42baf91d4de5b2328de0e83dfc",
|
||
|
"category": "Payload delivery",
|
||
|
"uuid": "7c3e7e82-d7e5-4f3a-9406-fd99b6a66aec"
|
||
|
},
|
||
|
{
|
||
|
"type": "sha512",
|
||
|
"object_relation": "sha512",
|
||
|
"value": "1b7409ccf0d5a34d3a77eaabfa9fe27427655be9297127ee9522aa1bf4046d4f945983678169cb1a7348edcac47ef0d9e2c924130e5bcc5f0d94937852c42f1b",
|
||
|
"category": "Payload delivery",
|
||
|
"uuid": "9961ca93-d615-4023-8fff-6c2b96f0c248"
|
||
|
},
|
||
|
{
|
||
|
"type": "ssdeep",
|
||
|
"object_relation": "ssdeep",
|
||
|
"value": "3::",
|
||
|
"category": "Payload delivery",
|
||
|
"uuid": "f6ff4711-408c-4571-8268-2e622749d86c"
|
||
|
}
|
||
|
],
|
||
|
"x_misp_meta_category": "file",
|
||
|
"x_misp_name": "elf-section"
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-object",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-object--bec89af8-5394-47fa-9672-9d179eaaedc4",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-09-12T14:41:53.000Z",
|
||
|
"modified": "2022-09-12T14:41:53.000Z",
|
||
|
"labels": [
|
||
|
"misp:name=\"elf-section\"",
|
||
|
"misp:meta-category=\"file\""
|
||
|
],
|
||
|
"x_misp_attributes": [
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "name",
|
||
|
"value": ".data.rel.ro",
|
||
|
"category": "Other",
|
||
|
"uuid": "2e59a359-f5d2-447c-ab95-a738e5ac345f"
|
||
|
},
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "type",
|
||
|
"value": "PROGBITS",
|
||
|
"category": "Other",
|
||
|
"uuid": "2de69177-e96b-41b4-af75-e1b35c1e62c6"
|
||
|
},
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "flag",
|
||
|
"value": "WRITE",
|
||
|
"category": "Other",
|
||
|
"uuid": "37c626d9-69aa-4830-b91d-c6cc8ff3fe8b"
|
||
|
},
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "flag",
|
||
|
"value": "ALLOC",
|
||
|
"category": "Other",
|
||
|
"uuid": "adc13380-efe9-4d92-83bf-dc3acfe12cff"
|
||
|
},
|
||
|
{
|
||
|
"type": "size-in-bytes",
|
||
|
"object_relation": "size-in-bytes",
|
||
|
"value": "28028",
|
||
|
"category": "Other",
|
||
|
"uuid": "a745fa17-09d2-4e88-abe6-5a73a8cdf131"
|
||
|
},
|
||
|
{
|
||
|
"type": "float",
|
||
|
"object_relation": "entropy",
|
||
|
"value": "2.9447199515367",
|
||
|
"category": "Other",
|
||
|
"uuid": "2c01772e-f10a-4373-be46-0ece10d86b31"
|
||
|
},
|
||
|
{
|
||
|
"type": "md5",
|
||
|
"object_relation": "md5",
|
||
|
"value": "728b665f40993e4cbf9e2d8d760fc997",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "b64a583f-6b13-4805-86f5-626f5570d008"
|
||
|
},
|
||
|
{
|
||
|
"type": "sha1",
|
||
|
"object_relation": "sha1",
|
||
|
"value": "90834fa08b3810067032dc0f1b329050fe9216d2",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "4862145f-b073-47d9-a40c-3f7fbfcb8b3f"
|
||
|
},
|
||
|
{
|
||
|
"type": "sha256",
|
||
|
"object_relation": "sha256",
|
||
|
"value": "302d93079e9d83bdf50ffae68b0e7d19e7b598c926eda0d162f73ec86282a4b6",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "797c9515-06c7-4915-aef4-4aaec5098c8f"
|
||
|
},
|
||
|
{
|
||
|
"type": "sha512",
|
||
|
"object_relation": "sha512",
|
||
|
"value": "48cdbb3fa4a5cf918c33baa8547b7302b3b1027f8776b5d6968dcd5e24ab98290bd4357646183c7984e305e17d710a8dbd67b0835d1e940f63a6b1a6d229e68f",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "18bcdf9c-2b9b-4b1c-a256-d93507718202"
|
||
|
},
|
||
|
{
|
||
|
"type": "ssdeep",
|
||
|
"object_relation": "ssdeep",
|
||
|
"value": "384:Tw+k8M/4S/XFGW9bwoGenNJps2aBitX4HfqpTnqJ4HAA:TZBM/H9GW7JGrBitX4/qpTqJ4V",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "a6af78c9-0248-4ef6-b34a-6b909b929323"
|
||
|
}
|
||
|
],
|
||
|
"x_misp_meta_category": "file",
|
||
|
"x_misp_name": "elf-section"
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-object",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-object--e9e76732-f3d5-489e-8bd2-d07d354d049f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-09-12T14:41:53.000Z",
|
||
|
"modified": "2022-09-12T14:41:53.000Z",
|
||
|
"labels": [
|
||
|
"misp:name=\"elf-section\"",
|
||
|
"misp:meta-category=\"file\""
|
||
|
],
|
||
|
"x_misp_attributes": [
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "name",
|
||
|
"value": ".got",
|
||
|
"category": "Other",
|
||
|
"uuid": "6133135b-eeef-4108-b0ef-6abce9f50407"
|
||
|
},
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "type",
|
||
|
"value": "PROGBITS",
|
||
|
"category": "Other",
|
||
|
"uuid": "57b83dd1-497f-457e-931d-d0dbb552937a"
|
||
|
},
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "flag",
|
||
|
"value": "WRITE",
|
||
|
"category": "Other",
|
||
|
"uuid": "8944b93b-fe8b-44a4-928b-3144295ff485"
|
||
|
},
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "flag",
|
||
|
"value": "ALLOC",
|
||
|
"category": "Other",
|
||
|
"uuid": "6f73e113-47bf-4479-ab7b-a01b3dd19859"
|
||
|
},
|
||
|
{
|
||
|
"type": "size-in-bytes",
|
||
|
"object_relation": "size-in-bytes",
|
||
|
"value": "32",
|
||
|
"category": "Other",
|
||
|
"uuid": "9387090d-20cb-4c39-9904-d99772e5292e"
|
||
|
},
|
||
|
{
|
||
|
"type": "float",
|
||
|
"object_relation": "entropy",
|
||
|
"value": "1.4987781244591",
|
||
|
"category": "Other",
|
||
|
"uuid": "05afed41-5595-4acd-89ca-1d9cf09b0a5a"
|
||
|
},
|
||
|
{
|
||
|
"type": "md5",
|
||
|
"object_relation": "md5",
|
||
|
"value": "86114f58203dfda877c48226482e52d1",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "03e84819-4a11-443d-a477-65c37fa2f6e3"
|
||
|
},
|
||
|
{
|
||
|
"type": "sha1",
|
||
|
"object_relation": "sha1",
|
||
|
"value": "8bb53712224451861c446c7b612e08068dc95331",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "24fa1fd4-d7ef-4806-9596-2600eacc2b13"
|
||
|
},
|
||
|
{
|
||
|
"type": "sha256",
|
||
|
"object_relation": "sha256",
|
||
|
"value": "7e575d0fe6c94b6f8fb4ef950eadd1aca645cc2b9c61fe13d7d5d1dc84c92830",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "5bc472f5-d3dc-4647-85c1-1ddfb207248e"
|
||
|
},
|
||
|
{
|
||
|
"type": "sha512",
|
||
|
"object_relation": "sha512",
|
||
|
"value": "e12e09918bb7ba749bb2a051d73fadc2cc4d95244ad5cee7fa584e182cc532ad9820bf003480e5134e0ecca015ca7ba8f7ba79cf3554b85975a17e71e02a3ecf",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "90db0a58-cfd1-4bc0-ae42-3416153c1db0"
|
||
|
},
|
||
|
{
|
||
|
"type": "ssdeep",
|
||
|
"object_relation": "ssdeep",
|
||
|
"value": "3:qlq/Xl1n:qs/f",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "6dd7b7ff-7894-4e72-ba47-4400fc33561f"
|
||
|
}
|
||
|
],
|
||
|
"x_misp_meta_category": "file",
|
||
|
"x_misp_name": "elf-section"
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-object",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-object--9e9dbee4-7953-4545-adf7-0004efc1961d",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-09-12T14:41:53.000Z",
|
||
|
"modified": "2022-09-12T14:41:53.000Z",
|
||
|
"labels": [
|
||
|
"misp:name=\"elf-section\"",
|
||
|
"misp:meta-category=\"file\""
|
||
|
],
|
||
|
"x_misp_attributes": [
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "name",
|
||
|
"value": ".got.plt",
|
||
|
"category": "Other",
|
||
|
"uuid": "9f6fe914-20df-4b9f-b616-a110b3417273"
|
||
|
},
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "type",
|
||
|
"value": "PROGBITS",
|
||
|
"category": "Other",
|
||
|
"uuid": "a9222889-57ae-4437-a071-40b7b047d99c"
|
||
|
},
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "flag",
|
||
|
"value": "WRITE",
|
||
|
"category": "Other",
|
||
|
"uuid": "3f100905-0adc-4d59-9f58-6a270b66ce45"
|
||
|
},
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "flag",
|
||
|
"value": "ALLOC",
|
||
|
"category": "Other",
|
||
|
"uuid": "9a96dc7d-0257-479f-9f8d-3630bc8cf880"
|
||
|
},
|
||
|
{
|
||
|
"type": "size-in-bytes",
|
||
|
"object_relation": "size-in-bytes",
|
||
|
"value": "192",
|
||
|
"category": "Other",
|
||
|
"uuid": "072fb76b-3acf-4c04-943e-d7e218f43a03"
|
||
|
},
|
||
|
{
|
||
|
"type": "float",
|
||
|
"object_relation": "entropy",
|
||
|
"value": "1.9668011370339",
|
||
|
"category": "Other",
|
||
|
"uuid": "e41735d8-50eb-4850-84c5-f2d776741a02"
|
||
|
},
|
||
|
{
|
||
|
"type": "md5",
|
||
|
"object_relation": "md5",
|
||
|
"value": "1ed0e4f186afcec666a90a6ac003b96d",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "df365b6b-ec8f-44ba-b270-2d93cec3895e"
|
||
|
},
|
||
|
{
|
||
|
"type": "sha1",
|
||
|
"object_relation": "sha1",
|
||
|
"value": "a75951e3f666b49b51d9c541f0f3c193fa7f2c57",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "aaab637c-76cd-4d34-ab24-050d4a6162d9"
|
||
|
},
|
||
|
{
|
||
|
"type": "sha256",
|
||
|
"object_relation": "sha256",
|
||
|
"value": "efbda2d8d047cf2972615dd21b317b20e7cb4fa4a451bf51fc25f3d6e2e13b52",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "4d1a8c4e-0948-4345-b005-bf895ba93a1d"
|
||
|
},
|
||
|
{
|
||
|
"type": "sha512",
|
||
|
"object_relation": "sha512",
|
||
|
"value": "9a1a7bb6be8d115fd59759d116db0ace02ff003d38e70d8a5a2c87f45b94932bc47c086c355ea80a0af0f91937cf9bf023c0dfeddb10ece9fc86617d130ecfa6",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "e31142db-f271-4a7a-8cae-026985bf11d5"
|
||
|
},
|
||
|
{
|
||
|
"type": "ssdeep",
|
||
|
"object_relation": "ssdeep",
|
||
|
"value": "3:alll5rBJ/lZzZrRJ/lpzJrhJ/l5z5rlLJtJzprl7JtZzZrlrg/lpgxgZg/ll:u/6aSal",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "d8656898-1777-493f-9226-047122a37180"
|
||
|
}
|
||
|
],
|
||
|
"x_misp_meta_category": "file",
|
||
|
"x_misp_name": "elf-section"
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-object",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-object--5cefde66-49fe-405b-b656-de6024c7e6fb",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-09-12T14:41:53.000Z",
|
||
|
"modified": "2022-09-12T14:41:53.000Z",
|
||
|
"labels": [
|
||
|
"misp:name=\"elf-section\"",
|
||
|
"misp:meta-category=\"file\""
|
||
|
],
|
||
|
"x_misp_attributes": [
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "name",
|
||
|
"value": ".data",
|
||
|
"category": "Other",
|
||
|
"uuid": "86938dbb-22bf-4661-9e3b-60497bc23fe0"
|
||
|
},
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "type",
|
||
|
"value": "PROGBITS",
|
||
|
"category": "Other",
|
||
|
"uuid": "15e09b05-e7a8-4b90-b7f0-219031b9f326"
|
||
|
},
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "flag",
|
||
|
"value": "WRITE",
|
||
|
"category": "Other",
|
||
|
"uuid": "e19bf5c5-8e5b-4c23-a105-007943ec2177"
|
||
|
},
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "flag",
|
||
|
"value": "ALLOC",
|
||
|
"category": "Other",
|
||
|
"uuid": "692ebc25-cac7-45b2-af62-98186812afe4"
|
||
|
},
|
||
|
{
|
||
|
"type": "size-in-bytes",
|
||
|
"object_relation": "size-in-bytes",
|
||
|
"value": "13992",
|
||
|
"category": "Other",
|
||
|
"uuid": "4821c500-6c41-4880-82b7-35c9794b3397"
|
||
|
},
|
||
|
{
|
||
|
"type": "float",
|
||
|
"object_relation": "entropy",
|
||
|
"value": "3.1765749005319",
|
||
|
"category": "Other",
|
||
|
"uuid": "64e9b38d-8168-48d5-8817-d3dd977a3518"
|
||
|
},
|
||
|
{
|
||
|
"type": "md5",
|
||
|
"object_relation": "md5",
|
||
|
"value": "829c8459ab04e0c727f9bc49953fb345",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "dba308f3-0ddc-4a6a-bac3-6bbb71afdb77"
|
||
|
},
|
||
|
{
|
||
|
"type": "sha1",
|
||
|
"object_relation": "sha1",
|
||
|
"value": "d276ed5f3632f946539a50bb3220ea0554fc3f0f",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "934b91a3-c73b-418a-b9fb-5f48a12d5995"
|
||
|
},
|
||
|
{
|
||
|
"type": "sha256",
|
||
|
"object_relation": "sha256",
|
||
|
"value": "e5ee50932b7904a89bfc0835b3cdedfc4c73b0960d9f9b26983f15c808e2aee3",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "5106301a-7655-4c30-93fe-c250254b7498"
|
||
|
},
|
||
|
{
|
||
|
"type": "sha512",
|
||
|
"object_relation": "sha512",
|
||
|
"value": "5208fc6d2eec12b1f64a31bf3a16bd03d12cf687b6a498a051be0d016464d7a944c4079feadff03ad9f31fea709ebc0aa1c4095452837df60e4dd1cfb5ec98eb",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "7ee1d24e-24f4-443a-ac3d-9aafd26809e5"
|
||
|
},
|
||
|
{
|
||
|
"type": "ssdeep",
|
||
|
"object_relation": "ssdeep",
|
||
|
"value": "192:6X/rA512jODsOqgj6MpsuCeWKaIoooooooooooox:6j+12jOD1TzCekIoooooooooooox",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "ef4083e4-51c5-4f54-ad32-99a1ef13f88c"
|
||
|
}
|
||
|
],
|
||
|
"x_misp_meta_category": "file",
|
||
|
"x_misp_name": "elf-section"
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-object",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-object--30791caf-9875-4da1-ac7e-f51a97da1ed0",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-09-12T14:41:53.000Z",
|
||
|
"modified": "2022-09-12T14:41:53.000Z",
|
||
|
"labels": [
|
||
|
"misp:name=\"elf-section\"",
|
||
|
"misp:meta-category=\"file\""
|
||
|
],
|
||
|
"x_misp_attributes": [
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "name",
|
||
|
"value": ".bss",
|
||
|
"category": "Other",
|
||
|
"uuid": "0fd22fb0-7a20-45d7-9255-5e6c73699557"
|
||
|
},
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "type",
|
||
|
"value": "NOBITS",
|
||
|
"category": "Other",
|
||
|
"uuid": "270ee01d-1250-409d-bc4d-91fbdcac5ecc"
|
||
|
},
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "flag",
|
||
|
"value": "WRITE",
|
||
|
"category": "Other",
|
||
|
"uuid": "dec99cc5-fec6-486e-81bc-097dc5096d31"
|
||
|
},
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "flag",
|
||
|
"value": "ALLOC",
|
||
|
"category": "Other",
|
||
|
"uuid": "e18fc959-9830-411a-ba42-7334a7e9ea6d"
|
||
|
},
|
||
|
{
|
||
|
"type": "size-in-bytes",
|
||
|
"object_relation": "size-in-bytes",
|
||
|
"value": "595568",
|
||
|
"category": "Other",
|
||
|
"uuid": "742ff729-9569-40a9-ad74-86c721d591e5"
|
||
|
},
|
||
|
{
|
||
|
"type": "float",
|
||
|
"object_relation": "entropy",
|
||
|
"value": "0.11387621555556",
|
||
|
"category": "Other",
|
||
|
"uuid": "7329f69b-2a74-4588-8b5b-896fb0af0952"
|
||
|
},
|
||
|
{
|
||
|
"type": "md5",
|
||
|
"object_relation": "md5",
|
||
|
"value": "c10ee105179455aeb7c34352a54ded29",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "ca40fa4b-4acc-47c2-82f2-b39b1dad8631"
|
||
|
},
|
||
|
{
|
||
|
"type": "sha1",
|
||
|
"object_relation": "sha1",
|
||
|
"value": "3fec147eac09a81d4bbdd11471d735c9676b8642",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "a3b23964-600a-4e8f-8e13-bd851a0dd537"
|
||
|
},
|
||
|
{
|
||
|
"type": "sha256",
|
||
|
"object_relation": "sha256",
|
||
|
"value": "c2723c6cbc34ca2eaf5424018b5667568f9d699669983cd686fab3bc0f1bc2f1",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "452db4b6-8aa8-455b-9d96-f415c97e3fc5"
|
||
|
},
|
||
|
{
|
||
|
"type": "sha512",
|
||
|
"object_relation": "sha512",
|
||
|
"value": "f038e889f1c059dfc371105234fabf80e8b9689c529e574e36349f57f3cf19d1b538b56802720b7d6ec3b2f42879ace1921507498764559aa71f313596dc9269",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "0e6403ab-b0af-457b-87c2-0d2fad8857c7"
|
||
|
},
|
||
|
{
|
||
|
"type": "ssdeep",
|
||
|
"object_relation": "ssdeep",
|
||
|
"value": "96:k+J8dyNJl8RuBth8FbNUjrkc1938SL/7MgSOsDEeh1Z5LIZZ:kw5Nr8R4r8FJAYc1aVE",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "181e07c1-844a-4a4e-84c0-579becae66a9"
|
||
|
}
|
||
|
],
|
||
|
"x_misp_meta_category": "file",
|
||
|
"x_misp_name": "elf-section"
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-object",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-object--c6546b6f-4721-4c71-9fe1-22353750a63c",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-09-12T14:41:53.000Z",
|
||
|
"modified": "2022-09-12T14:41:53.000Z",
|
||
|
"labels": [
|
||
|
"misp:name=\"elf-section\"",
|
||
|
"misp:meta-category=\"file\""
|
||
|
],
|
||
|
"x_misp_attributes": [
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "name",
|
||
|
"value": "__libc_freeres_ptrs",
|
||
|
"category": "Other",
|
||
|
"uuid": "9fe38622-0d15-415e-adab-2c6f4bc56af2"
|
||
|
},
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "type",
|
||
|
"value": "NOBITS",
|
||
|
"category": "Other",
|
||
|
"uuid": "871c020c-6360-4f33-bed6-d6b3f389ed95"
|
||
|
},
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "flag",
|
||
|
"value": "WRITE",
|
||
|
"category": "Other",
|
||
|
"uuid": "3adfbc15-1e70-491d-a05b-562e6ebebdc5"
|
||
|
},
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "flag",
|
||
|
"value": "ALLOC",
|
||
|
"category": "Other",
|
||
|
"uuid": "ce88c8f2-39fc-44dd-9dc9-47dbdfa75daf"
|
||
|
},
|
||
|
{
|
||
|
"type": "size-in-bytes",
|
||
|
"object_relation": "size-in-bytes",
|
||
|
"value": "56",
|
||
|
"category": "Other",
|
||
|
"uuid": "b4acda50-4321-4b7d-9ecf-165c5a4376b6"
|
||
|
},
|
||
|
{
|
||
|
"type": "float",
|
||
|
"object_relation": "entropy",
|
||
|
"value": "4.1754963866066",
|
||
|
"category": "Other",
|
||
|
"uuid": "9ccf7b78-a174-48bb-a9f7-8325d081cafa"
|
||
|
},
|
||
|
{
|
||
|
"type": "md5",
|
||
|
"object_relation": "md5",
|
||
|
"value": "c9ccc8bbba4f478944f4e584f1896ac4",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "129d5ee4-3d2a-44cc-9da0-b874f61dbc2f"
|
||
|
},
|
||
|
{
|
||
|
"type": "sha1",
|
||
|
"object_relation": "sha1",
|
||
|
"value": "fb5f95f440fcbf34070b29e948cc47609bc991b3",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "c79b5a9f-1352-4c91-846b-35bd54ddd4d1"
|
||
|
},
|
||
|
{
|
||
|
"type": "sha256",
|
||
|
"object_relation": "sha256",
|
||
|
"value": "e56a150f97d2817057ea47233324216ddcf92c6bd767240410635f55be029271",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "0f775242-59ea-4dd9-9e22-46283ea4d10b"
|
||
|
},
|
||
|
{
|
||
|
"type": "sha512",
|
||
|
"object_relation": "sha512",
|
||
|
"value": "fef4d4b4ad7eabae152f2d49e19d610fc047e6090a987a5d8d3885318cb8350cb3d5f0203b7b763bea14e4c4e8241acd00a5d64305d03558b4e158f7c593467c",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "25fe9bb5-fa9c-4302-8ea3-adcb0d5e247d"
|
||
|
},
|
||
|
{
|
||
|
"type": "ssdeep",
|
||
|
"object_relation": "ssdeep",
|
||
|
"value": "3:cfRQeI3k7SEenFX+tm/n:d5k2VFutW",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "29e4cb64-2e12-41e0-b936-58d311a0f731"
|
||
|
}
|
||
|
],
|
||
|
"x_misp_meta_category": "file",
|
||
|
"x_misp_name": "elf-section"
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-object",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-object--6c5b84ab-b2e3-472d-9317-547fb1574f75",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-09-12T14:41:53.000Z",
|
||
|
"modified": "2022-09-12T14:41:53.000Z",
|
||
|
"labels": [
|
||
|
"misp:name=\"elf-section\"",
|
||
|
"misp:meta-category=\"file\""
|
||
|
],
|
||
|
"x_misp_attributes": [
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "name",
|
||
|
"value": ".comment",
|
||
|
"category": "Other",
|
||
|
"uuid": "9c8f7eba-ce25-4b86-b3ff-fb1e9633b21b"
|
||
|
},
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "type",
|
||
|
"value": "PROGBITS",
|
||
|
"category": "Other",
|
||
|
"uuid": "b8f8e46c-c567-43ac-8d00-6075e751a392"
|
||
|
},
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "flag",
|
||
|
"value": "MERGE",
|
||
|
"category": "Other",
|
||
|
"uuid": "ef74d44b-3d79-4200-ace5-cec0c37426ed"
|
||
|
},
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "flag",
|
||
|
"value": "STRINGS",
|
||
|
"category": "Other",
|
||
|
"uuid": "1128d108-3fa6-4267-a550-a34036bb28d7"
|
||
|
},
|
||
|
{
|
||
|
"type": "size-in-bytes",
|
||
|
"object_relation": "size-in-bytes",
|
||
|
"value": "53",
|
||
|
"category": "Other",
|
||
|
"uuid": "1f8b1ef1-aa9f-4b65-a891-0ae40f463e7a"
|
||
|
},
|
||
|
{
|
||
|
"type": "float",
|
||
|
"object_relation": "entropy",
|
||
|
"value": "4.1546359642754",
|
||
|
"category": "Other",
|
||
|
"uuid": "35bdbf39-893b-4596-b954-b9046a2b80f3"
|
||
|
},
|
||
|
{
|
||
|
"type": "md5",
|
||
|
"object_relation": "md5",
|
||
|
"value": "639b1b0a43f34ed06028d6fd9214135a",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "f34ad19f-9984-4d16-a296-dd63861f3147"
|
||
|
},
|
||
|
{
|
||
|
"type": "sha1",
|
||
|
"object_relation": "sha1",
|
||
|
"value": "5c60c17de4314c8b11b536f596a9b5846d5976cd",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "0956d5e9-6740-49e0-9dfa-58b03766d7dd"
|
||
|
},
|
||
|
{
|
||
|
"type": "sha256",
|
||
|
"object_relation": "sha256",
|
||
|
"value": "7517fdd32e19a05cca1941acc3c9da844029fbababa7e8c169b191f42b3e1adb",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "8a7715a3-5572-46bc-a8e2-8275d6dee2a0"
|
||
|
},
|
||
|
{
|
||
|
"type": "sha512",
|
||
|
"object_relation": "sha512",
|
||
|
"value": "7ca5ba6777f04a6b69ea2d09c9e17d8bfd91f53422952d40103d663a1476b699042c85df5163a1f24d18f44a40fa10646eacb89bd85c8375d9a369fc0325dcd0",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "ab49411c-a005-4ffc-96fa-7cc4abd581b6"
|
||
|
},
|
||
|
{
|
||
|
"type": "ssdeep",
|
||
|
"object_relation": "ssdeep",
|
||
|
"value": "3:cfRQeI3k7SEenFX+tC:d5k2VFutC",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "b49bf466-810e-4a04-a85c-35e2af42f898"
|
||
|
}
|
||
|
],
|
||
|
"x_misp_meta_category": "file",
|
||
|
"x_misp_name": "elf-section"
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-object",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-object--ad44aa8d-152c-4d6d-9b30-4328764b620f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-09-12T14:41:53.000Z",
|
||
|
"modified": "2022-09-12T14:41:53.000Z",
|
||
|
"labels": [
|
||
|
"misp:name=\"elf-section\"",
|
||
|
"misp:meta-category=\"file\""
|
||
|
],
|
||
|
"x_misp_attributes": [
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "name",
|
||
|
"value": ".note.stapsdt",
|
||
|
"category": "Other",
|
||
|
"uuid": "1142827a-29ff-44f7-9b14-ee1f005b83fb"
|
||
|
},
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "type",
|
||
|
"value": "NOTE",
|
||
|
"category": "Other",
|
||
|
"uuid": "f7cad017-3f96-4b71-b66a-5f8341ddc248"
|
||
|
},
|
||
|
{
|
||
|
"type": "size-in-bytes",
|
||
|
"object_relation": "size-in-bytes",
|
||
|
"value": "6620",
|
||
|
"category": "Other",
|
||
|
"uuid": "6d3e4c96-d365-4557-825a-817a6fe67281"
|
||
|
},
|
||
|
{
|
||
|
"type": "float",
|
||
|
"object_relation": "entropy",
|
||
|
"value": "4.2666004819114",
|
||
|
"category": "Other",
|
||
|
"uuid": "af1c3f5f-119c-4406-85f5-69bbee8543d1"
|
||
|
},
|
||
|
{
|
||
|
"type": "md5",
|
||
|
"object_relation": "md5",
|
||
|
"value": "26571dec7453a42e6019757720aad6ca",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "118f795b-d95a-4c6d-9d60-ed9d606cbced"
|
||
|
},
|
||
|
{
|
||
|
"type": "sha1",
|
||
|
"object_relation": "sha1",
|
||
|
"value": "e23b731b772080b05efef8d8f9b23dc375ca51d8",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "a345b655-f4ff-4699-aeda-4125f8275645"
|
||
|
},
|
||
|
{
|
||
|
"type": "sha256",
|
||
|
"object_relation": "sha256",
|
||
|
"value": "9d3051df6878fdd7af9f28f51d564cb494a663970b8ef38c21a4ed6e02d00c8d",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "b4a61def-d8f2-4979-a039-612fa6bb748a"
|
||
|
},
|
||
|
{
|
||
|
"type": "sha512",
|
||
|
"object_relation": "sha512",
|
||
|
"value": "a6fa3bb1f8b38f53d5af84a0482249d54d7deac31162a6099d573ef4824bc422c3766a876d7a3f159e720b246318678032586347a4c48c9ee4de91a607497f47",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "08622689-3a57-408a-ba5e-bdcde8f26974"
|
||
|
},
|
||
|
{
|
||
|
"type": "ssdeep",
|
||
|
"object_relation": "ssdeep",
|
||
|
"value": "48:CWm1tdECYs+B3Jl44WY+2dAwguBi4BKj4oXnvdb/xdkCBUTu8vElc3kifVDEa93V:d8dyNJl8RuBth8FbNUjrkc1938SL/7Me",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "183bb006-2c82-40c5-9362-4878c416f72f"
|
||
|
}
|
||
|
],
|
||
|
"x_misp_meta_category": "file",
|
||
|
"x_misp_name": "elf-section"
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-object",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-object--182c0855-8a58-47ab-bce0-b3ddfd1ade8c",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-09-12T14:41:54.000Z",
|
||
|
"modified": "2022-09-12T14:41:54.000Z",
|
||
|
"labels": [
|
||
|
"misp:name=\"elf-section\"",
|
||
|
"misp:meta-category=\"file\""
|
||
|
],
|
||
|
"x_misp_attributes": [
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "name",
|
||
|
"value": ".shstrtab",
|
||
|
"category": "Other",
|
||
|
"uuid": "5f0780d6-76b7-48cd-b89b-d760524486c2"
|
||
|
},
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "type",
|
||
|
"value": "STRTAB",
|
||
|
"category": "Other",
|
||
|
"uuid": "feb99a0d-a52f-4158-8673-7855b474667a"
|
||
|
},
|
||
|
{
|
||
|
"type": "size-in-bytes",
|
||
|
"object_relation": "size-in-bytes",
|
||
|
"value": "360",
|
||
|
"category": "Other",
|
||
|
"uuid": "f35c41fa-9c53-4f0e-96ea-2d06010b9f44"
|
||
|
},
|
||
|
{
|
||
|
"type": "float",
|
||
|
"object_relation": "entropy",
|
||
|
"value": "4.2567105262291",
|
||
|
"category": "Other",
|
||
|
"uuid": "cc75db8e-3bc0-42ef-93d1-1103cca0fd9d"
|
||
|
},
|
||
|
{
|
||
|
"type": "md5",
|
||
|
"object_relation": "md5",
|
||
|
"value": "f0d3f8b2191465e4f25af68c538271dd",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "3703b908-bc0c-4371-8f4b-d991f01b3e5e"
|
||
|
},
|
||
|
{
|
||
|
"type": "sha1",
|
||
|
"object_relation": "sha1",
|
||
|
"value": "de3d842eadcfc3a30641bb8fb664982bf3121141",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "12bf8397-2290-40a4-8851-d4b7d3afa663"
|
||
|
},
|
||
|
{
|
||
|
"type": "sha256",
|
||
|
"object_relation": "sha256",
|
||
|
"value": "50a945820a97096dfc8b0ae4425e1eb9abf1fdbc0a0d3a90a8555b9c1f39129c",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "5a098698-293f-4a91-a601-700d1c2b2787"
|
||
|
},
|
||
|
{
|
||
|
"type": "sha512",
|
||
|
"object_relation": "sha512",
|
||
|
"value": "b6d14c2691ff307f40be01e59dd3084e091563d472be952abec28284814ffa9eda252d0181997c92acfe7429a234a29c4fcfa2e65a6a0bfb91fa7af0b1c8f894",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "0cc2e313-aa98-402c-9436-d55d9685972e"
|
||
|
},
|
||
|
{
|
||
|
"type": "ssdeep",
|
||
|
"object_relation": "ssdeep",
|
||
|
"value": "6:kurssa58xOLMO6izXJAxXMTFgvqPTSrR6XUifmjM+j2cN5JjalRAir7I0ij:frRxO4O6OexVvWTSwXdfm5LJWlRAir7O",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "80b4ea58-e927-4e09-8f92-685c876564af"
|
||
|
}
|
||
|
],
|
||
|
"x_misp_meta_category": "file",
|
||
|
"x_misp_name": "elf-section"
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-object",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-object--635ce2ad-e872-4956-8118-0fdb473c8424",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-09-12T14:41:55.000Z",
|
||
|
"modified": "2022-09-12T14:41:55.000Z",
|
||
|
"labels": [
|
||
|
"misp:name=\"elf\"",
|
||
|
"misp:meta-category=\"file\""
|
||
|
],
|
||
|
"x_misp_attributes": [
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "type",
|
||
|
"value": "EXECUTABLE",
|
||
|
"category": "Other",
|
||
|
"uuid": "df4fb89b-5bb4-4ab9-8886-9e50ce1e64ee"
|
||
|
},
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "entrypoint-address",
|
||
|
"value": "4211376",
|
||
|
"category": "Other",
|
||
|
"uuid": "d65a961c-cddc-4889-bd5e-483c86f9a67c"
|
||
|
},
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "arch",
|
||
|
"value": "x86_64",
|
||
|
"category": "Other",
|
||
|
"uuid": "7bc09858-5f51-4c8f-b400-9378c5041afd"
|
||
|
},
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "os_abi",
|
||
|
"value": "LINUX",
|
||
|
"category": "Other",
|
||
|
"uuid": "645b7855-65bb-4420-ad27-c61582ed8e04"
|
||
|
},
|
||
|
{
|
||
|
"type": "counter",
|
||
|
"object_relation": "number-sections",
|
||
|
"value": "32",
|
||
|
"category": "Other",
|
||
|
"uuid": "2b30fa59-2763-47e6-831e-343de9414b54"
|
||
|
}
|
||
|
],
|
||
|
"x_misp_meta_category": "file",
|
||
|
"x_misp_name": "elf"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--aef7ae69-d72e-4380-be6d-e90aab5dbd4c",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-09-12T14:41:55.000Z",
|
||
|
"modified": "2022-09-12T14:41:55.000Z",
|
||
|
"pattern": "[file:hashes.MD5 = '27c44dd2edc626df03504ce129f5c021' AND file:hashes.SHA1 = '72097d4e8145f4b341c7d8df9754c33cee90edd5' AND file:hashes.SHA256 = 'aaa4aaa14e351350fccbda72d442995a65bd1bb8281d97d1153401e31365a3e9' AND file:hashes.SHA512 = '38dbddc6d7e3e258781c0b88d580c4c3908edf155ada348d2f6b1ad161038bcb403ad3aa5918ab0f0c1615df603de1bdc8b264357029fe1703087fd9c1888b2e' AND file:hashes.SSDEEP = '98304:4Mqzx/c2OP+7c2kgfGWmWngXg6ut3t3t+6Xn6Xn6XUgXpMSM3MqgXZgX4/45Sanb:4Nco7cW/VyIBhT3ZMRM' AND file:name = 'hezb' AND file:size = '5835496' AND (file:content_ref.payload_bin = 'UEsDBBQACQAIADt1LFXcW+X0m2ojAOgKWQAgABwAMjdjNDRkZDJlZGM2MjZkZjAzNTA0Y2UxMjlmNWMwMjFVVAkAAzJFH2MyRR9jdXgLAAEEIQAAAAQhAAAAiaCHK6KaXqmsrMSG+JvA6iE13mwcPHSKSwggOvShqp8bA00ChNoQfixfx8pjn81olj2ffe8vAF9OArR3yRaim5sC7JN+MIoDZKPPrS+uClhg4WKLQGfhoUadGEF+lYmc/Gw+qSqSvMySP3czWKk61nfeNIBVZpF5/8ngjczaJzy6TV7SGfUizA7+3FCku8hDM/ScDZJj6MuAJrslQBfrr4mtgLeAAQ7NPNgWrKJa3taB380Al6UkTBay3/V2xdmEE6pILT3dm9cksGgl514rxDAp+nmUUrT9vOPEMdfQqvNQZHVUXKTCppb/zwHdv0yk57ImFYPvST9Ff/zcKi0+pz3Zlk5DJiCyTeW/UWDjbo4bUb7lIz2saWz7wztGRmYHi9h9LlzoF06eh4zpFye3uvBN2sWcMRh3l0YVsZTWCp8S4Jn6usCcMzbeDFljXEWZj4Gf7i4bdLyDS+PvEz07LqBmXW+6b53sBEWz82QeXXLW6CffuZ9g8ySoHsvTl+M12OA/Q8Bwl4MsG8PfNIFtsUt1eHSL3cMOoFx//E6B6KvGZm4Rygqf1UsUDA9m0WHyVK50Lgc/9yXifbJ7u/8qgPIYqfKldzfMIypVU9Kax1YFKgABJWjrhqX/DpYXVJZViodFDzCTQILkdv6pLNocw51K+Slax3a6Ma4HtskouXIxxqt/uID01dFN362a3C/4NXQ1sapZYRN1CXosDWBk6eLRoqhgjxwWnkvL4T58I+6UBOxuZaDXnaUkIYuU/pXY7K+k2qKLj5yUypndsfXqxaGqZoJQ6qgTe8Nbdrz1XDMmRzFPy3A7sC8MFZg2/HBO3mYnU36lU97XvbicRtMydzKN7IwwldZZ4diJFrQ/FrOtze34itNsvibzu4suc6Yz0/Iti+4vXIgOklEe37vA2F02OKQuPpUQKI9vrOb9r2kqlkgXfWDh1j+on9NUnCOZwCpMchDt5+c4JE28jgOQ2FeIK3nqxEbuiKPvk2Y/LZNrq/XHseYsoU5nU+axF9MRwiS++scbB175fPuB1by/z5KhMuh7U0Q74i60sg1CtRgyeD1HPiHLPpYuLHweL3Sl6TzmDdX1N3zQBETnA6tvuTTCpyKZnQXhae5vrQqB+hFtZ6EGM0cDd1jiKevm4tQomE9eVS48RdXu3rbhtdfVnBAYP17vz7kRvzAUSH8DdN6/gnt5pNGjWIowuRPhcA8LUgIysoWh6iK5CP7P5R/OlXVjCZE0BBPhY3Eswhb1vKSlutF8mfbPQdAObsSmr+yTVHITUf3nUvXwyfy/Ck5gmcoMU2I+vfhSEOHNSw4iVvOi0MLKdZPvwtinjTt+YGD7vF5kFHaq3CodQAJV0oXe0Fs40viyy02XBtlq3pNpvYsVcxVa/ojkiHKffwYnj+mlXrGsMRmCBJ/+IkFVZm7TDKYyy3FP5zJk+0ow9Ki9aNg4sLkG//RvHpT89B8DJscYIeViP0QKRaON+AhNPGlhMjSXi1hbJaxg+E8/g0AHM7vRvLPhUTGfbmzWmKImPCDGO3n9hMcKhmk850owAl4lWK8/SluBZYvvxzcq13NYKwE4eLpNjs+ga/uCy4ruc9usU5HizpH6ZfKg/mcBDOlZmX+QcJ2/dwDHo5PICZEbyHWEYuET0jkqU1/FP0LJRUKK5OsWqtlbAANbcGa+as/HpfCJDrhVmMDWP5FY5wl3oaG3n7HfLniwyl1cLp6ZCJ0olmZHjT4/Hd3wufPILQ5RtmPEew4GewAqhtmjRW67dwDjyZE4Cfkl8W0pJnX2G/ix816tTHV2kqZKzmCuAFCEpK6GRw6bi4h36LOPQjJiXJCXdHWODjJUcQ99jzcRE+f4gkBvcJxJlHKICSdVapm4vsaaRMR3i1NcdXpRbvZi1EzdVwnSTPwAbNGybmbojNUcJBgdjjDPOups4iSd/PzBGV2SR69U4QkTESVMKqqqfc9XdeokYGVPOWkBX7fM+376iHYqucaeLJayEI72UeWEa/f4NrjgNt2tKhGBKjEIdSZZ29Wv961flTKu0VdMlfqNcca3eLNtWF6WwV3lQ5UftmYAFt+Um8rWBfTC8WgGKYS87+zzVQJ3HOnQqlnJhPmdPe2a7zoWDncw+fZvdcLvGIlAtEIfKYb2w1Eb27cTV2lODOdu2iS/q+6qsc7fLVSCOVQVkU/i3VfUx/8KneLhGcng9SPMQaOdB/woGmoFzlqy3Tiz4bTRZsb5aQIxSh/sflrQjD/kunRCUcCbfX1p6rkZk+94wqH2eVlNSN2LK8APdhm0dlY2NCVmM7Ap8WjSq/c/SZ6/3iz+Lw733ObFYaDnslvmlEbglG3cTuVT+YamcJlbxAWfxglb9vjwSU4BBICCS28ZbHc1l7Plz0w+Q5gxREmANTymMXal3QvD3KTGUCXtSF77xs2qZvBtn0sGrQ6QFuHf8U8Vg8VC0htwdDJ2plyQuUbG95fMT8S1hG6iUMe++MN5kGt+vwbg5jOE0HQXhyJUKcUq9Iau6WReBjgfR3T820zNahph/4ijefRKMyNWbVV28OrVil8kL6h5jkHbyXlfGOMW+e918IQh2HaoniayKdQazYDO/BUhePVoxgLoQAqfKmVwefT9wi/Gs4c6ewrfzgvE9ftU/9D4RR83Duc5lOTw+Lbdizvq8lzMa2c/15tW6+D8FPO6pWS2flt6yAl44vHEx0NazTEl4kbapGcOGphIqXi2wUbe7Hpr1SnSehWYT0VrLCBYafbTYPqshuyCEq93kJb7yqgROri+GM6n3qp3HuvAabbbm2ZmnUXvOEsc6tMBjrWHYr39vLURPkFNIiF1PsBPSoevKXqiEQJ0PxOVSWM7kDylIz4kF3pxpGBkWQsQGmwAS6lPr59o7AHp84+j69251NyPMYZNr/6cqQH18m/GvovDOM/1HVZhWMfsosptJg/DeMIlJzbOk5nawEVKbP5c6CDou/EdmhaK9b88ocF4Avxce+LvkH5QQpwm0gHBMdUWSdgX+DihdQzA2ae42Rb/bo1Sta9a37i4UwQ1R9f2SI9MBLHLfbEqOORTWVZ/z6W2YGx6ITYtvebREMk0O5RPqLjIby9oSW+YssEZsi5r/zwsrG6EIoequNGuqpFkDQ/NbW03CfqmFfqXVQOG3bqRAIdHvqC6BaG3IeK/bsXlOEjsVkmz0rm2Lelh0AYODN5Pv0JpG4lm1+UGG076O6/CCNZDQmGTKV+bX2RC/tYb+ZkZkNC6X9fuW6U1Y32gJ5xYMu5XA7a3rlHNQnIaCAIStPFjBsIdnkmqrQWIaFWu5MMqU8Rxsp7aNpIYqMAb9yibpNl1xB0jCa9dOKx5i/fikB1dp1QrvLhz7O6/UyMJXqFcn/h9tkKTlPT
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-09-12T14:41:55Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "file"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:name=\"file\"",
|
||
|
"misp:meta-category=\"file\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-object",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-object--8847fb72-8125-4aaa-abd0-4166578e03ac",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-09-12T14:42:59.000Z",
|
||
|
"modified": "2022-09-12T14:42:59.000Z",
|
||
|
"labels": [
|
||
|
"misp:name=\"elf-section\"",
|
||
|
"misp:meta-category=\"file\""
|
||
|
],
|
||
|
"x_misp_attributes": [
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "type",
|
||
|
"value": "NULL",
|
||
|
"category": "Other",
|
||
|
"uuid": "cf2c4413-4e97-4e40-93b2-df6fe65a0d2d"
|
||
|
},
|
||
|
{
|
||
|
"type": "size-in-bytes",
|
||
|
"object_relation": "size-in-bytes",
|
||
|
"value": "0",
|
||
|
"category": "Other",
|
||
|
"uuid": "3d1f6151-a2c2-4bb2-8db8-3a65159cffc8"
|
||
|
}
|
||
|
],
|
||
|
"x_misp_meta_category": "file",
|
||
|
"x_misp_name": "elf-section"
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-object",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-object--78163fa7-83f0-47b3-a928-07c7c9ba6129",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-09-12T14:43:00.000Z",
|
||
|
"modified": "2022-09-12T14:43:00.000Z",
|
||
|
"labels": [
|
||
|
"misp:name=\"elf-section\"",
|
||
|
"misp:meta-category=\"file\""
|
||
|
],
|
||
|
"x_misp_attributes": [
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "name",
|
||
|
"value": ".text",
|
||
|
"category": "Other",
|
||
|
"uuid": "f5a01a3d-a9ac-4433-8040-15e580a83dfb"
|
||
|
},
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "type",
|
||
|
"value": "PROGBITS",
|
||
|
"category": "Other",
|
||
|
"uuid": "dd79974d-cc42-4869-8688-16de4efc9c33"
|
||
|
},
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "flag",
|
||
|
"value": "ALLOC",
|
||
|
"category": "Other",
|
||
|
"uuid": "26ed31ec-6fda-497d-9025-e7e89d330c37"
|
||
|
},
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "flag",
|
||
|
"value": "EXECINSTR",
|
||
|
"category": "Other",
|
||
|
"uuid": "0af27d73-625a-4696-b783-bfad7b14f033"
|
||
|
},
|
||
|
{
|
||
|
"type": "size-in-bytes",
|
||
|
"object_relation": "size-in-bytes",
|
||
|
"value": "749268",
|
||
|
"category": "Other",
|
||
|
"uuid": "a1e84aa7-d8e1-46c4-b688-127e2947306e"
|
||
|
},
|
||
|
{
|
||
|
"type": "float",
|
||
|
"object_relation": "entropy",
|
||
|
"value": "5.9127796510382",
|
||
|
"category": "Other",
|
||
|
"uuid": "103a2716-9f7a-4d61-8f27-45bbd426ada1"
|
||
|
},
|
||
|
{
|
||
|
"type": "md5",
|
||
|
"object_relation": "md5",
|
||
|
"value": "16d80566cc0b732c67f8991d6e08a0f3",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "b784b83c-c6de-41a9-b47e-a277ac15c9da"
|
||
|
},
|
||
|
{
|
||
|
"type": "sha1",
|
||
|
"object_relation": "sha1",
|
||
|
"value": "2a9918e56992dfbc1bc540f6a23c00cf758c0adc",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "a88fe9fe-92e9-4a92-a2ae-ba500a93e165"
|
||
|
},
|
||
|
{
|
||
|
"type": "sha256",
|
||
|
"object_relation": "sha256",
|
||
|
"value": "7212e01c3c5ce3b1c4217553a8eca63f11911b461ba3998307384db7ea98a348",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "be0d3646-b05d-474b-8e96-ccd46d10d60c"
|
||
|
},
|
||
|
{
|
||
|
"type": "sha512",
|
||
|
"object_relation": "sha512",
|
||
|
"value": "d24e9be4b452daaab268df48a3081c885e44a5086a06286969127dd1195943e86edca8bb470f8f9e76cf5fac799201c96babb4865135452566026782f5f31d46",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "c42d06b3-e290-4c8b-bf42-f107f3987895"
|
||
|
},
|
||
|
{
|
||
|
"type": "ssdeep",
|
||
|
"object_relation": "ssdeep",
|
||
|
"value": "12288:IK9Om41rhGBqGUYCC+R1DX0RTE8IZSw5Cb:I2HqrhGNtI14z",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "c169d15d-5cbb-4675-9fa7-2e7745c7bd6d"
|
||
|
}
|
||
|
],
|
||
|
"x_misp_meta_category": "file",
|
||
|
"x_misp_name": "elf-section"
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-object",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-object--35c65cc6-6518-4cde-a4b6-cec38544378e",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-09-12T14:43:00.000Z",
|
||
|
"modified": "2022-09-12T14:43:00.000Z",
|
||
|
"labels": [
|
||
|
"misp:name=\"elf-section\"",
|
||
|
"misp:meta-category=\"file\""
|
||
|
],
|
||
|
"x_misp_attributes": [
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "name",
|
||
|
"value": ".rodata",
|
||
|
"category": "Other",
|
||
|
"uuid": "507d7785-e019-41fd-acdf-486d6e457efb"
|
||
|
},
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "type",
|
||
|
"value": "PROGBITS",
|
||
|
"category": "Other",
|
||
|
"uuid": "1ef30ad2-6b66-458b-a0da-ae5b2e14e6ea"
|
||
|
},
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "flag",
|
||
|
"value": "ALLOC",
|
||
|
"category": "Other",
|
||
|
"uuid": "a257c8c1-45cf-4df4-8f7d-6b99889bc883"
|
||
|
},
|
||
|
{
|
||
|
"type": "size-in-bytes",
|
||
|
"object_relation": "size-in-bytes",
|
||
|
"value": "317131",
|
||
|
"category": "Other",
|
||
|
"uuid": "fdea0e2e-98c9-4fb5-9427-d01c4d3df161"
|
||
|
},
|
||
|
{
|
||
|
"type": "float",
|
||
|
"object_relation": "entropy",
|
||
|
"value": "4.2852611646606",
|
||
|
"category": "Other",
|
||
|
"uuid": "d59f0697-b06a-42bb-8c30-6ed168f616ea"
|
||
|
},
|
||
|
{
|
||
|
"type": "md5",
|
||
|
"object_relation": "md5",
|
||
|
"value": "52843e03dfdbca04ac7509fc84567a22",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "d1212a55-1fd8-4e23-b57f-ee0f4a810c24"
|
||
|
},
|
||
|
{
|
||
|
"type": "sha1",
|
||
|
"object_relation": "sha1",
|
||
|
"value": "cabeb378c0445f3307cc9bf0724306477a7b586c",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "465b2e85-c152-46cf-91ee-2bbec0c572d2"
|
||
|
},
|
||
|
{
|
||
|
"type": "sha256",
|
||
|
"object_relation": "sha256",
|
||
|
"value": "732a43b53e8f18d3c1d861772fb18186bbd9fc59cf6760e0fc47dc60f95f6abe",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "a0fb3383-6e51-4679-91e4-31a49f423378"
|
||
|
},
|
||
|
{
|
||
|
"type": "sha512",
|
||
|
"object_relation": "sha512",
|
||
|
"value": "596ee81c3d8dfce4d42d25b7c12af72c31faff9ff24d5530a236a0b53f768904cb93d9b297a4e27521cb2049093149696e57f5745f2c2af29b0500914b39f925",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "71f5c407-1861-404a-ae3a-fbc914212a5f"
|
||
|
},
|
||
|
{
|
||
|
"type": "ssdeep",
|
||
|
"object_relation": "ssdeep",
|
||
|
"value": "3072:jRv/sTcZ5ZL9OFQxJtduZoGwFl3IdFQ9KbEvCZorCR+ExL25Nh1nN353aTAbY7iS:jRhZ3L4OGZmK3gCZorSdo1N30T9O1WV",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "73746d2e-2c04-4327-95b5-1f84de3a937a"
|
||
|
}
|
||
|
],
|
||
|
"x_misp_meta_category": "file",
|
||
|
"x_misp_name": "elf-section"
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-object",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-object--31a3875d-3d00-470d-9eab-e935795182ae",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-09-12T14:43:00.000Z",
|
||
|
"modified": "2022-09-12T14:43:00.000Z",
|
||
|
"labels": [
|
||
|
"misp:name=\"elf-section\"",
|
||
|
"misp:meta-category=\"file\""
|
||
|
],
|
||
|
"x_misp_attributes": [
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "name",
|
||
|
"value": ".shstrtab",
|
||
|
"category": "Other",
|
||
|
"uuid": "950d10a6-2144-4c71-b8ae-388850e9fb34"
|
||
|
},
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "type",
|
||
|
"value": "STRTAB",
|
||
|
"category": "Other",
|
||
|
"uuid": "81bfcda8-f3fa-4ee0-acf2-28e19993fd49"
|
||
|
},
|
||
|
{
|
||
|
"type": "size-in-bytes",
|
||
|
"object_relation": "size-in-bytes",
|
||
|
"value": "444",
|
||
|
"category": "Other",
|
||
|
"uuid": "9210ea89-c8e2-4beb-89f0-8034e819082c"
|
||
|
},
|
||
|
{
|
||
|
"type": "float",
|
||
|
"object_relation": "entropy",
|
||
|
"value": "4.3279187743652",
|
||
|
"category": "Other",
|
||
|
"uuid": "e76325d3-732b-4eb0-a11e-7f9905ce1f8b"
|
||
|
},
|
||
|
{
|
||
|
"type": "md5",
|
||
|
"object_relation": "md5",
|
||
|
"value": "b54ea68118ef1810849f71bca38b3c52",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "8f44f81b-dcda-42ca-a747-64884916eb0c"
|
||
|
},
|
||
|
{
|
||
|
"type": "sha1",
|
||
|
"object_relation": "sha1",
|
||
|
"value": "7387e9da32437119b7796208d36f9166529b4f7f",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "78007bbc-a73e-492f-b6cb-d05c1eea97a0"
|
||
|
},
|
||
|
{
|
||
|
"type": "sha256",
|
||
|
"object_relation": "sha256",
|
||
|
"value": "75e031892e7562458daa4a19e18463410b85164c7d72e4b8af239378ebf95e63",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "f981906b-ea3a-4577-ba5c-0780ad6d447c"
|
||
|
},
|
||
|
{
|
||
|
"type": "sha512",
|
||
|
"object_relation": "sha512",
|
||
|
"value": "c8b028a425bb91d1660bd8830737cad54f33902b00f02396c9b17d59a13e096019eb7075307ba62ee652adf047ac18d3bd47b91a55faf68d12072a9b36c97d13",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "7495fc65-d243-479b-923f-0ccbcda02aad"
|
||
|
},
|
||
|
{
|
||
|
"type": "ssdeep",
|
||
|
"object_relation": "ssdeep",
|
||
|
"value": "12:kCDOiHQ3YdwNfHTCyZLnBHQwY5XFNBxhN90N9mpzbpzzUotUoVQ2zQl:kCq2Ess5bBwwY5XzBxh4Oa0UCz6",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "2c97c21b-d98a-44f2-b28b-694978a08d07"
|
||
|
}
|
||
|
],
|
||
|
"x_misp_meta_category": "file",
|
||
|
"x_misp_name": "elf-section"
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-object",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-object--00e353d5-9326-4c8d-9a60-5c8238e4aca3",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-09-12T14:43:00.000Z",
|
||
|
"modified": "2022-09-12T14:43:00.000Z",
|
||
|
"labels": [
|
||
|
"misp:name=\"elf-section\"",
|
||
|
"misp:meta-category=\"file\""
|
||
|
],
|
||
|
"x_misp_attributes": [
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "name",
|
||
|
"value": ".typelink",
|
||
|
"category": "Other",
|
||
|
"uuid": "081263ec-324b-411a-b65c-61bd0ffbbc9e"
|
||
|
},
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "type",
|
||
|
"value": "PROGBITS",
|
||
|
"category": "Other",
|
||
|
"uuid": "382cc8ab-2af9-428f-9d10-a9a5df4d5980"
|
||
|
},
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "flag",
|
||
|
"value": "ALLOC",
|
||
|
"category": "Other",
|
||
|
"uuid": "78444cb8-9295-447a-a316-bf87c40ca116"
|
||
|
},
|
||
|
{
|
||
|
"type": "size-in-bytes",
|
||
|
"object_relation": "size-in-bytes",
|
||
|
"value": "2136",
|
||
|
"category": "Other",
|
||
|
"uuid": "3afb4dcb-a6e5-4e04-b99a-80e434fd6306"
|
||
|
},
|
||
|
{
|
||
|
"type": "float",
|
||
|
"object_relation": "entropy",
|
||
|
"value": "4.0805776726235",
|
||
|
"category": "Other",
|
||
|
"uuid": "e76491b5-9f6f-4983-bf54-d908af00101c"
|
||
|
},
|
||
|
{
|
||
|
"type": "md5",
|
||
|
"object_relation": "md5",
|
||
|
"value": "758ae8703867071db7103a901d64600e",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "46448dc1-bcd3-40bd-9d4d-81fbf21a6f42"
|
||
|
},
|
||
|
{
|
||
|
"type": "sha1",
|
||
|
"object_relation": "sha1",
|
||
|
"value": "ef8bee9610de55d4559d746294b14afcb7304461",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "50170852-1010-4d18-8614-2ee5e248ca62"
|
||
|
},
|
||
|
{
|
||
|
"type": "sha256",
|
||
|
"object_relation": "sha256",
|
||
|
"value": "19fecee520cda38081401730ebbffaca7b4b8ba7ca7d69d82c73fabdc1080953",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "cbe1a969-c148-4a82-8672-dca8215f0249"
|
||
|
},
|
||
|
{
|
||
|
"type": "sha512",
|
||
|
"object_relation": "sha512",
|
||
|
"value": "159f85c9e846dfc92cd6e775af7f0b582f1874536a3316397f72aafc4c4e196d5d26d056ff5561474a26093dff90c48563dad9ed549202cde530126caa1d6d8c",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "de6887a6-1880-4f9e-92f0-b1c21be157ee"
|
||
|
},
|
||
|
{
|
||
|
"type": "ssdeep",
|
||
|
"object_relation": "ssdeep",
|
||
|
"value": "48:UqzD/AhperGGbFW1cq0Lvpd9t70lBNzgDCi8Oh:UiD4hpum0rpd9OVgQOh",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "04903b9d-987f-4ecb-a0fb-d04f8cd19fc6"
|
||
|
}
|
||
|
],
|
||
|
"x_misp_meta_category": "file",
|
||
|
"x_misp_name": "elf-section"
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-object",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-object--d38ccd29-55c6-4b3b-bd60-2dbab2f8297f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-09-12T14:43:00.000Z",
|
||
|
"modified": "2022-09-12T14:43:00.000Z",
|
||
|
"labels": [
|
||
|
"misp:name=\"elf-section\"",
|
||
|
"misp:meta-category=\"file\""
|
||
|
],
|
||
|
"x_misp_attributes": [
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "name",
|
||
|
"value": ".itablink",
|
||
|
"category": "Other",
|
||
|
"uuid": "e85c2965-1ef0-416e-8a6a-b5bbc170ccd3"
|
||
|
},
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "type",
|
||
|
"value": "PROGBITS",
|
||
|
"category": "Other",
|
||
|
"uuid": "ea9cce9b-6d45-450a-9b1a-9d85f6d3fa45"
|
||
|
},
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "flag",
|
||
|
"value": "ALLOC",
|
||
|
"category": "Other",
|
||
|
"uuid": "67231822-3f5f-45a4-8037-9b3f1b658610"
|
||
|
},
|
||
|
{
|
||
|
"type": "size-in-bytes",
|
||
|
"object_relation": "size-in-bytes",
|
||
|
"value": "176",
|
||
|
"category": "Other",
|
||
|
"uuid": "0254860a-2843-4920-b653-ebc0fec35d67"
|
||
|
},
|
||
|
{
|
||
|
"type": "float",
|
||
|
"object_relation": "entropy",
|
||
|
"value": "2.1238601874245",
|
||
|
"category": "Other",
|
||
|
"uuid": "72bfb3b0-615b-4379-9fcf-99395090bb98"
|
||
|
},
|
||
|
{
|
||
|
"type": "md5",
|
||
|
"object_relation": "md5",
|
||
|
"value": "b7b35447d3f8daa6731c975d79b1a11a",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "0745651b-cf15-4767-9e8d-39f94384d937"
|
||
|
},
|
||
|
{
|
||
|
"type": "sha1",
|
||
|
"object_relation": "sha1",
|
||
|
"value": "3007ad0dbb498e2df6fc0e4ef524e3d893a5eaa7",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "d01942fd-4b52-420e-b8f0-0a609c79a8a0"
|
||
|
},
|
||
|
{
|
||
|
"type": "sha256",
|
||
|
"object_relation": "sha256",
|
||
|
"value": "bc32a29052636682d9d34caf93fdc0f3dc779cc056e269cde5f6f171b6083f98",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "14aba74f-8800-4f45-98ba-51b4e97d9523"
|
||
|
},
|
||
|
{
|
||
|
"type": "sha512",
|
||
|
"object_relation": "sha512",
|
||
|
"value": "d27e2c0964fbbad2186f6bfa1de408e27e3f28229a0096cf244279a1e0832f4eeba7ae63edba9f150dcf5b6319bb58e49f62cebfd63d8c6113c1a9944fb4ce97",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "3a8314ae-6fc1-4d16-8bd8-f6277d7473d1"
|
||
|
},
|
||
|
{
|
||
|
"type": "ssdeep",
|
||
|
"object_relation": "ssdeep",
|
||
|
"value": "3:N0tzltSltu2/lq/mtX/l0tglVtrl/ol/lltBlllrx:a+Xdq/iX/CDXB",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "fa1ecbdc-1488-497f-9b76-f76e3bc43561"
|
||
|
}
|
||
|
],
|
||
|
"x_misp_meta_category": "file",
|
||
|
"x_misp_name": "elf-section"
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-object",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-object--e7545497-50cc-4820-bf57-e33b3801fa54",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-09-12T14:43:00.000Z",
|
||
|
"modified": "2022-09-12T14:43:00.000Z",
|
||
|
"labels": [
|
||
|
"misp:name=\"elf-section\"",
|
||
|
"misp:meta-category=\"file\""
|
||
|
],
|
||
|
"x_misp_attributes": [
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "name",
|
||
|
"value": ".gosymtab",
|
||
|
"category": "Other",
|
||
|
"uuid": "d7e67c72-f962-492a-87d4-a5d973519721"
|
||
|
},
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "type",
|
||
|
"value": "PROGBITS",
|
||
|
"category": "Other",
|
||
|
"uuid": "f6cfb574-b70b-475a-a53a-03cca64e0429"
|
||
|
},
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "flag",
|
||
|
"value": "ALLOC",
|
||
|
"category": "Other",
|
||
|
"uuid": "80681a9a-99aa-4c6e-82db-a042a502a8f0"
|
||
|
},
|
||
|
{
|
||
|
"type": "size-in-bytes",
|
||
|
"object_relation": "size-in-bytes",
|
||
|
"value": "0",
|
||
|
"category": "Other",
|
||
|
"uuid": "79450f4c-c645-4e0e-9c4f-e2bc1cb7a046"
|
||
|
}
|
||
|
],
|
||
|
"x_misp_meta_category": "file",
|
||
|
"x_misp_name": "elf-section"
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-object",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-object--4895ca7f-421c-4989-a3f9-b5b742ec3d41",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-09-12T14:43:00.000Z",
|
||
|
"modified": "2022-09-12T14:43:00.000Z",
|
||
|
"labels": [
|
||
|
"misp:name=\"elf-section\"",
|
||
|
"misp:meta-category=\"file\""
|
||
|
],
|
||
|
"x_misp_attributes": [
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "name",
|
||
|
"value": ".gopclntab",
|
||
|
"category": "Other",
|
||
|
"uuid": "ffe3b180-69ad-4e24-9618-8bbf1c5ddec4"
|
||
|
},
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "type",
|
||
|
"value": "PROGBITS",
|
||
|
"category": "Other",
|
||
|
"uuid": "7bc9b695-91b0-4b15-a569-1ee595aa04c4"
|
||
|
},
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "flag",
|
||
|
"value": "ALLOC",
|
||
|
"category": "Other",
|
||
|
"uuid": "93914eb3-66d3-4763-98f9-dc2d85667ac4"
|
||
|
},
|
||
|
{
|
||
|
"type": "size-in-bytes",
|
||
|
"object_relation": "size-in-bytes",
|
||
|
"value": "451598",
|
||
|
"category": "Other",
|
||
|
"uuid": "9e19c1c3-ef12-4139-b27c-48ada38d33bc"
|
||
|
},
|
||
|
{
|
||
|
"type": "float",
|
||
|
"object_relation": "entropy",
|
||
|
"value": "5.586821190756",
|
||
|
"category": "Other",
|
||
|
"uuid": "9d624582-812d-4fb7-9c3a-7a6ba8f226ae"
|
||
|
},
|
||
|
{
|
||
|
"type": "md5",
|
||
|
"object_relation": "md5",
|
||
|
"value": "f6b03c675ff8fb7ddd0d148aa83939da",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "de677d18-e2b2-44bd-8107-bb393d23e4f3"
|
||
|
},
|
||
|
{
|
||
|
"type": "sha1",
|
||
|
"object_relation": "sha1",
|
||
|
"value": "4e9028ad8e77fe8464dfd886e9c47d0e0e6784f3",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "40cef877-c03e-439c-a2a7-7885a5021151"
|
||
|
},
|
||
|
{
|
||
|
"type": "sha256",
|
||
|
"object_relation": "sha256",
|
||
|
"value": "9aca37f7c9c24d35c68720106ec1593a1593044d608445a09e73fe8637581ac9",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "b69d77ee-b63a-4cf9-9765-0c75bcf3a2d8"
|
||
|
},
|
||
|
{
|
||
|
"type": "sha512",
|
||
|
"object_relation": "sha512",
|
||
|
"value": "451218bacdf9b269caa25973906c25db6ccffeda0578c3369d62733a023f27d6ca862ef2fb3634ea53d81033fb53ef729520be726f24390426c26298543a6a4e",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "bbe34a37-b795-42ec-bc29-0342dcacd701"
|
||
|
},
|
||
|
{
|
||
|
"type": "ssdeep",
|
||
|
"object_relation": "ssdeep",
|
||
|
"value": "6144:W8ZpsRCLMOVovlH42WphZ636ABbu5rTAJtbcdvM7fDFcfeq0tRzmrihoJvo:Bhm0ZOhB6r0JtbdbFcfeq0tRzmRg",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "4e841531-b686-47e7-a190-43724070d2bc"
|
||
|
}
|
||
|
],
|
||
|
"x_misp_meta_category": "file",
|
||
|
"x_misp_name": "elf-section"
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-object",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-object--ab8360ad-eba5-4e63-9bb4-e3c4a277065b",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-09-12T14:43:00.000Z",
|
||
|
"modified": "2022-09-12T14:43:00.000Z",
|
||
|
"labels": [
|
||
|
"misp:name=\"elf-section\"",
|
||
|
"misp:meta-category=\"file\""
|
||
|
],
|
||
|
"x_misp_attributes": [
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "name",
|
||
|
"value": ".go.buildinfo",
|
||
|
"category": "Other",
|
||
|
"uuid": "5b21ff93-e35f-4965-9cbc-37a1c3ed6d33"
|
||
|
},
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "type",
|
||
|
"value": "PROGBITS",
|
||
|
"category": "Other",
|
||
|
"uuid": "c49f6637-5391-4f95-87cf-c71008413bd2"
|
||
|
},
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "flag",
|
||
|
"value": "WRITE",
|
||
|
"category": "Other",
|
||
|
"uuid": "c5eba209-d9e9-4363-a75e-728b319852e9"
|
||
|
},
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "flag",
|
||
|
"value": "ALLOC",
|
||
|
"category": "Other",
|
||
|
"uuid": "99f10706-5282-4ae3-91cf-60bf43f8dfc9"
|
||
|
},
|
||
|
{
|
||
|
"type": "size-in-bytes",
|
||
|
"object_relation": "size-in-bytes",
|
||
|
"value": "32",
|
||
|
"category": "Other",
|
||
|
"uuid": "d59852a7-d910-4373-81b2-4ac0b880838a"
|
||
|
},
|
||
|
{
|
||
|
"type": "float",
|
||
|
"object_relation": "entropy",
|
||
|
"value": "3.5372301466508",
|
||
|
"category": "Other",
|
||
|
"uuid": "c20211d2-b33e-4cfd-b5e9-8fa9a948513b"
|
||
|
},
|
||
|
{
|
||
|
"type": "md5",
|
||
|
"object_relation": "md5",
|
||
|
"value": "8d14486e21ab3ac6bccdd56c76c0dad6",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "36df18ef-d86b-4c9b-8610-d94998f92818"
|
||
|
},
|
||
|
{
|
||
|
"type": "sha1",
|
||
|
"object_relation": "sha1",
|
||
|
"value": "132606cbef891b396b8713d910ad2e07c9703aed",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "f2b6a539-4c95-4365-ba7b-ec9d0027fcb8"
|
||
|
},
|
||
|
{
|
||
|
"type": "sha256",
|
||
|
"object_relation": "sha256",
|
||
|
"value": "e07ecb7bb7aa2f2f88ca4b8386b910784a87f7b3373ec7c53d3ac2a2373f12a6",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "1f6e47c1-1428-42de-af76-4034927ed154"
|
||
|
},
|
||
|
{
|
||
|
"type": "sha512",
|
||
|
"object_relation": "sha512",
|
||
|
"value": "8ea074902ff4664cfb23942b089d132f6ae7e6b085f21e9be45862f892217ff1a3af931847aa04c64f8bee92d37a5fe9bc94ec30b1749ef91feb47828c5b1972",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "8565655f-fcf2-4464-9643-100f0ddd68c5"
|
||
|
},
|
||
|
{
|
||
|
"type": "ssdeep",
|
||
|
"object_relation": "ssdeep",
|
||
|
"value": "3:OTQMPKjHt/g/lln:O9Pael",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "d407612b-6408-43d8-93d8-94fa26dfc0b9"
|
||
|
}
|
||
|
],
|
||
|
"x_misp_meta_category": "file",
|
||
|
"x_misp_name": "elf-section"
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-object",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-object--f3c99379-9e7f-410f-a8bb-2c16f31ca224",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-09-12T14:43:00.000Z",
|
||
|
"modified": "2022-09-12T14:43:00.000Z",
|
||
|
"labels": [
|
||
|
"misp:name=\"elf-section\"",
|
||
|
"misp:meta-category=\"file\""
|
||
|
],
|
||
|
"x_misp_attributes": [
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "name",
|
||
|
"value": ".noptrdata",
|
||
|
"category": "Other",
|
||
|
"uuid": "741da76c-08df-41c4-9c45-fb9f9c04e5ea"
|
||
|
},
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "type",
|
||
|
"value": "PROGBITS",
|
||
|
"category": "Other",
|
||
|
"uuid": "bbbc2028-c77b-4f00-9be7-5a1ecd157b2b"
|
||
|
},
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "flag",
|
||
|
"value": "WRITE",
|
||
|
"category": "Other",
|
||
|
"uuid": "ee446ad6-b480-4ff8-87b7-d18a44d5a81a"
|
||
|
},
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "flag",
|
||
|
"value": "ALLOC",
|
||
|
"category": "Other",
|
||
|
"uuid": "8a6a76c5-a903-40c1-8e44-75d63fd5a0cb"
|
||
|
},
|
||
|
{
|
||
|
"type": "size-in-bytes",
|
||
|
"object_relation": "size-in-bytes",
|
||
|
"value": "65540",
|
||
|
"category": "Other",
|
||
|
"uuid": "80ce796b-2958-4822-a957-38e5b5052b53"
|
||
|
},
|
||
|
{
|
||
|
"type": "float",
|
||
|
"object_relation": "entropy",
|
||
|
"value": "4.7625341467804",
|
||
|
"category": "Other",
|
||
|
"uuid": "62126851-c8d1-46d3-bd7c-5834b6a23d8b"
|
||
|
},
|
||
|
{
|
||
|
"type": "md5",
|
||
|
"object_relation": "md5",
|
||
|
"value": "f8f3a8535bbd53eb067b6c04018a60e4",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "30ceca4f-83a1-4839-9394-07931b48a24e"
|
||
|
},
|
||
|
{
|
||
|
"type": "sha1",
|
||
|
"object_relation": "sha1",
|
||
|
"value": "4e0d594120fc872f819b2ea915e5a9ac67d64dde",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "bdee6051-016e-451c-b6c5-8b39714acb19"
|
||
|
},
|
||
|
{
|
||
|
"type": "sha256",
|
||
|
"object_relation": "sha256",
|
||
|
"value": "f477aa90f203c4bee34353c5bdac95d54299d3f242bebad87fa8e753618cf4e1",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "72564c3c-5280-4e72-82e1-830d78c40f52"
|
||
|
},
|
||
|
{
|
||
|
"type": "sha512",
|
||
|
"object_relation": "sha512",
|
||
|
"value": "194de170ed39ad9f0d229234b65b6295b95c6cd05cb7847f7ed9b40b3efcd5e86c158459e844fbe9bdb26e78aa33b310f334182c9c637c84cd8dbd06217d5482",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "b0042436-4126-4df9-8910-349f7d58713b"
|
||
|
},
|
||
|
{
|
||
|
"type": "ssdeep",
|
||
|
"object_relation": "ssdeep",
|
||
|
"value": "1536:oXEGnGbKqlt/CX9m13V5H1PLjrp5Eqn6CoRw7f/hZJH9Ijt/W:U4ZEX9m13V91P/rpiw7H7tGt/W",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "4902d58e-f179-4e31-a73c-d932ca6e763b"
|
||
|
}
|
||
|
],
|
||
|
"x_misp_meta_category": "file",
|
||
|
"x_misp_name": "elf-section"
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-object",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-object--4d143e2d-2ae6-4075-929c-55b703a3dc8b",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-09-12T14:43:00.000Z",
|
||
|
"modified": "2022-09-12T14:43:00.000Z",
|
||
|
"labels": [
|
||
|
"misp:name=\"elf-section\"",
|
||
|
"misp:meta-category=\"file\""
|
||
|
],
|
||
|
"x_misp_attributes": [
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "name",
|
||
|
"value": ".data",
|
||
|
"category": "Other",
|
||
|
"uuid": "5c3eb1b9-89e1-4a08-9ab7-1d017f8a8a57"
|
||
|
},
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "type",
|
||
|
"value": "PROGBITS",
|
||
|
"category": "Other",
|
||
|
"uuid": "340a2d0b-9ae2-4452-b4be-688e03c0eeb5"
|
||
|
},
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "flag",
|
||
|
"value": "WRITE",
|
||
|
"category": "Other",
|
||
|
"uuid": "80593d44-1548-4e7e-a2f0-f9a292efcdbc"
|
||
|
},
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "flag",
|
||
|
"value": "ALLOC",
|
||
|
"category": "Other",
|
||
|
"uuid": "673d5b9d-32e1-4b9c-b8bb-0299eb43bf14"
|
||
|
},
|
||
|
{
|
||
|
"type": "size-in-bytes",
|
||
|
"object_relation": "size-in-bytes",
|
||
|
"value": "30896",
|
||
|
"category": "Other",
|
||
|
"uuid": "59723a26-c063-49fb-a8da-df40b1643b7b"
|
||
|
},
|
||
|
{
|
||
|
"type": "float",
|
||
|
"object_relation": "entropy",
|
||
|
"value": "1.5750713144548",
|
||
|
"category": "Other",
|
||
|
"uuid": "64788849-afda-4f7e-bb95-8009cba11664"
|
||
|
},
|
||
|
{
|
||
|
"type": "md5",
|
||
|
"object_relation": "md5",
|
||
|
"value": "fbd527d58844d859572fa7a41d4bd338",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "0179cf04-6bfa-483d-8f6d-8c22301e6bfb"
|
||
|
},
|
||
|
{
|
||
|
"type": "sha1",
|
||
|
"object_relation": "sha1",
|
||
|
"value": "440a4b5a3e88c62ef40227b5b610810ee7cc49aa",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "a23f225b-731a-4591-b6a4-59e11b0fde59"
|
||
|
},
|
||
|
{
|
||
|
"type": "sha256",
|
||
|
"object_relation": "sha256",
|
||
|
"value": "9ca124dfc3069fa123fb6b1273cff761f0bc4cdfcece3ac69e1d24e04ef9e469",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "31e53faf-ab14-43f2-821e-f955b7a89f66"
|
||
|
},
|
||
|
{
|
||
|
"type": "sha512",
|
||
|
"object_relation": "sha512",
|
||
|
"value": "26675735fee978602b61280e8e1dce2143af86cbd9c3b6f7b3874e5641f554ef2f082b4e8d050ffe6f7914f475a55babb58db63d2c0450ef7cf7ea8f41ae1635",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "235d9318-62dc-4fd3-a497-e7aee9a78e9a"
|
||
|
},
|
||
|
{
|
||
|
"type": "ssdeep",
|
||
|
"object_relation": "ssdeep",
|
||
|
"value": "384:j4ZxrJYF9OLjwg+pqYcnefLWgZPQjDnLu7rff:j4ZxrWF9eSpqYcnefLWgpQjDnLufX",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "867ba0e9-b58a-48f4-a343-35c386899b6e"
|
||
|
}
|
||
|
],
|
||
|
"x_misp_meta_category": "file",
|
||
|
"x_misp_name": "elf-section"
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-object",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-object--fe14160c-ea48-40c3-863e-1c4642119e30",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-09-12T14:43:00.000Z",
|
||
|
"modified": "2022-09-12T14:43:00.000Z",
|
||
|
"labels": [
|
||
|
"misp:name=\"elf-section\"",
|
||
|
"misp:meta-category=\"file\""
|
||
|
],
|
||
|
"x_misp_attributes": [
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "name",
|
||
|
"value": ".bss",
|
||
|
"category": "Other",
|
||
|
"uuid": "e551ee62-f260-475a-aa51-a0136a43c510"
|
||
|
},
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "type",
|
||
|
"value": "NOBITS",
|
||
|
"category": "Other",
|
||
|
"uuid": "e2bc138a-0933-4146-9555-2f370f0ddba4"
|
||
|
},
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "flag",
|
||
|
"value": "WRITE",
|
||
|
"category": "Other",
|
||
|
"uuid": "a4b271a2-0307-4e03-82c7-bb5e7406869a"
|
||
|
},
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "flag",
|
||
|
"value": "ALLOC",
|
||
|
"category": "Other",
|
||
|
"uuid": "a5be8953-0242-4b91-a12e-5a8dd0d7bc4b"
|
||
|
},
|
||
|
{
|
||
|
"type": "size-in-bytes",
|
||
|
"object_relation": "size-in-bytes",
|
||
|
"value": "196976",
|
||
|
"category": "Other",
|
||
|
"uuid": "066197f2-635f-4940-9e54-c2b3947fd4b7"
|
||
|
},
|
||
|
{
|
||
|
"type": "float",
|
||
|
"object_relation": "entropy",
|
||
|
"value": "7.9862676075939",
|
||
|
"category": "Other",
|
||
|
"uuid": "478bd1e4-0a45-4032-83a4-e0985f529ce8"
|
||
|
},
|
||
|
{
|
||
|
"type": "md5",
|
||
|
"object_relation": "md5",
|
||
|
"value": "1e72b60b188fd71da4f2c8e0f18bf670",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "3a3771c6-75fe-445a-aefe-afc40a511611"
|
||
|
},
|
||
|
{
|
||
|
"type": "sha1",
|
||
|
"object_relation": "sha1",
|
||
|
"value": "396743fa398491f41a56d6683b61cb8867a1e90e",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "9cdf4643-26b0-492a-a6e7-4e525ca3bc44"
|
||
|
},
|
||
|
{
|
||
|
"type": "sha256",
|
||
|
"object_relation": "sha256",
|
||
|
"value": "e56f0370029b1b59af855e25a7dcc83b878c1f8f00cfae9bbf3e5001c5baf84f",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "60892eb9-a2f2-45b2-bc84-a44c5f0046eb"
|
||
|
},
|
||
|
{
|
||
|
"type": "sha512",
|
||
|
"object_relation": "sha512",
|
||
|
"value": "ad16d4adec4a984dfffc478292b2abd3764a86de4ec0faeccd35b3761a4329555be64fdefbe8dce857b029579a6fcb467a2b17aa1c61163e6ccbc4d59cf547f0",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "0718a3a8-7f5a-439e-b174-0a4d7a06ad4d"
|
||
|
},
|
||
|
{
|
||
|
"type": "ssdeep",
|
||
|
"object_relation": "ssdeep",
|
||
|
"value": "3072:/ehLRAstrqN3WjKPnmf/kbWXNQ6304o55jgC8d6Wcr0hIHJ2Y4Mf/V/FcR:o18DM/kby04g5MrGIhIHIY4uV/FI",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "836bee43-be6f-4fb5-a6e8-a71c824b3b2a"
|
||
|
}
|
||
|
],
|
||
|
"x_misp_meta_category": "file",
|
||
|
"x_misp_name": "elf-section"
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-object",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-object--643684a3-9c11-49b4-b15c-1cd11e5eee7d",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-09-12T14:43:01.000Z",
|
||
|
"modified": "2022-09-12T14:43:01.000Z",
|
||
|
"labels": [
|
||
|
"misp:name=\"elf-section\"",
|
||
|
"misp:meta-category=\"file\""
|
||
|
],
|
||
|
"x_misp_attributes": [
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "name",
|
||
|
"value": ".noptrbss",
|
||
|
"category": "Other",
|
||
|
"uuid": "f3df4751-2b47-4177-9b03-20361944e025"
|
||
|
},
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "type",
|
||
|
"value": "NOBITS",
|
||
|
"category": "Other",
|
||
|
"uuid": "a64d0981-9d28-4b45-beac-902a154417af"
|
||
|
},
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "flag",
|
||
|
"value": "WRITE",
|
||
|
"category": "Other",
|
||
|
"uuid": "5d11a589-55af-4bee-94bd-d765199618cc"
|
||
|
},
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "flag",
|
||
|
"value": "ALLOC",
|
||
|
"category": "Other",
|
||
|
"uuid": "9b01fd68-9d37-49ec-a136-8b7f04496691"
|
||
|
},
|
||
|
{
|
||
|
"type": "size-in-bytes",
|
||
|
"object_relation": "size-in-bytes",
|
||
|
"value": "10408",
|
||
|
"category": "Other",
|
||
|
"uuid": "8a4efe61-0e6e-47d7-8796-7127c2c7ddda"
|
||
|
},
|
||
|
{
|
||
|
"type": "float",
|
||
|
"object_relation": "entropy",
|
||
|
"value": "7.9675310815552",
|
||
|
"category": "Other",
|
||
|
"uuid": "9a98314d-c392-43fe-a3b5-209a5e71b432"
|
||
|
},
|
||
|
{
|
||
|
"type": "md5",
|
||
|
"object_relation": "md5",
|
||
|
"value": "d2d82e03c5186a65ae3bb43c8ae8a619",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "6e95ab58-da0a-4a8c-a74d-8f06c75754b3"
|
||
|
},
|
||
|
{
|
||
|
"type": "sha1",
|
||
|
"object_relation": "sha1",
|
||
|
"value": "82c2847d560d10351ab086374874d6a36f87af35",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "b72826d1-5615-4a0d-a353-4c08071af438"
|
||
|
},
|
||
|
{
|
||
|
"type": "sha256",
|
||
|
"object_relation": "sha256",
|
||
|
"value": "175da7b745af7a21325ac03e60e365540927c22e31395799115fc2c4b94c8c00",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "dbf96e6c-d9fa-4a02-beda-e0600f354550"
|
||
|
},
|
||
|
{
|
||
|
"type": "sha512",
|
||
|
"object_relation": "sha512",
|
||
|
"value": "bdcbe75628e035f8fae841d276d376b73425db71b7d0dfcad30bfc76fd7ecc88684acc8d8f987d74a792ed92eb1896e09501edd61c503ebb177b9f2837d28478",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "2c87745d-2e25-468d-9c5c-e9ae1a6adab6"
|
||
|
},
|
||
|
{
|
||
|
"type": "ssdeep",
|
||
|
"object_relation": "ssdeep",
|
||
|
"value": "192:BfXW/ZyG4omocJSLOEHJ2/rJU/66exuUrizcV8ie9+4nztrBOcX02MtjfJVd:BfW/ZKog0LOEHJMA6vxpb279+MztrUcG",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "f5e05f36-1b10-4cb6-b083-62e32fab8c82"
|
||
|
}
|
||
|
],
|
||
|
"x_misp_meta_category": "file",
|
||
|
"x_misp_name": "elf-section"
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-object",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-object--8392d8e8-a37f-43d4-a253-1866673d3a98",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-09-12T14:43:01.000Z",
|
||
|
"modified": "2022-09-12T14:43:01.000Z",
|
||
|
"labels": [
|
||
|
"misp:name=\"elf-section\"",
|
||
|
"misp:meta-category=\"file\""
|
||
|
],
|
||
|
"x_misp_attributes": [
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "name",
|
||
|
"value": ".zdebug_abbrev",
|
||
|
"category": "Other",
|
||
|
"uuid": "b813de63-fd47-4af5-98bb-3f1fd5e7a646"
|
||
|
},
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "type",
|
||
|
"value": "PROGBITS",
|
||
|
"category": "Other",
|
||
|
"uuid": "ea50a06a-df83-4e57-9f71-58a15100b65e"
|
||
|
},
|
||
|
{
|
||
|
"type": "size-in-bytes",
|
||
|
"object_relation": "size-in-bytes",
|
||
|
"value": "281",
|
||
|
"category": "Other",
|
||
|
"uuid": "ef48fe8e-6bcb-4247-9cd3-cfd856b7daf9"
|
||
|
},
|
||
|
{
|
||
|
"type": "float",
|
||
|
"object_relation": "entropy",
|
||
|
"value": "7.1866788789677",
|
||
|
"category": "Other",
|
||
|
"uuid": "b162e161-1c7d-49f4-9ed9-e9ceedc2f815"
|
||
|
},
|
||
|
{
|
||
|
"type": "md5",
|
||
|
"object_relation": "md5",
|
||
|
"value": "9bd3b96305b751c86ebbdfd452641496",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "97848376-44cb-46c5-a888-2d0997b268a0"
|
||
|
},
|
||
|
{
|
||
|
"type": "sha1",
|
||
|
"object_relation": "sha1",
|
||
|
"value": "9d0cc3318632be6538a5e131a9752fe1b79adf88",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "088cdcc3-35a0-4db1-b21d-3a24b7a54095"
|
||
|
},
|
||
|
{
|
||
|
"type": "sha256",
|
||
|
"object_relation": "sha256",
|
||
|
"value": "ef6e207963a71a4838872d87242b38e9e33ec0b9ea1167ca52a9df5ddec74a10",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "ccbd2601-34d9-423a-92a6-aa4738293f02"
|
||
|
},
|
||
|
{
|
||
|
"type": "sha512",
|
||
|
"object_relation": "sha512",
|
||
|
"value": "81a48bf4d20ef62436b54c11f320b0e72de55f5fb9e7937ffcd801300439f9b970b8ce743b3ee3abb80935bf2465e3be7831b13e08b90aecb74912d19fa41be2",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "dab5f265-20f7-4d8c-a33e-fe4d94b40a0c"
|
||
|
},
|
||
|
{
|
||
|
"type": "ssdeep",
|
||
|
"object_relation": "ssdeep",
|
||
|
"value": "6:6nSY0ju3f0Y8SEkW4zVxNjTN6YjQ+5XYaB/96MrzTt+N2Wl79:MKu3f0YDE5MfN6YbX3SMr/tuB",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "40c56562-1f97-4d5d-93e0-94c17404cc42"
|
||
|
}
|
||
|
],
|
||
|
"x_misp_meta_category": "file",
|
||
|
"x_misp_name": "elf-section"
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-object",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-object--fc3db4a6-26cd-4f2a-a94b-12c4f3ac31e6",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-09-12T14:43:01.000Z",
|
||
|
"modified": "2022-09-12T14:43:01.000Z",
|
||
|
"labels": [
|
||
|
"misp:name=\"elf-section\"",
|
||
|
"misp:meta-category=\"file\""
|
||
|
],
|
||
|
"x_misp_attributes": [
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "name",
|
||
|
"value": ".zdebug_line",
|
||
|
"category": "Other",
|
||
|
"uuid": "0c6458b6-3d81-495c-8fe8-28bd37011a41"
|
||
|
},
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "type",
|
||
|
"value": "PROGBITS",
|
||
|
"category": "Other",
|
||
|
"uuid": "2c26d4f2-f0e1-4e52-bf46-0d52e86d596c"
|
||
|
},
|
||
|
{
|
||
|
"type": "size-in-bytes",
|
||
|
"object_relation": "size-in-bytes",
|
||
|
"value": "138758",
|
||
|
"category": "Other",
|
||
|
"uuid": "523705d4-4c49-4405-85f8-0f96b393e859"
|
||
|
},
|
||
|
{
|
||
|
"type": "float",
|
||
|
"object_relation": "entropy",
|
||
|
"value": "7.993945143022",
|
||
|
"category": "Other",
|
||
|
"uuid": "1baae12a-9b5b-477a-837a-9b4948865684"
|
||
|
},
|
||
|
{
|
||
|
"type": "md5",
|
||
|
"object_relation": "md5",
|
||
|
"value": "5b84c78f55959930d6311791dff2fbc5",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "a915fa17-fd80-4677-8aee-7ffed0c1958c"
|
||
|
},
|
||
|
{
|
||
|
"type": "sha1",
|
||
|
"object_relation": "sha1",
|
||
|
"value": "fc8de210c4fa50d5004cf73027c64957ad336fb2",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "787e9a93-a593-4312-994d-15bc8bb7ff50"
|
||
|
},
|
||
|
{
|
||
|
"type": "sha256",
|
||
|
"object_relation": "sha256",
|
||
|
"value": "128ab148dc617ab6763aec9648ab60543351fcf5a96ab52572e07983f2409bef",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "a6299ea9-637a-42ec-b379-24cfb6929603"
|
||
|
},
|
||
|
{
|
||
|
"type": "sha512",
|
||
|
"object_relation": "sha512",
|
||
|
"value": "fec3211ad10f035c6e49e21bc0226615afd4ee22e71921971aed135c9c7bfeb9afc080901ac76779c6e33920c176b2cb4fe101dd6413485ff6dc7b8e559e9338",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "1abe9dec-ba31-466f-a357-084bf466707c"
|
||
|
},
|
||
|
{
|
||
|
"type": "ssdeep",
|
||
|
"object_relation": "ssdeep",
|
||
|
"value": "3072:ZehLRAstrqN3WjKPnmf/kbWXNQ6304o55jgC8d6Wcr0g:e18DM/kby04g5MrGIg",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "39951132-a3a2-4615-95f8-157399e350ef"
|
||
|
}
|
||
|
],
|
||
|
"x_misp_meta_category": "file",
|
||
|
"x_misp_name": "elf-section"
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-object",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-object--d60e3399-e0df-4a6c-b190-20a8cc37235a",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-09-12T14:43:01.000Z",
|
||
|
"modified": "2022-09-12T14:43:01.000Z",
|
||
|
"labels": [
|
||
|
"misp:name=\"elf-section\"",
|
||
|
"misp:meta-category=\"file\""
|
||
|
],
|
||
|
"x_misp_attributes": [
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "name",
|
||
|
"value": ".zdebug_frame",
|
||
|
"category": "Other",
|
||
|
"uuid": "b4ade713-6889-4bf4-9450-689c76559dbc"
|
||
|
},
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "type",
|
||
|
"value": "PROGBITS",
|
||
|
"category": "Other",
|
||
|
"uuid": "20e51d84-d6f1-46fa-8c5f-9185ced14912"
|
||
|
},
|
||
|
{
|
||
|
"type": "size-in-bytes",
|
||
|
"object_relation": "size-in-bytes",
|
||
|
"value": "29382",
|
||
|
"category": "Other",
|
||
|
"uuid": "75370675-bf42-4a44-ac66-d537b053a382"
|
||
|
},
|
||
|
{
|
||
|
"type": "float",
|
||
|
"object_relation": "entropy",
|
||
|
"value": "7.9262900082231",
|
||
|
"category": "Other",
|
||
|
"uuid": "595d1be7-d2fc-44ab-8f81-5cbb25fcaf7b"
|
||
|
},
|
||
|
{
|
||
|
"type": "md5",
|
||
|
"object_relation": "md5",
|
||
|
"value": "46baf89350e8824ff8808fe6ad1d66db",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "eae061d8-cbc9-4f58-a06e-0dbd6f0c0c8a"
|
||
|
},
|
||
|
{
|
||
|
"type": "sha1",
|
||
|
"object_relation": "sha1",
|
||
|
"value": "b12d17d7b2d0cfc0ea9bcff6db2550024635baaf",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "a9e56ac6-e9c0-462d-a9a3-0d5b6f9d45af"
|
||
|
},
|
||
|
{
|
||
|
"type": "sha256",
|
||
|
"object_relation": "sha256",
|
||
|
"value": "64897c2fc34df76c5616d9cd2abada9caba522d7b148d79ae4a23ffdeede50b0",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "92c83c66-5004-4350-9c98-05bcce5691b3"
|
||
|
},
|
||
|
{
|
||
|
"type": "sha512",
|
||
|
"object_relation": "sha512",
|
||
|
"value": "f68477cd2478b145d931af4ac15e0bea7dff2c1e4a4e6314a9f9e364ed206fbc7bea4720e477fa5bb2a61b30be8460370b51d8cc6de9354e762ddad812b525c8",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "b874c212-734b-485e-b68f-04c71d46c6fc"
|
||
|
},
|
||
|
{
|
||
|
"type": "ssdeep",
|
||
|
"object_relation": "ssdeep",
|
||
|
"value": "768:l8RSKc64X/k1eu/4DGj+s2eMvgsSgsqLbSGhGlCQ:l8wRPFuADZbeMnRietQ",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "5280f828-fb6b-43d7-bcd3-763f8c5b12db"
|
||
|
}
|
||
|
],
|
||
|
"x_misp_meta_category": "file",
|
||
|
"x_misp_name": "elf-section"
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-object",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-object--4e17149a-e3e6-4747-999c-d3271f4e9647",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-09-12T14:43:01.000Z",
|
||
|
"modified": "2022-09-12T14:43:01.000Z",
|
||
|
"labels": [
|
||
|
"misp:name=\"elf-section\"",
|
||
|
"misp:meta-category=\"file\""
|
||
|
],
|
||
|
"x_misp_attributes": [
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "name",
|
||
|
"value": ".zdebug_pubnames",
|
||
|
"category": "Other",
|
||
|
"uuid": "e11c3712-20f1-4f6f-b4ff-bb56f3f8eef3"
|
||
|
},
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "type",
|
||
|
"value": "PROGBITS",
|
||
|
"category": "Other",
|
||
|
"uuid": "f6077bd0-09de-445a-9f03-ccd29fb91f9e"
|
||
|
},
|
||
|
{
|
||
|
"type": "size-in-bytes",
|
||
|
"object_relation": "size-in-bytes",
|
||
|
"value": "5740",
|
||
|
"category": "Other",
|
||
|
"uuid": "8b4a354a-c45b-4c99-a296-8729a38dcd13"
|
||
|
},
|
||
|
{
|
||
|
"type": "float",
|
||
|
"object_relation": "entropy",
|
||
|
"value": "7.9492071306249",
|
||
|
"category": "Other",
|
||
|
"uuid": "5c8a875f-b27c-48d6-8153-a2adefb950a6"
|
||
|
},
|
||
|
{
|
||
|
"type": "md5",
|
||
|
"object_relation": "md5",
|
||
|
"value": "5786b800030bc4b3e353ebfe6c6a3188",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "1235155e-97c3-40a4-bbcc-e6d4c9f22d7e"
|
||
|
},
|
||
|
{
|
||
|
"type": "sha1",
|
||
|
"object_relation": "sha1",
|
||
|
"value": "3d269ce6e919fe167797cd441dba2fa295a0a034",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "279643e1-d949-4e3a-b801-5d5a8967d5b5"
|
||
|
},
|
||
|
{
|
||
|
"type": "sha256",
|
||
|
"object_relation": "sha256",
|
||
|
"value": "c4aba8e4af19573fdc585b1fd738ff0fe6fd1d2010f73f803d1eb6e6026f89f2",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "6b17cf98-0ff2-4607-9454-eeb61e07df03"
|
||
|
},
|
||
|
{
|
||
|
"type": "sha512",
|
||
|
"object_relation": "sha512",
|
||
|
"value": "26acee83d8ced09cc12b066e689d41403a4c51814a2053ddb92dbbcbbecbbe8df061194fd5533541af42808e2318460d3cb918ba2d643cdbdadf1c022c4d2d98",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "22cbd0e4-e4c4-4154-b443-0076daf94f8f"
|
||
|
},
|
||
|
{
|
||
|
"type": "ssdeep",
|
||
|
"object_relation": "ssdeep",
|
||
|
"value": "96:5HWybGdC4n5IoY7Dl8Vounx+B6BnDpQF00HYhVzOi07BIEL32NRKHSROd5JR:VvbGdC45s7phunMBxFaid7dCjKyIvJR",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "b092df54-fdf2-48d3-bebd-8925cbff0584"
|
||
|
}
|
||
|
],
|
||
|
"x_misp_meta_category": "file",
|
||
|
"x_misp_name": "elf-section"
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-object",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-object--77ab2c67-d278-498e-8072-8478dcf8ce7d",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-09-12T14:43:01.000Z",
|
||
|
"modified": "2022-09-12T14:43:01.000Z",
|
||
|
"labels": [
|
||
|
"misp:name=\"elf-section\"",
|
||
|
"misp:meta-category=\"file\""
|
||
|
],
|
||
|
"x_misp_attributes": [
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "name",
|
||
|
"value": ".zdebug_pubtypes",
|
||
|
"category": "Other",
|
||
|
"uuid": "3ff0ce33-1d19-4c04-97a7-d3246f4c47e7"
|
||
|
},
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "type",
|
||
|
"value": "PROGBITS",
|
||
|
"category": "Other",
|
||
|
"uuid": "77a53d13-36a0-4998-a244-effba78740a6"
|
||
|
},
|
||
|
{
|
||
|
"type": "size-in-bytes",
|
||
|
"object_relation": "size-in-bytes",
|
||
|
"value": "15210",
|
||
|
"category": "Other",
|
||
|
"uuid": "8e856a26-ce5c-4bf1-9d30-98d06b7847a9"
|
||
|
},
|
||
|
{
|
||
|
"type": "float",
|
||
|
"object_relation": "entropy",
|
||
|
"value": "7.9803422878338",
|
||
|
"category": "Other",
|
||
|
"uuid": "bd66c99b-49f2-46e0-b3b9-14582b339a7d"
|
||
|
},
|
||
|
{
|
||
|
"type": "md5",
|
||
|
"object_relation": "md5",
|
||
|
"value": "95bc5ec366a932b841b5bdb1f4be02cc",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "16855e6a-a5bc-4765-afd5-76abc6f5bee9"
|
||
|
},
|
||
|
{
|
||
|
"type": "sha1",
|
||
|
"object_relation": "sha1",
|
||
|
"value": "75474c2bc59fd3c49198d5c1912899abaf076fc9",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "f9b92551-486b-4637-8cf3-b94145eb529f"
|
||
|
},
|
||
|
{
|
||
|
"type": "sha256",
|
||
|
"object_relation": "sha256",
|
||
|
"value": "f046ec59c5bf52e31319ae312cdf9af96d687880c451517ce016a67c24fbc2d3",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "79c31f1c-eab5-4f0a-a963-758cb7d953b6"
|
||
|
},
|
||
|
{
|
||
|
"type": "sha512",
|
||
|
"object_relation": "sha512",
|
||
|
"value": "c7db07838e4c53d89b1dd374c7a5c4f95d795499502b9020f38f966821bb4a3901bdbbc7df60d2d86541f6e14e138de27e4dd5c92dba9bd30e6d0b277972720f",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "6babd50a-2895-4784-8249-a8dfb77bb2fd"
|
||
|
},
|
||
|
{
|
||
|
"type": "ssdeep",
|
||
|
"object_relation": "ssdeep",
|
||
|
"value": "384:sCN2IDg+xER999XWuRWa1S9EXakZKDKjTOKVy5iSmMovzNbwbtDAC5iCCUg:NNzg3Wa1mEqksQTO8SYNbwbtMC5PCN",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "1564f30a-2afa-4441-bd06-d60e35342131"
|
||
|
}
|
||
|
],
|
||
|
"x_misp_meta_category": "file",
|
||
|
"x_misp_name": "elf-section"
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-object",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-object--4e112835-f8f5-4e54-980d-cea083e23eaf",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-09-12T14:43:01.000Z",
|
||
|
"modified": "2022-09-12T14:43:01.000Z",
|
||
|
"labels": [
|
||
|
"misp:name=\"elf-section\"",
|
||
|
"misp:meta-category=\"file\""
|
||
|
],
|
||
|
"x_misp_attributes": [
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "name",
|
||
|
"value": ".debug_gdb_scripts",
|
||
|
"category": "Other",
|
||
|
"uuid": "9992fed5-e6d0-4e68-af40-56732f037a29"
|
||
|
},
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "type",
|
||
|
"value": "PROGBITS",
|
||
|
"category": "Other",
|
||
|
"uuid": "09772108-1a7e-441d-ae8b-32fae4ba45d5"
|
||
|
},
|
||
|
{
|
||
|
"type": "size-in-bytes",
|
||
|
"object_relation": "size-in-bytes",
|
||
|
"value": "44",
|
||
|
"category": "Other",
|
||
|
"uuid": "abe3fed3-7827-4168-94e5-ce44cbc56e14"
|
||
|
},
|
||
|
{
|
||
|
"type": "float",
|
||
|
"object_relation": "entropy",
|
||
|
"value": "4.2201287774332",
|
||
|
"category": "Other",
|
||
|
"uuid": "b4475b79-6186-4637-af5f-93abba0a80a8"
|
||
|
},
|
||
|
{
|
||
|
"type": "md5",
|
||
|
"object_relation": "md5",
|
||
|
"value": "6f6d95a4c12c7805b3124c16c228db85",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "7619101a-67bc-4144-bf98-192e7eef8763"
|
||
|
},
|
||
|
{
|
||
|
"type": "sha1",
|
||
|
"object_relation": "sha1",
|
||
|
"value": "b7fc517100b7584589b7ca9dd93deb5a9a5442c7",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "9d6c4c1b-0ce5-469b-90fd-714544291c9a"
|
||
|
},
|
||
|
{
|
||
|
"type": "sha256",
|
||
|
"object_relation": "sha256",
|
||
|
"value": "559edef1eb0a98ef9e332e227436d743dbe24a5c84cdb7b83782573315ee42ac",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "8d20cada-1d28-4def-804a-1cd95a85d85c"
|
||
|
},
|
||
|
{
|
||
|
"type": "sha512",
|
||
|
"object_relation": "sha512",
|
||
|
"value": "a7c9ae31e35386890102bde433c8a469eec31b30609ef5fbdf282f5d7801fdbd335cc26cdadbf918cbbc0593f710c4c7c6ab0a615a5a6c4951912f2deb9dced7",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "edcacaa7-6812-4df3-b80f-0352739104ab"
|
||
|
},
|
||
|
{
|
||
|
"type": "ssdeep",
|
||
|
"object_relation": "ssdeep",
|
||
|
"value": "3:DQfExLJWF5KuROICHhcln:qEN0KuROICBUn",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "b2003939-b999-4d89-807f-54ff635b444d"
|
||
|
}
|
||
|
],
|
||
|
"x_misp_meta_category": "file",
|
||
|
"x_misp_name": "elf-section"
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-object",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-object--d0f21b10-3917-464b-b045-608dcd9e5963",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-09-12T14:43:01.000Z",
|
||
|
"modified": "2022-09-12T14:43:01.000Z",
|
||
|
"labels": [
|
||
|
"misp:name=\"elf-section\"",
|
||
|
"misp:meta-category=\"file\""
|
||
|
],
|
||
|
"x_misp_attributes": [
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "name",
|
||
|
"value": ".zdebug_info",
|
||
|
"category": "Other",
|
||
|
"uuid": "7ab2f199-24d5-4480-a21f-9a63a982730c"
|
||
|
},
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "type",
|
||
|
"value": "PROGBITS",
|
||
|
"category": "Other",
|
||
|
"uuid": "108ce7f1-c4ca-4e05-bfc8-49d88c77c3ed"
|
||
|
},
|
||
|
{
|
||
|
"type": "size-in-bytes",
|
||
|
"object_relation": "size-in-bytes",
|
||
|
"value": "236608",
|
||
|
"category": "Other",
|
||
|
"uuid": "4c782292-d2f2-4b33-b129-758bfa9a9534"
|
||
|
},
|
||
|
{
|
||
|
"type": "float",
|
||
|
"object_relation": "entropy",
|
||
|
"value": "7.9963573338824",
|
||
|
"category": "Other",
|
||
|
"uuid": "de33197c-2a1e-45f6-ba67-666a7f374a63"
|
||
|
},
|
||
|
{
|
||
|
"type": "md5",
|
||
|
"object_relation": "md5",
|
||
|
"value": "73096a3e48d9957075617179467b0dc7",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "6821deb5-3c16-4dad-b41b-88ecbb05e2c0"
|
||
|
},
|
||
|
{
|
||
|
"type": "sha1",
|
||
|
"object_relation": "sha1",
|
||
|
"value": "13407a0748b77ce3cb609f06ce5c6690a2483746",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "aa8ae00c-19eb-47fd-82ae-7e2776890e1f"
|
||
|
},
|
||
|
{
|
||
|
"type": "sha256",
|
||
|
"object_relation": "sha256",
|
||
|
"value": "3b6b6a9fd933bd9483cebce095eb29784f4fccfe881654c3c7d05baa880077fa",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "a219db54-c4dd-480f-b74a-fa3edb60718e"
|
||
|
},
|
||
|
{
|
||
|
"type": "sha512",
|
||
|
"object_relation": "sha512",
|
||
|
"value": "e4ff94c4a490fd531a9f337acbcc1341145b54cd54d07c752257a463c1df4ad0ff10c5f7dae8732b7bed984ffefaf84ef0822216d1cffa314cd6aae7c9899985",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "249db639-78c3-47c8-84d7-c56286039f1b"
|
||
|
},
|
||
|
{
|
||
|
"type": "ssdeep",
|
||
|
"object_relation": "ssdeep",
|
||
|
"value": "6144:E/FuZdCxRd1/tSumYcE4XpIhjHkiTvIrHhHLH15W2:EQZUtSu+EkpIhjHLTviHhHLV5W2",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "2ca15815-cbdb-4cf7-af74-ce3edc2281fc"
|
||
|
}
|
||
|
],
|
||
|
"x_misp_meta_category": "file",
|
||
|
"x_misp_name": "elf-section"
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-object",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-object--7efdfc81-f628-47d5-a390-ec16011fb036",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-09-12T14:43:01.000Z",
|
||
|
"modified": "2022-09-12T14:43:01.000Z",
|
||
|
"labels": [
|
||
|
"misp:name=\"elf-section\"",
|
||
|
"misp:meta-category=\"file\""
|
||
|
],
|
||
|
"x_misp_attributes": [
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "name",
|
||
|
"value": ".zdebug_loc",
|
||
|
"category": "Other",
|
||
|
"uuid": "1753b6a8-746c-4e4c-bb8b-d618c71625c6"
|
||
|
},
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "type",
|
||
|
"value": "PROGBITS",
|
||
|
"category": "Other",
|
||
|
"uuid": "21bab6e1-3a63-4542-8730-89bfc3b554a6"
|
||
|
},
|
||
|
{
|
||
|
"type": "size-in-bytes",
|
||
|
"object_relation": "size-in-bytes",
|
||
|
"value": "115403",
|
||
|
"category": "Other",
|
||
|
"uuid": "942655be-054f-4a3a-a85b-4205b503081f"
|
||
|
},
|
||
|
{
|
||
|
"type": "float",
|
||
|
"object_relation": "entropy",
|
||
|
"value": "7.9927665723987",
|
||
|
"category": "Other",
|
||
|
"uuid": "be25c5f5-9855-4e12-97e8-d0b20acd6b21"
|
||
|
},
|
||
|
{
|
||
|
"type": "md5",
|
||
|
"object_relation": "md5",
|
||
|
"value": "ee706e00996a088c0a6707275331e160",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "92746089-e3e6-437b-920d-b38cd8bea05c"
|
||
|
},
|
||
|
{
|
||
|
"type": "sha1",
|
||
|
"object_relation": "sha1",
|
||
|
"value": "a9be3738a61ccc56081c145c652277cbc884afee",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "50422e0f-af60-41f5-9229-c443d1ff3915"
|
||
|
},
|
||
|
{
|
||
|
"type": "sha256",
|
||
|
"object_relation": "sha256",
|
||
|
"value": "e3fcc90b3d4905a12815381f1295c1a8552f0414be0270b39d8f70c344c4ff51",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "dc99111e-0fa4-40fb-b4bf-e8712142202a"
|
||
|
},
|
||
|
{
|
||
|
"type": "sha512",
|
||
|
"object_relation": "sha512",
|
||
|
"value": "474bc2355db75e8fc7e96977ff80ef784a922806f1f86d151da412b221645f53bde8acf92f3228824774ae65f47ea07f11e8bececbc75ab4186ada2f6e9228a6",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "68f66b1a-4699-456f-a902-1ed7f3ce1234"
|
||
|
},
|
||
|
{
|
||
|
"type": "ssdeep",
|
||
|
"object_relation": "ssdeep",
|
||
|
"value": "1536:PTywSjhnQX8DzHz7N6RcghJ4SUiQxP/ZNMl8kRCLS6Pli2uu5uCBUKQ8GnvxvI83:WThQwzT7Nrgh/4P/gbCLSg0jN1nvKTu5",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "e2644712-005a-42aa-a660-f36cf4538759"
|
||
|
}
|
||
|
],
|
||
|
"x_misp_meta_category": "file",
|
||
|
"x_misp_name": "elf-section"
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-object",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-object--be6c85f9-0493-4474-a28d-0927723fe5b2",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-09-12T14:43:02.000Z",
|
||
|
"modified": "2022-09-12T14:43:02.000Z",
|
||
|
"labels": [
|
||
|
"misp:name=\"elf-section\"",
|
||
|
"misp:meta-category=\"file\""
|
||
|
],
|
||
|
"x_misp_attributes": [
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "name",
|
||
|
"value": ".zdebug_ranges",
|
||
|
"category": "Other",
|
||
|
"uuid": "43731937-8c95-4039-ac4a-d5e5f0b843c1"
|
||
|
},
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "type",
|
||
|
"value": "PROGBITS",
|
||
|
"category": "Other",
|
||
|
"uuid": "b69d1888-985d-48a0-841d-2fe95fd9793d"
|
||
|
},
|
||
|
{
|
||
|
"type": "size-in-bytes",
|
||
|
"object_relation": "size-in-bytes",
|
||
|
"value": "43644",
|
||
|
"category": "Other",
|
||
|
"uuid": "aea7187f-17d9-4321-b25e-f01b905127fd"
|
||
|
},
|
||
|
{
|
||
|
"type": "float",
|
||
|
"object_relation": "entropy",
|
||
|
"value": "7.8017992190193",
|
||
|
"category": "Other",
|
||
|
"uuid": "a2de56e6-d36c-4c94-8e7b-caf43d6f9e89"
|
||
|
},
|
||
|
{
|
||
|
"type": "md5",
|
||
|
"object_relation": "md5",
|
||
|
"value": "6ab030fa6479d180ebcd3dbe82d95ee4",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "07d0333b-cfd5-4e4f-a9b8-7a08f550f7b7"
|
||
|
},
|
||
|
{
|
||
|
"type": "sha1",
|
||
|
"object_relation": "sha1",
|
||
|
"value": "019c172422bff38bda7196e46b6c400eee07d1a0",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "916c4f68-de5b-4118-9c4d-5a21eab0ceec"
|
||
|
},
|
||
|
{
|
||
|
"type": "sha256",
|
||
|
"object_relation": "sha256",
|
||
|
"value": "31b06eb1ffd2131515315185b6427ac7f864ff154681ff28b75d656c46500ec0",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "b2e71bab-6a5b-4663-a5e6-96dd0694f0eb"
|
||
|
},
|
||
|
{
|
||
|
"type": "sha512",
|
||
|
"object_relation": "sha512",
|
||
|
"value": "5ec3f522b213e9562a4564d8d92123f895905ae2efd42d99d1b2910dd8dab5ec939e285dc213958861ba73cc18df5ab262cf9e955781786d137cd47463b88e42",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "91a2a50b-fa19-46b2-87c1-61b2da42bb78"
|
||
|
},
|
||
|
{
|
||
|
"type": "ssdeep",
|
||
|
"object_relation": "ssdeep",
|
||
|
"value": "768:ZpSFAxtrKfrIguobhJseVXX1KNUHO//n8kvrVSUif4Y3A77ryU9kAj:ZpcqwrBbhJXX1Szvp7iw4K72A5j",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "7eed6f79-e725-4828-9c2f-febc7b588946"
|
||
|
}
|
||
|
],
|
||
|
"x_misp_meta_category": "file",
|
||
|
"x_misp_name": "elf-section"
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-object",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-object--85d9e171-534b-4471-b7a8-283384907889",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-09-12T14:43:02.000Z",
|
||
|
"modified": "2022-09-12T14:43:02.000Z",
|
||
|
"labels": [
|
||
|
"misp:name=\"elf-section\"",
|
||
|
"misp:meta-category=\"file\""
|
||
|
],
|
||
|
"x_misp_attributes": [
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "name",
|
||
|
"value": ".note.go.buildid",
|
||
|
"category": "Other",
|
||
|
"uuid": "94632538-5247-47d7-a1aa-a75b5297365d"
|
||
|
},
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "type",
|
||
|
"value": "NOTE",
|
||
|
"category": "Other",
|
||
|
"uuid": "bf50fa38-2b2b-4b15-ba3e-d480c833f45a"
|
||
|
},
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "flag",
|
||
|
"value": "ALLOC",
|
||
|
"category": "Other",
|
||
|
"uuid": "fc76c8c7-9385-4c00-94f3-27cca9a9c9a4"
|
||
|
},
|
||
|
{
|
||
|
"type": "size-in-bytes",
|
||
|
"object_relation": "size-in-bytes",
|
||
|
"value": "100",
|
||
|
"category": "Other",
|
||
|
"uuid": "fbaf26ba-e224-452a-9815-80a1bf20dcf0"
|
||
|
},
|
||
|
{
|
||
|
"type": "float",
|
||
|
"object_relation": "entropy",
|
||
|
"value": "5.1282073152483",
|
||
|
"category": "Other",
|
||
|
"uuid": "5b8ad94c-2df5-4b45-a554-c92f69541772"
|
||
|
},
|
||
|
{
|
||
|
"type": "md5",
|
||
|
"object_relation": "md5",
|
||
|
"value": "181c6b48fcd850eede3ad175651a76a7",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "90595d1f-6685-48b4-b203-fd0564fe2d55"
|
||
|
},
|
||
|
{
|
||
|
"type": "sha1",
|
||
|
"object_relation": "sha1",
|
||
|
"value": "7992363620d9463c515b6a590ae07d64c7ae12ea",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "cde26785-b7fb-4737-8bf2-5612728d23f4"
|
||
|
},
|
||
|
{
|
||
|
"type": "sha256",
|
||
|
"object_relation": "sha256",
|
||
|
"value": "30673d2bf9bce9a60e9fd1a27550fb456289d4549e247f1b363145529c8afed5",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "e03f513b-35d5-4471-90a6-89f7d1994735"
|
||
|
},
|
||
|
{
|
||
|
"type": "sha512",
|
||
|
"object_relation": "sha512",
|
||
|
"value": "b3677b96a853a79d252495994c8e4c7f542ce53c0cdadc3655756bc465063f67379aa434848672c2624a4659f0252faade37c86f7046ddc3080d5bf5e84ee0b6",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "3814f68c-f48d-499a-8e93-21fdba8b13d8"
|
||
|
},
|
||
|
{
|
||
|
"type": "ssdeep",
|
||
|
"object_relation": "ssdeep",
|
||
|
"value": "3:il/J4K/4RCBiqITm6x2BIg7pDpM0cf37NaJ:il/2aKYifm6xF+O0cfrO",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "0c31e362-692f-4d45-86a3-a804766dbaa6"
|
||
|
}
|
||
|
],
|
||
|
"x_misp_meta_category": "file",
|
||
|
"x_misp_name": "elf-section"
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-object",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-object--bea8b655-ac97-4fe0-b601-6a935509fd1c",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-09-12T14:43:02.000Z",
|
||
|
"modified": "2022-09-12T14:43:02.000Z",
|
||
|
"labels": [
|
||
|
"misp:name=\"elf-section\"",
|
||
|
"misp:meta-category=\"file\""
|
||
|
],
|
||
|
"x_misp_attributes": [
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "name",
|
||
|
"value": ".symtab",
|
||
|
"category": "Other",
|
||
|
"uuid": "bb94e66d-9e14-4c1f-a9b6-dbf5460910d9"
|
||
|
},
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "type",
|
||
|
"value": "SYMTAB",
|
||
|
"category": "Other",
|
||
|
"uuid": "f124e33f-1133-451d-a06f-ceb7354bf56f"
|
||
|
},
|
||
|
{
|
||
|
"type": "size-in-bytes",
|
||
|
"object_relation": "size-in-bytes",
|
||
|
"value": "78168",
|
||
|
"category": "Other",
|
||
|
"uuid": "f6ae5efc-ecec-46bd-8054-1166c045033b"
|
||
|
},
|
||
|
{
|
||
|
"type": "float",
|
||
|
"object_relation": "entropy",
|
||
|
"value": "3.2231523468674",
|
||
|
"category": "Other",
|
||
|
"uuid": "c45045bc-328b-4da7-ac26-cbf1e63c932d"
|
||
|
},
|
||
|
{
|
||
|
"type": "md5",
|
||
|
"object_relation": "md5",
|
||
|
"value": "60c1ce7d31595d19f77a0e5e52da5713",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "e95614db-fe38-4c86-8cb1-88d56908437b"
|
||
|
},
|
||
|
{
|
||
|
"type": "sha1",
|
||
|
"object_relation": "sha1",
|
||
|
"value": "1cc3c3a6034693c3e22c5a28d75a7b9bc15fe7df",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "a29a3c6b-db63-47c6-b454-60af077f50e1"
|
||
|
},
|
||
|
{
|
||
|
"type": "sha256",
|
||
|
"object_relation": "sha256",
|
||
|
"value": "0e4dafd06bf1133de730b5a6a75beab38d5ff371eb0a12605d3871bd762131c1",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "b7f36243-7d6d-4384-b46e-885172ae5a3d"
|
||
|
},
|
||
|
{
|
||
|
"type": "sha512",
|
||
|
"object_relation": "sha512",
|
||
|
"value": "a9dbd9a5af5f4080ddc3e803336c33a71b95824d78134ee68b72a36b89ae8b41221ce0baa19bd1ce76d1b927713d83cdee315bbd15f9961bf32b51b8269e2a43",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "e38dbdca-2721-493c-9685-9a22ed1e069f"
|
||
|
},
|
||
|
{
|
||
|
"type": "ssdeep",
|
||
|
"object_relation": "ssdeep",
|
||
|
"value": "768:GtFYoBNz6+plB6VqAHq5iFA0Uqr59H3SI7t1kYCGK9MziMDtACXswm+esXCVCowC:KFNRxukAHg6z5h3n7t1g2zFG19AY3",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "900fe3f9-3c35-4c77-a61e-15f76afc3233"
|
||
|
}
|
||
|
],
|
||
|
"x_misp_meta_category": "file",
|
||
|
"x_misp_name": "elf-section"
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-object",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-object--a75fbab5-5c56-4112-8d3d-da255941a91e",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-09-12T14:43:02.000Z",
|
||
|
"modified": "2022-09-12T14:43:02.000Z",
|
||
|
"labels": [
|
||
|
"misp:name=\"elf-section\"",
|
||
|
"misp:meta-category=\"file\""
|
||
|
],
|
||
|
"x_misp_attributes": [
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "name",
|
||
|
"value": ".strtab",
|
||
|
"category": "Other",
|
||
|
"uuid": "6198cc49-386c-49eb-badc-2efe7b7c49b4"
|
||
|
},
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "type",
|
||
|
"value": "STRTAB",
|
||
|
"category": "Other",
|
||
|
"uuid": "469b8a6c-d214-4c9a-b266-317b3c06a130"
|
||
|
},
|
||
|
{
|
||
|
"type": "size-in-bytes",
|
||
|
"object_relation": "size-in-bytes",
|
||
|
"value": "75102",
|
||
|
"category": "Other",
|
||
|
"uuid": "452e80a2-8b71-4895-8975-4b66ffe1f613"
|
||
|
},
|
||
|
{
|
||
|
"type": "float",
|
||
|
"object_relation": "entropy",
|
||
|
"value": "5.0471679965993",
|
||
|
"category": "Other",
|
||
|
"uuid": "4f149bb7-0df5-4835-8e53-a79e18729329"
|
||
|
},
|
||
|
{
|
||
|
"type": "md5",
|
||
|
"object_relation": "md5",
|
||
|
"value": "3ed92bacf172cd5acf434635db0a6e99",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "2bfaefc8-3a1d-40ad-92b3-54fbba201339"
|
||
|
},
|
||
|
{
|
||
|
"type": "sha1",
|
||
|
"object_relation": "sha1",
|
||
|
"value": "db2d53fab6b4a561658372813d12821062a7d60a",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "151f9586-b12b-438b-be16-3ec16d8e02b7"
|
||
|
},
|
||
|
{
|
||
|
"type": "sha256",
|
||
|
"object_relation": "sha256",
|
||
|
"value": "d52767839a909176c8dcec123d7f4deef558f47353f219137f3afb4fdf311f5e",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "4a57efbe-398e-4c12-afb9-3e058cbc9775"
|
||
|
},
|
||
|
{
|
||
|
"type": "sha512",
|
||
|
"object_relation": "sha512",
|
||
|
"value": "19ad868d864cdfdd4def86c8385e088bd403587ed593b283898e89505ee382a106786b691d8be77bc913aa9edaa2043e6a050ca228b0c5987cd7faa9114bff79",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "efc7f5b5-7273-4ca7-a73b-06520d31117d"
|
||
|
},
|
||
|
{
|
||
|
"type": "ssdeep",
|
||
|
"object_relation": "ssdeep",
|
||
|
"value": "1536:VVCvOq72aHzZ5K1Ma3/bJx+O8Va2m4Xhw/w16cWHlPlToN:VVCT7TZ5qD+O8ValON",
|
||
|
"category": "Payload delivery",
|
||
|
"to_ids": true,
|
||
|
"uuid": "9dff21e0-1aed-4a81-ae9d-616edce79f6e"
|
||
|
}
|
||
|
],
|
||
|
"x_misp_meta_category": "file",
|
||
|
"x_misp_name": "elf-section"
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-object",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-object--30fc9ba1-5c67-4f0e-bc2e-190385bbf94c",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-09-12T14:43:03.000Z",
|
||
|
"modified": "2022-09-12T14:43:03.000Z",
|
||
|
"labels": [
|
||
|
"misp:name=\"elf\"",
|
||
|
"misp:meta-category=\"file\""
|
||
|
],
|
||
|
"x_misp_attributes": [
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "type",
|
||
|
"value": "EXECUTABLE",
|
||
|
"category": "Other",
|
||
|
"uuid": "00f1e4f2-f9a7-46d9-87ee-935862571082"
|
||
|
},
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "entrypoint-address",
|
||
|
"value": "4615936",
|
||
|
"category": "Other",
|
||
|
"uuid": "05680e71-5773-4edf-9837-89f2666cd9b4"
|
||
|
},
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "arch",
|
||
|
"value": "x86_64",
|
||
|
"category": "Other",
|
||
|
"uuid": "d97d83bb-2ccc-4098-b1ff-6a2754998055"
|
||
|
},
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "os_abi",
|
||
|
"value": "SYSTEMV",
|
||
|
"category": "Other",
|
||
|
"uuid": "7f5a6dd1-2399-42c1-8559-0dd1c0a60851"
|
||
|
},
|
||
|
{
|
||
|
"type": "counter",
|
||
|
"object_relation": "number-sections",
|
||
|
"value": "25",
|
||
|
"category": "Other",
|
||
|
"uuid": "c8a7549f-52ba-4076-89a9-94d1b4abf87f"
|
||
|
}
|
||
|
],
|
||
|
"x_misp_meta_category": "file",
|
||
|
"x_misp_name": "elf"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--c1e8e21e-f823-495d-a919-b3c00d071a7c",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-09-12T14:43:03.000Z",
|
||
|
"modified": "2022-09-12T14:43:03.000Z",
|
||
|
"pattern": "[file:hashes.MD5 = '163df28890e025dd2f46609e9ed24e3d' AND file:hashes.SHA1 = '9f3f19639cd70c67293b6de157b076b130107dc2' AND file:hashes.SHA256 = 'eaa1baf4e2e0dec786be25a7283799a0db99ecd40fb807f5b7d8afaeba8d6522' AND file:hashes.SHA512 = '5773923178d6d3361c3f32573633cfc2619de31f4bc54f77214907ec075af7b4c4eca8e611f87c994101684f7e65c9228af7458af9c28da34dedfe39109d6c5f' AND file:hashes.SSDEEP = '24576:E2HqrhGNtI14h5uwRJjHdPup75ExO4/boMdAkpIhfTUMmeI5L:E2HqrhGw1gu0JT5up75mT/bEkahbU95L' AND file:name = 'kik' AND file:size = '2365110' AND (file:content_ref.payload_bin = 'UEsDBBQACQAIAGF1LFWULesZYroTALYWJAAgABwAMTYzZGYyODg5MGUwMjVkZDJmNDY2MDllOWVkMjRlM2RVVAkAA3ZFH2N2RR9jdXgLAAEEIQAAAAQhAAAA0XGBFdJ4IHtST0tcfqRX8YK8QRTl7YHu5vEZzvExkRcSlcIzGAWVTsqAkQtgd5+7jWm84sOjIABRcNczBpE3abS3IYEhq0pbGhdpRXwSLH9A8SqA8B2cyJ/BXL4fHQ/2W0soLaXE2IfKtIRC5uuZxnJDvZ13vq/er41RU0mjSmnpgwu93F6oagCpnh3wHRv71PlANs4EPWQoTd8QXYIi7Ai4FYf+sBnu4IckYryu/musIjVqygPrCwd/WcfKlA4dhn+k3yhZZwxk4WPu+1BbcCmshP7WaJajFmu11NB8Tf0dTqSFRW8gqXXOGlI191gOeKFwL+U4bftj0h5OJZAab2vSFav724JVQpcMSPKTspL4bETwTPkKGJcPFgn9iz0v3F0RlCLoFrZ/xZOI22IWBIl5Y+AF66heSadsbCug3ClkGuYiL54NPTGNvW3ZMEa0TLQLz4lVXT0TL/PqUtQ4qd42LT0kbq8Xe6E8QHaSsik6Y1fGy+DTCu7OTkMN/0CmZ+25zPqWSOj1IyopUFst3uushMDnnkwcgH6U6BQSrUjCQlPz5siN0xVXxTcPtWcK28M6tJsJ8kRSa1K3VQkiyPJX6dn75VQn5+8H8PwZgW81403JqxVV02WQ9vdP9vdmVZd11QVHqmih4VaMSJIbGjKHY29S11in9tNr1SpX8vCI24LrKul2CmZCbP3aN35x9gq1GnPqr29znvH22H4/4xPD0vdjSrmaS9cfv9lS8CfuJASNCHMwZXVDOzdkgD9GOsFul5Uvq+bCnGWsU2FYIkcHvMoOd1kVCvgmtNSYsA/uef6iY0RUh3agCzFxumJV5lvQY5p+MnXsgPcpwZHLfoOusPc0fbXWMXLuQxBf2VUKKW7Yr8vOW0cgE41bnVrCipiI0HXdIJKZ8IWbx/D5UkBvZmEn83/Wzp7zADGMKwbSq1RRSCg2VSGdw9xH7ri0LHiyoy3PxCVMUC/ulK0rh4452cXiTCKmMD3AXbqvib+ppl4PpqOrwc9EbcfxVrOIypz4hb56NGD/kEbKVnpJ5kUdPn1fGpxiEmKnKQT0I3g4r4d4K8yhgD3Er1AeNUyc3ST6Rij/hUL8ELL+9mcCR+ocxu0Iz8gV/VLFlFDaOSxWIqv4igRgTQh04zqtPGXEDwThwPvUCZr8QxT4M43ru6041eHHpzA9LnYptl5gfPbCorqHvgVaOGwJzS49usTYGTMhFvTyifbNER5tdHJTaujh08x0mRCJWSF85yCuKNLGcriFiEuUQckUrTwb2oILhsJU3N/4GJBG1s4MH6P0KR8D3a8vZwhAexcJiaG01TTglO1h5x4gG47S8E1MJYAC8tc0cUcWWEXBRNaFXAhzdBRF88MS4RJIUkcVuf0exYkuKK0IGTXTp23ygTkYWNziQMF44ZXqs61fzGf/O+ixa7K/xEfaeI8h7DqBDFwanMf0e/YDr54z6E/9jw0tpvEdu8yzTE9bCPDGr1nJTNxw0mGv0IGzWzznQ22WKbbMguiCy73IwpF6bXtAUZJqNEizbtotF1S88XCfELmUDK8IupMyxDY/RSHpM2FjEO5AogXElNeDs7Ia9Cocx4r+CTwpROAYFK5VaN+MDUwCE7GGwHs+fNb8PpWNUM7lERvqktcBvTfKe5RY3AK78+pfilywkxMEjMZ6HOhYkRvy2p3Uo6+UTnFG9XNuTk5RyvJqz4j+wTvgAiQ0zZpDwysB/lx2lMew3PqDdydvmXYPJyvV1x0Mx7UcWvvzI3JfQcIFPinlsw2TRxdKca6lZpjz2y7pXzJ8NIaNj8BW5y75FMpJegQFgCagrthNUcyDltY95B6StUXIuoDXC22Q0JgxIgk1DQjLpkj1OKZ47Xv9I4y/sYFNobv6YgfDlTiLGfvuwIaqLqycmKNZWNo/NYIZJMaX2IEY3IGmzv7XiFmEEOVfKf1EgBjUV2hPoiTHNH0gFZ5kse19ltCs1QGS9enIEcCWBndkN6+wXx38VZAjXazxE1y3boqgMQcBBpSqFTfmYPlY4oBx/TFno/rpstOFlN5OcqMW8bG7freNPU8shRUaP5FJiYBCn6ks9vnKcOEJRE4IxetgE12uXB4py9rHxZr/+lK0HiTqUZNIDk9rhZ6ZXoQ/eidmus4NxW6Qg0O5ajbmDZ6xw1kKEBCbnSaKCOwNCl55iHJA2YbxLxHY7ZxzDb+vwqGdQ96RPfzQf2xylhaJMisqCqFLB2BL0KyS71fYxBO4QaO4HoabqLXLU+WH9Se+Wcf1EPYlS0YeJmhdNRjJ39W/83hMnSjASZVQSLVTrxMX0oCd8vt243DZKA9X+wKN6fy14C2HuwGITLdhoRmw8fu9wgYpXrp0nRd0S3gZ0G+FDcya/QGitSW7dlGKUP3o69NG2ZFNfgwehZqWMXbGP7qBhLlF73BJbDcXsjGK6fJiJWkUH7pqT1gWhU68P38MRQ6VgRx4nLUY3awzNy60uh94uv5ptzUZKYqalED144/3y7Sn6nJKis2HFlApOceg+MRQ6sFg6x+qtwdARoLRvR4qwBQxkLSjNYn71dxVcc8dI7g/fM6x/AriRN+N/fKOhFY8hy1pMg7zqU9k1w8jqE/n1kLAvIuBr97XodM0uo2ud50bmRvRmxRjWY3Cq9aHlgPmy0/651BW86bt4iBiUsjPOn/D9j62rm9llO/DcMtRIh5nlCc09OqMl3WmwBaGRvh52OKAXqQBjWmMqoi6JbheYR+JZWlFkFcchuwXPwi5edb9mA8MCIbxgFCsWRdv0A0BwHfNi2+tuPIkXWuFHT5xqXvCtuqyVWSHg2nOY13HfVolsB1SWU3BC8Vh8PsA13rT/sAXTGoVGy/ZFl/QZRE/PM/xRXDrkMNhD+TWWRpGQokYARz+pvi/blYIR2vSSI8EVE3lbXFssV5Rf1BbQU1UZTqJHFYFzoqhU55bHxxyNopJogu2MfphFmnx0Vf4qrYDwHF/n/8IuuLuV+asN70mzMonqFkrby8cIR5mwE9z5Kg//ZnM5CVUhMLO6Xg2g8UUR96qTnQ5op9CwkoHodAj/Gd/C/4w7+eN38mgLAspaNqhqcPKg0wogAnZWE4k0yw1t6YaVMdnf95qxJXmCr/0oPnF8rBsa1T6DrKQAlqgaXuvMMnF6FcYjIUUItulEjyqPm06fZin3+CHMOW9hTRQ+NW+Mvbqkol2sgBCK2o+ikWt4jIvPttj7dvTilRKH08OWzxXBtvqa4kS8VDVBKr1TuFtY1kvLb6yitmvP2wnQtiSflNn2TC+n+QntYU9DY9R0SY4f/smC+iPC7BLWLAf+gZcbJKaqlNxSGnksn+SS5BxucNkxXdfFs0VO9nbBiMzViEXD0/6WeAqWeuGz09wBLWZnE
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-09-12T14:43:03Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "file"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:name=\"file\"",
|
||
|
"misp:meta-category=\"file\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--c3873df4-3829-492a-8003-e17851563f38",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-09-13T06:23:37.000Z",
|
||
|
"modified": "2022-09-13T06:23:37.000Z",
|
||
|
"description": "mining component control",
|
||
|
"pattern": "[(network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '106.251.252.226') AND network-traffic:dst_port = '4545']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-09-13T06:23:37Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "network"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:name=\"ip-port\"",
|
||
|
"misp:meta-category=\"network\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--f5169a57-e7c1-45ae-aa1f-e7447ea823c4",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-09-13T06:25:39.000Z",
|
||
|
"modified": "2022-09-13T06:25:39.000Z",
|
||
|
"pattern": "[(network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '205.147.101.170') AND network-traffic:dst_port = '82']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2022-09-13T06:25:39Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "network"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:name=\"ip-port\"",
|
||
|
"misp:meta-category=\"network\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--49fdac04-cbb9-4602-b340-4352e70d22c7",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2022-09-29T09:27:24.000Z",
|
||
|
"modified": "2022-09-29T09:27:24.000Z",
|
||
|
"first_observed": "2022-09-29T09:27:24Z",
|
||
|
"last_observed": "2022-09-29T09:27:24Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"user-account--49fdac04-cbb9-4602-b340-4352e70d22c7"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:name=\"credential\"",
|
||
|
"misp:meta-category=\"misc\"",
|
||
|
"misp:to_ids=\"False\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "user-account",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "user-account--49fdac04-cbb9-4602-b340-4352e70d22c7",
|
||
|
"user_id": "42JKzDhbU76Wbf7JSDhomw6utwLr3N8tjZXLzLwvTcPuP5ZGZiJAHwnD7dNf2ZSAh52i9cUefq2nmLK3azKBffkBMX5b1LY",
|
||
|
"credential": "prx",
|
||
|
"x_misp_format": "clear-text",
|
||
|
"x_misp_notification": "none",
|
||
|
"x_misp_origin": "malware-analysis",
|
||
|
"x_misp_text": "gulf.moneroocean.stream:80",
|
||
|
"x_misp_type": "password"
|
||
|
},
|
||
|
{
|
||
|
"type": "relationship",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "relationship--f7ea468e-015c-4ff8-8401-e65a4dead3bf",
|
||
|
"created": "2022-09-12T14:41:54.000Z",
|
||
|
"modified": "2022-09-12T14:41:54.000Z",
|
||
|
"relationship_type": "includes",
|
||
|
"source_ref": "x-misp-object--635ce2ad-e872-4956-8118-0fdb473c8424",
|
||
|
"target_ref": "x-misp-object--f20444c8-e756-44a4-ac79-0799566b1356"
|
||
|
},
|
||
|
{
|
||
|
"type": "relationship",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "relationship--2c7ba1e6-6069-483d-ab76-40461b3c9916",
|
||
|
"created": "2022-09-12T14:41:54.000Z",
|
||
|
"modified": "2022-09-12T14:41:54.000Z",
|
||
|
"relationship_type": "includes",
|
||
|
"source_ref": "x-misp-object--635ce2ad-e872-4956-8118-0fdb473c8424",
|
||
|
"target_ref": "x-misp-object--839fe75f-0418-49ab-8118-172e81700111"
|
||
|
},
|
||
|
{
|
||
|
"type": "relationship",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "relationship--331c9e7e-b8a5-4d06-9922-b5429815798d",
|
||
|
"created": "2022-09-12T14:41:54.000Z",
|
||
|
"modified": "2022-09-12T14:41:54.000Z",
|
||
|
"relationship_type": "includes",
|
||
|
"source_ref": "x-misp-object--635ce2ad-e872-4956-8118-0fdb473c8424",
|
||
|
"target_ref": "x-misp-object--cc93a09e-7ab2-4efc-a538-63a2f9eb8548"
|
||
|
},
|
||
|
{
|
||
|
"type": "relationship",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "relationship--1472f38a-bba1-4fc3-bf25-27b75152f413",
|
||
|
"created": "2022-09-12T14:41:54.000Z",
|
||
|
"modified": "2022-09-12T14:41:54.000Z",
|
||
|
"relationship_type": "includes",
|
||
|
"source_ref": "x-misp-object--635ce2ad-e872-4956-8118-0fdb473c8424",
|
||
|
"target_ref": "x-misp-object--c1084d7d-bb02-42df-82ba-a5bb6fc7b6d1"
|
||
|
},
|
||
|
{
|
||
|
"type": "relationship",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "relationship--c2ba1f77-63c8-4fa1-b830-de2e9315217b",
|
||
|
"created": "2022-09-12T14:41:54.000Z",
|
||
|
"modified": "2022-09-12T14:41:54.000Z",
|
||
|
"relationship_type": "includes",
|
||
|
"source_ref": "x-misp-object--635ce2ad-e872-4956-8118-0fdb473c8424",
|
||
|
"target_ref": "x-misp-object--23fb93e2-84c5-45eb-ac44-5ac52e3baa7b"
|
||
|
},
|
||
|
{
|
||
|
"type": "relationship",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "relationship--b986553b-3156-4ed3-948f-387d53844ca4",
|
||
|
"created": "2022-09-12T14:41:54.000Z",
|
||
|
"modified": "2022-09-12T14:41:54.000Z",
|
||
|
"relationship_type": "includes",
|
||
|
"source_ref": "x-misp-object--635ce2ad-e872-4956-8118-0fdb473c8424",
|
||
|
"target_ref": "x-misp-object--aaa26480-e20b-4467-981f-e70fc613819b"
|
||
|
},
|
||
|
{
|
||
|
"type": "relationship",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "relationship--fce5086c-9459-4c17-a487-ad32b29cc12c",
|
||
|
"created": "2022-09-12T14:41:54.000Z",
|
||
|
"modified": "2022-09-12T14:41:54.000Z",
|
||
|
"relationship_type": "includes",
|
||
|
"source_ref": "x-misp-object--635ce2ad-e872-4956-8118-0fdb473c8424",
|
||
|
"target_ref": "x-misp-object--69d75dd5-1b99-43d9-a8d4-d393e30aaa0b"
|
||
|
},
|
||
|
{
|
||
|
"type": "relationship",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "relationship--846d732f-9884-4cb2-8ad6-69b2f10df5ab",
|
||
|
"created": "2022-09-12T14:41:54.000Z",
|
||
|
"modified": "2022-09-12T14:41:54.000Z",
|
||
|
"relationship_type": "includes",
|
||
|
"source_ref": "x-misp-object--635ce2ad-e872-4956-8118-0fdb473c8424",
|
||
|
"target_ref": "x-misp-object--1cf9ac2d-93cb-4e8f-941e-e69e89f8e248"
|
||
|
},
|
||
|
{
|
||
|
"type": "relationship",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "relationship--a4fad920-5888-4e1d-a791-128b26f088fa",
|
||
|
"created": "2022-09-12T14:41:54.000Z",
|
||
|
"modified": "2022-09-12T14:41:54.000Z",
|
||
|
"relationship_type": "includes",
|
||
|
"source_ref": "x-misp-object--635ce2ad-e872-4956-8118-0fdb473c8424",
|
||
|
"target_ref": "x-misp-object--62b00107-a884-40f8-ae40-b61004666ca3"
|
||
|
},
|
||
|
{
|
||
|
"type": "relationship",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "relationship--865a12f4-5ff7-4b9d-8a46-a607c1301e13",
|
||
|
"created": "2022-09-12T14:41:54.000Z",
|
||
|
"modified": "2022-09-12T14:41:54.000Z",
|
||
|
"relationship_type": "includes",
|
||
|
"source_ref": "x-misp-object--635ce2ad-e872-4956-8118-0fdb473c8424",
|
||
|
"target_ref": "x-misp-object--17f77158-0735-4093-8b9c-d738db162699"
|
||
|
},
|
||
|
{
|
||
|
"type": "relationship",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "relationship--f43793dd-5b3b-40fc-bf5a-f67bddcef1ff",
|
||
|
"created": "2022-09-12T14:41:54.000Z",
|
||
|
"modified": "2022-09-12T14:41:54.000Z",
|
||
|
"relationship_type": "includes",
|
||
|
"source_ref": "x-misp-object--635ce2ad-e872-4956-8118-0fdb473c8424",
|
||
|
"target_ref": "x-misp-object--77716830-69b3-4078-907d-a86ff72eada2"
|
||
|
},
|
||
|
{
|
||
|
"type": "relationship",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "relationship--c5fe3207-1686-492d-aa81-c46b7368016b",
|
||
|
"created": "2022-09-12T14:41:54.000Z",
|
||
|
"modified": "2022-09-12T14:41:54.000Z",
|
||
|
"relationship_type": "includes",
|
||
|
"source_ref": "x-misp-object--635ce2ad-e872-4956-8118-0fdb473c8424",
|
||
|
"target_ref": "x-misp-object--387ad845-011a-4be6-8fe4-869f04b7bd4c"
|
||
|
},
|
||
|
{
|
||
|
"type": "relationship",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "relationship--6db93fe0-c46c-4b87-a04d-6c16f7174f3d",
|
||
|
"created": "2022-09-12T14:41:54.000Z",
|
||
|
"modified": "2022-09-12T14:41:54.000Z",
|
||
|
"relationship_type": "includes",
|
||
|
"source_ref": "x-misp-object--635ce2ad-e872-4956-8118-0fdb473c8424",
|
||
|
"target_ref": "x-misp-object--82994316-c33d-4f20-b1cb-43ebcfccfacf"
|
||
|
},
|
||
|
{
|
||
|
"type": "relationship",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "relationship--5acf0036-5c14-4030-85ff-cfee660f92ce",
|
||
|
"created": "2022-09-12T14:41:54.000Z",
|
||
|
"modified": "2022-09-12T14:41:54.000Z",
|
||
|
"relationship_type": "includes",
|
||
|
"source_ref": "x-misp-object--635ce2ad-e872-4956-8118-0fdb473c8424",
|
||
|
"target_ref": "x-misp-object--a3fd4ad8-adc2-409c-b333-db24c1d505b2"
|
||
|
},
|
||
|
{
|
||
|
"type": "relationship",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "relationship--c46e9105-47d1-484b-8a66-dd5167c09393",
|
||
|
"created": "2022-09-12T14:41:54.000Z",
|
||
|
"modified": "2022-09-12T14:41:54.000Z",
|
||
|
"relationship_type": "includes",
|
||
|
"source_ref": "x-misp-object--635ce2ad-e872-4956-8118-0fdb473c8424",
|
||
|
"target_ref": "x-misp-object--a20f6096-5314-4218-83a0-38e46724cef6"
|
||
|
},
|
||
|
{
|
||
|
"type": "relationship",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "relationship--003c1beb-81b4-4488-aa29-bc4af83f9052",
|
||
|
"created": "2022-09-12T14:41:54.000Z",
|
||
|
"modified": "2022-09-12T14:41:54.000Z",
|
||
|
"relationship_type": "includes",
|
||
|
"source_ref": "x-misp-object--635ce2ad-e872-4956-8118-0fdb473c8424",
|
||
|
"target_ref": "x-misp-object--c2ab6b17-9938-4977-8d55-a2618dadb2e2"
|
||
|
},
|
||
|
{
|
||
|
"type": "relationship",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "relationship--cece2afd-7f74-4026-be0b-93369ea1214c",
|
||
|
"created": "2022-09-12T14:41:54.000Z",
|
||
|
"modified": "2022-09-12T14:41:54.000Z",
|
||
|
"relationship_type": "includes",
|
||
|
"source_ref": "x-misp-object--635ce2ad-e872-4956-8118-0fdb473c8424",
|
||
|
"target_ref": "x-misp-object--5bd40820-14d2-4783-b4f9-cf9fd0483b9b"
|
||
|
},
|
||
|
{
|
||
|
"type": "relationship",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "relationship--88b6be2a-9f4a-4531-81f1-ff8b9f0d425e",
|
||
|
"created": "2022-09-12T14:41:54.000Z",
|
||
|
"modified": "2022-09-12T14:41:54.000Z",
|
||
|
"relationship_type": "includes",
|
||
|
"source_ref": "x-misp-object--635ce2ad-e872-4956-8118-0fdb473c8424",
|
||
|
"target_ref": "x-misp-object--dd6b54d8-8ec9-42d3-99d4-6db1e3f8e8f7"
|
||
|
},
|
||
|
{
|
||
|
"type": "relationship",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "relationship--b0937ce3-60b1-4dab-a678-9b4547b7263f",
|
||
|
"created": "2022-09-12T14:41:54.000Z",
|
||
|
"modified": "2022-09-12T14:41:54.000Z",
|
||
|
"relationship_type": "includes",
|
||
|
"source_ref": "x-misp-object--635ce2ad-e872-4956-8118-0fdb473c8424",
|
||
|
"target_ref": "x-misp-object--fea3f084-e86e-47f3-9f7b-a7aba74ccb3b"
|
||
|
},
|
||
|
{
|
||
|
"type": "relationship",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "relationship--9b6e2610-9fbf-433e-9b29-4086ef2c52f7",
|
||
|
"created": "2022-09-12T14:41:54.000Z",
|
||
|
"modified": "2022-09-12T14:41:54.000Z",
|
||
|
"relationship_type": "includes",
|
||
|
"source_ref": "x-misp-object--635ce2ad-e872-4956-8118-0fdb473c8424",
|
||
|
"target_ref": "x-misp-object--0a72bfd3-3a03-425c-9da6-e5bf14a73b87"
|
||
|
},
|
||
|
{
|
||
|
"type": "relationship",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "relationship--b2df9807-3f50-49b4-969e-a91497dac429",
|
||
|
"created": "2022-09-12T14:41:54.000Z",
|
||
|
"modified": "2022-09-12T14:41:54.000Z",
|
||
|
"relationship_type": "includes",
|
||
|
"source_ref": "x-misp-object--635ce2ad-e872-4956-8118-0fdb473c8424",
|
||
|
"target_ref": "x-misp-object--8d56336e-f1af-4d1f-be74-4699c6d39eac"
|
||
|
},
|
||
|
{
|
||
|
"type": "relationship",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "relationship--818b4ec9-31a5-41f0-a1d3-e3a11c440501",
|
||
|
"created": "2022-09-12T14:41:54.000Z",
|
||
|
"modified": "2022-09-12T14:41:54.000Z",
|
||
|
"relationship_type": "includes",
|
||
|
"source_ref": "x-misp-object--635ce2ad-e872-4956-8118-0fdb473c8424",
|
||
|
"target_ref": "x-misp-object--98eaace2-d74a-43cf-a02a-a969867df3c1"
|
||
|
},
|
||
|
{
|
||
|
"type": "relationship",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "relationship--8a4b1d1c-430a-4b78-a7c7-3be178b06216",
|
||
|
"created": "2022-09-12T14:41:54.000Z",
|
||
|
"modified": "2022-09-12T14:41:54.000Z",
|
||
|
"relationship_type": "includes",
|
||
|
"source_ref": "x-misp-object--635ce2ad-e872-4956-8118-0fdb473c8424",
|
||
|
"target_ref": "x-misp-object--08648093-7012-4d42-81d2-0902d0524679"
|
||
|
},
|
||
|
{
|
||
|
"type": "relationship",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "relationship--52f0c31b-c3ef-40ce-b688-1eb74dbb091f",
|
||
|
"created": "2022-09-12T14:41:54.000Z",
|
||
|
"modified": "2022-09-12T14:41:54.000Z",
|
||
|
"relationship_type": "includes",
|
||
|
"source_ref": "x-misp-object--635ce2ad-e872-4956-8118-0fdb473c8424",
|
||
|
"target_ref": "x-misp-object--bec89af8-5394-47fa-9672-9d179eaaedc4"
|
||
|
},
|
||
|
{
|
||
|
"type": "relationship",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "relationship--fd93c859-fc74-46b1-ac9d-01b1f0aa6268",
|
||
|
"created": "2022-09-12T14:41:54.000Z",
|
||
|
"modified": "2022-09-12T14:41:54.000Z",
|
||
|
"relationship_type": "includes",
|
||
|
"source_ref": "x-misp-object--635ce2ad-e872-4956-8118-0fdb473c8424",
|
||
|
"target_ref": "x-misp-object--e9e76732-f3d5-489e-8bd2-d07d354d049f"
|
||
|
},
|
||
|
{
|
||
|
"type": "relationship",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "relationship--f3e742ca-1180-4296-8a43-4558df9ad18d",
|
||
|
"created": "2022-09-12T14:41:54.000Z",
|
||
|
"modified": "2022-09-12T14:41:54.000Z",
|
||
|
"relationship_type": "includes",
|
||
|
"source_ref": "x-misp-object--635ce2ad-e872-4956-8118-0fdb473c8424",
|
||
|
"target_ref": "x-misp-object--9e9dbee4-7953-4545-adf7-0004efc1961d"
|
||
|
},
|
||
|
{
|
||
|
"type": "relationship",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "relationship--81764822-5c83-40df-810c-352292c1eb88",
|
||
|
"created": "2022-09-12T14:41:54.000Z",
|
||
|
"modified": "2022-09-12T14:41:54.000Z",
|
||
|
"relationship_type": "includes",
|
||
|
"source_ref": "x-misp-object--635ce2ad-e872-4956-8118-0fdb473c8424",
|
||
|
"target_ref": "x-misp-object--5cefde66-49fe-405b-b656-de6024c7e6fb"
|
||
|
},
|
||
|
{
|
||
|
"type": "relationship",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "relationship--86e73391-7a80-4e35-af58-b8f9bb29096a",
|
||
|
"created": "2022-09-12T14:41:54.000Z",
|
||
|
"modified": "2022-09-12T14:41:54.000Z",
|
||
|
"relationship_type": "includes",
|
||
|
"source_ref": "x-misp-object--635ce2ad-e872-4956-8118-0fdb473c8424",
|
||
|
"target_ref": "x-misp-object--30791caf-9875-4da1-ac7e-f51a97da1ed0"
|
||
|
},
|
||
|
{
|
||
|
"type": "relationship",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "relationship--2d39e483-67fe-4db0-9fc9-f5d0093a1ca1",
|
||
|
"created": "2022-09-12T14:41:54.000Z",
|
||
|
"modified": "2022-09-12T14:41:54.000Z",
|
||
|
"relationship_type": "includes",
|
||
|
"source_ref": "x-misp-object--635ce2ad-e872-4956-8118-0fdb473c8424",
|
||
|
"target_ref": "x-misp-object--c6546b6f-4721-4c71-9fe1-22353750a63c"
|
||
|
},
|
||
|
{
|
||
|
"type": "relationship",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "relationship--49762e4c-b130-4f02-93be-7bfd911f2c60",
|
||
|
"created": "2022-09-12T14:41:54.000Z",
|
||
|
"modified": "2022-09-12T14:41:54.000Z",
|
||
|
"relationship_type": "includes",
|
||
|
"source_ref": "x-misp-object--635ce2ad-e872-4956-8118-0fdb473c8424",
|
||
|
"target_ref": "x-misp-object--6c5b84ab-b2e3-472d-9317-547fb1574f75"
|
||
|
},
|
||
|
{
|
||
|
"type": "relationship",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "relationship--eae31763-5201-4920-8507-6d94302ba310",
|
||
|
"created": "2022-09-12T14:41:54.000Z",
|
||
|
"modified": "2022-09-12T14:41:54.000Z",
|
||
|
"relationship_type": "includes",
|
||
|
"source_ref": "x-misp-object--635ce2ad-e872-4956-8118-0fdb473c8424",
|
||
|
"target_ref": "x-misp-object--ad44aa8d-152c-4d6d-9b30-4328764b620f"
|
||
|
},
|
||
|
{
|
||
|
"type": "relationship",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "relationship--6fdb913f-bade-47f0-b242-6715ee9bba67",
|
||
|
"created": "2022-09-12T14:41:55.000Z",
|
||
|
"modified": "2022-09-12T14:41:55.000Z",
|
||
|
"relationship_type": "includes",
|
||
|
"source_ref": "x-misp-object--635ce2ad-e872-4956-8118-0fdb473c8424",
|
||
|
"target_ref": "x-misp-object--182c0855-8a58-47ab-bce0-b3ddfd1ade8c"
|
||
|
},
|
||
|
{
|
||
|
"type": "relationship",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "relationship--b9986189-e194-4c4a-b1eb-6f082eb8cf1e",
|
||
|
"created": "2022-09-12T14:41:55.000Z",
|
||
|
"modified": "2022-09-12T14:41:55.000Z",
|
||
|
"relationship_type": "includes",
|
||
|
"source_ref": "indicator--aef7ae69-d72e-4380-be6d-e90aab5dbd4c",
|
||
|
"target_ref": "x-misp-object--635ce2ad-e872-4956-8118-0fdb473c8424"
|
||
|
},
|
||
|
{
|
||
|
"type": "relationship",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "relationship--2c0dc013-8290-49d8-bb93-2598ad406e8f",
|
||
|
"created": "2022-09-12T14:43:02.000Z",
|
||
|
"modified": "2022-09-12T14:43:02.000Z",
|
||
|
"relationship_type": "includes",
|
||
|
"source_ref": "x-misp-object--30fc9ba1-5c67-4f0e-bc2e-190385bbf94c",
|
||
|
"target_ref": "x-misp-object--8847fb72-8125-4aaa-abd0-4166578e03ac"
|
||
|
},
|
||
|
{
|
||
|
"type": "relationship",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "relationship--a8a7a879-3f56-4744-af7f-b778a9620341",
|
||
|
"created": "2022-09-12T14:43:02.000Z",
|
||
|
"modified": "2022-09-12T14:43:02.000Z",
|
||
|
"relationship_type": "includes",
|
||
|
"source_ref": "x-misp-object--30fc9ba1-5c67-4f0e-bc2e-190385bbf94c",
|
||
|
"target_ref": "x-misp-object--78163fa7-83f0-47b3-a928-07c7c9ba6129"
|
||
|
},
|
||
|
{
|
||
|
"type": "relationship",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "relationship--df531ea5-4157-4149-b2dc-a041b9aeb13f",
|
||
|
"created": "2022-09-12T14:43:02.000Z",
|
||
|
"modified": "2022-09-12T14:43:02.000Z",
|
||
|
"relationship_type": "includes",
|
||
|
"source_ref": "x-misp-object--30fc9ba1-5c67-4f0e-bc2e-190385bbf94c",
|
||
|
"target_ref": "x-misp-object--35c65cc6-6518-4cde-a4b6-cec38544378e"
|
||
|
},
|
||
|
{
|
||
|
"type": "relationship",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "relationship--a6ca9575-d1ce-487c-8965-bf24eaf211cf",
|
||
|
"created": "2022-09-12T14:43:02.000Z",
|
||
|
"modified": "2022-09-12T14:43:02.000Z",
|
||
|
"relationship_type": "includes",
|
||
|
"source_ref": "x-misp-object--30fc9ba1-5c67-4f0e-bc2e-190385bbf94c",
|
||
|
"target_ref": "x-misp-object--31a3875d-3d00-470d-9eab-e935795182ae"
|
||
|
},
|
||
|
{
|
||
|
"type": "relationship",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "relationship--32860004-42e7-491d-88cb-d1289b29874c",
|
||
|
"created": "2022-09-12T14:43:02.000Z",
|
||
|
"modified": "2022-09-12T14:43:02.000Z",
|
||
|
"relationship_type": "includes",
|
||
|
"source_ref": "x-misp-object--30fc9ba1-5c67-4f0e-bc2e-190385bbf94c",
|
||
|
"target_ref": "x-misp-object--00e353d5-9326-4c8d-9a60-5c8238e4aca3"
|
||
|
},
|
||
|
{
|
||
|
"type": "relationship",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "relationship--41cc2908-eb6d-4219-b466-96d07ae1c365",
|
||
|
"created": "2022-09-12T14:43:02.000Z",
|
||
|
"modified": "2022-09-12T14:43:02.000Z",
|
||
|
"relationship_type": "includes",
|
||
|
"source_ref": "x-misp-object--30fc9ba1-5c67-4f0e-bc2e-190385bbf94c",
|
||
|
"target_ref": "x-misp-object--d38ccd29-55c6-4b3b-bd60-2dbab2f8297f"
|
||
|
},
|
||
|
{
|
||
|
"type": "relationship",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "relationship--d2491d24-3fbb-487c-8876-f8a4af3d7254",
|
||
|
"created": "2022-09-12T14:43:02.000Z",
|
||
|
"modified": "2022-09-12T14:43:02.000Z",
|
||
|
"relationship_type": "includes",
|
||
|
"source_ref": "x-misp-object--30fc9ba1-5c67-4f0e-bc2e-190385bbf94c",
|
||
|
"target_ref": "x-misp-object--e7545497-50cc-4820-bf57-e33b3801fa54"
|
||
|
},
|
||
|
{
|
||
|
"type": "relationship",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "relationship--1e2602ad-ffcb-4eb1-92e3-0b47ffaf8b67",
|
||
|
"created": "2022-09-12T14:43:02.000Z",
|
||
|
"modified": "2022-09-12T14:43:02.000Z",
|
||
|
"relationship_type": "includes",
|
||
|
"source_ref": "x-misp-object--30fc9ba1-5c67-4f0e-bc2e-190385bbf94c",
|
||
|
"target_ref": "x-misp-object--4895ca7f-421c-4989-a3f9-b5b742ec3d41"
|
||
|
},
|
||
|
{
|
||
|
"type": "relationship",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "relationship--c875ad86-452b-4f3d-8bf0-d478469a6a8c",
|
||
|
"created": "2022-09-12T14:43:02.000Z",
|
||
|
"modified": "2022-09-12T14:43:02.000Z",
|
||
|
"relationship_type": "includes",
|
||
|
"source_ref": "x-misp-object--30fc9ba1-5c67-4f0e-bc2e-190385bbf94c",
|
||
|
"target_ref": "x-misp-object--ab8360ad-eba5-4e63-9bb4-e3c4a277065b"
|
||
|
},
|
||
|
{
|
||
|
"type": "relationship",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "relationship--bb4775aa-adc5-4453-a793-c1668dce0cc4",
|
||
|
"created": "2022-09-12T14:43:02.000Z",
|
||
|
"modified": "2022-09-12T14:43:02.000Z",
|
||
|
"relationship_type": "includes",
|
||
|
"source_ref": "x-misp-object--30fc9ba1-5c67-4f0e-bc2e-190385bbf94c",
|
||
|
"target_ref": "x-misp-object--f3c99379-9e7f-410f-a8bb-2c16f31ca224"
|
||
|
},
|
||
|
{
|
||
|
"type": "relationship",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "relationship--272f2785-b789-47a9-904d-47ae06db3981",
|
||
|
"created": "2022-09-12T14:43:02.000Z",
|
||
|
"modified": "2022-09-12T14:43:02.000Z",
|
||
|
"relationship_type": "includes",
|
||
|
"source_ref": "x-misp-object--30fc9ba1-5c67-4f0e-bc2e-190385bbf94c",
|
||
|
"target_ref": "x-misp-object--4d143e2d-2ae6-4075-929c-55b703a3dc8b"
|
||
|
},
|
||
|
{
|
||
|
"type": "relationship",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "relationship--89b26104-2f12-483d-859f-daa49be49083",
|
||
|
"created": "2022-09-12T14:43:02.000Z",
|
||
|
"modified": "2022-09-12T14:43:02.000Z",
|
||
|
"relationship_type": "includes",
|
||
|
"source_ref": "x-misp-object--30fc9ba1-5c67-4f0e-bc2e-190385bbf94c",
|
||
|
"target_ref": "x-misp-object--fe14160c-ea48-40c3-863e-1c4642119e30"
|
||
|
},
|
||
|
{
|
||
|
"type": "relationship",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "relationship--7cfd8fd0-6bc5-4b93-a0d2-8a5ed090662a",
|
||
|
"created": "2022-09-12T14:43:02.000Z",
|
||
|
"modified": "2022-09-12T14:43:02.000Z",
|
||
|
"relationship_type": "includes",
|
||
|
"source_ref": "x-misp-object--30fc9ba1-5c67-4f0e-bc2e-190385bbf94c",
|
||
|
"target_ref": "x-misp-object--643684a3-9c11-49b4-b15c-1cd11e5eee7d"
|
||
|
},
|
||
|
{
|
||
|
"type": "relationship",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "relationship--0fc0b322-561c-4b2f-be07-5a0d699f27c6",
|
||
|
"created": "2022-09-12T14:43:02.000Z",
|
||
|
"modified": "2022-09-12T14:43:02.000Z",
|
||
|
"relationship_type": "includes",
|
||
|
"source_ref": "x-misp-object--30fc9ba1-5c67-4f0e-bc2e-190385bbf94c",
|
||
|
"target_ref": "x-misp-object--8392d8e8-a37f-43d4-a253-1866673d3a98"
|
||
|
},
|
||
|
{
|
||
|
"type": "relationship",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "relationship--c4e086e0-c13d-444b-9953-0b88c35c443f",
|
||
|
"created": "2022-09-12T14:43:02.000Z",
|
||
|
"modified": "2022-09-12T14:43:02.000Z",
|
||
|
"relationship_type": "includes",
|
||
|
"source_ref": "x-misp-object--30fc9ba1-5c67-4f0e-bc2e-190385bbf94c",
|
||
|
"target_ref": "x-misp-object--fc3db4a6-26cd-4f2a-a94b-12c4f3ac31e6"
|
||
|
},
|
||
|
{
|
||
|
"type": "relationship",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "relationship--2169fd85-526d-417e-86be-0face10f065c",
|
||
|
"created": "2022-09-12T14:43:02.000Z",
|
||
|
"modified": "2022-09-12T14:43:02.000Z",
|
||
|
"relationship_type": "includes",
|
||
|
"source_ref": "x-misp-object--30fc9ba1-5c67-4f0e-bc2e-190385bbf94c",
|
||
|
"target_ref": "x-misp-object--d60e3399-e0df-4a6c-b190-20a8cc37235a"
|
||
|
},
|
||
|
{
|
||
|
"type": "relationship",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "relationship--a82f5786-784a-4bd1-83ce-b7ad8ed5a3b7",
|
||
|
"created": "2022-09-12T14:43:02.000Z",
|
||
|
"modified": "2022-09-12T14:43:02.000Z",
|
||
|
"relationship_type": "includes",
|
||
|
"source_ref": "x-misp-object--30fc9ba1-5c67-4f0e-bc2e-190385bbf94c",
|
||
|
"target_ref": "x-misp-object--4e17149a-e3e6-4747-999c-d3271f4e9647"
|
||
|
},
|
||
|
{
|
||
|
"type": "relationship",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "relationship--578e0d50-45f7-4889-b86f-d4371055eb52",
|
||
|
"created": "2022-09-12T14:43:02.000Z",
|
||
|
"modified": "2022-09-12T14:43:02.000Z",
|
||
|
"relationship_type": "includes",
|
||
|
"source_ref": "x-misp-object--30fc9ba1-5c67-4f0e-bc2e-190385bbf94c",
|
||
|
"target_ref": "x-misp-object--77ab2c67-d278-498e-8072-8478dcf8ce7d"
|
||
|
},
|
||
|
{
|
||
|
"type": "relationship",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "relationship--bf7f1aa5-c634-4cb5-85e0-033260cfc605",
|
||
|
"created": "2022-09-12T14:43:02.000Z",
|
||
|
"modified": "2022-09-12T14:43:02.000Z",
|
||
|
"relationship_type": "includes",
|
||
|
"source_ref": "x-misp-object--30fc9ba1-5c67-4f0e-bc2e-190385bbf94c",
|
||
|
"target_ref": "x-misp-object--4e112835-f8f5-4e54-980d-cea083e23eaf"
|
||
|
},
|
||
|
{
|
||
|
"type": "relationship",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "relationship--eaa442cd-9f70-4cae-b905-6047319801ed",
|
||
|
"created": "2022-09-12T14:43:02.000Z",
|
||
|
"modified": "2022-09-12T14:43:02.000Z",
|
||
|
"relationship_type": "includes",
|
||
|
"source_ref": "x-misp-object--30fc9ba1-5c67-4f0e-bc2e-190385bbf94c",
|
||
|
"target_ref": "x-misp-object--d0f21b10-3917-464b-b045-608dcd9e5963"
|
||
|
},
|
||
|
{
|
||
|
"type": "relationship",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "relationship--a796c539-259b-4cab-9fa6-6728d35f5701",
|
||
|
"created": "2022-09-12T14:43:03.000Z",
|
||
|
"modified": "2022-09-12T14:43:03.000Z",
|
||
|
"relationship_type": "includes",
|
||
|
"source_ref": "x-misp-object--30fc9ba1-5c67-4f0e-bc2e-190385bbf94c",
|
||
|
"target_ref": "x-misp-object--7efdfc81-f628-47d5-a390-ec16011fb036"
|
||
|
},
|
||
|
{
|
||
|
"type": "relationship",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "relationship--846ffb48-e2a7-4efa-9ed7-209a67a95db9",
|
||
|
"created": "2022-09-12T14:43:03.000Z",
|
||
|
"modified": "2022-09-12T14:43:03.000Z",
|
||
|
"relationship_type": "includes",
|
||
|
"source_ref": "x-misp-object--30fc9ba1-5c67-4f0e-bc2e-190385bbf94c",
|
||
|
"target_ref": "x-misp-object--be6c85f9-0493-4474-a28d-0927723fe5b2"
|
||
|
},
|
||
|
{
|
||
|
"type": "relationship",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "relationship--23802a33-d8a5-42f8-85cc-8e2d5036917e",
|
||
|
"created": "2022-09-12T14:43:03.000Z",
|
||
|
"modified": "2022-09-12T14:43:03.000Z",
|
||
|
"relationship_type": "includes",
|
||
|
"source_ref": "x-misp-object--30fc9ba1-5c67-4f0e-bc2e-190385bbf94c",
|
||
|
"target_ref": "x-misp-object--85d9e171-534b-4471-b7a8-283384907889"
|
||
|
},
|
||
|
{
|
||
|
"type": "relationship",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "relationship--e4c71524-099a-4972-806b-a825de3cf03a",
|
||
|
"created": "2022-09-12T14:43:03.000Z",
|
||
|
"modified": "2022-09-12T14:43:03.000Z",
|
||
|
"relationship_type": "includes",
|
||
|
"source_ref": "x-misp-object--30fc9ba1-5c67-4f0e-bc2e-190385bbf94c",
|
||
|
"target_ref": "x-misp-object--bea8b655-ac97-4fe0-b601-6a935509fd1c"
|
||
|
},
|
||
|
{
|
||
|
"type": "relationship",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "relationship--392944ca-0234-4604-b53a-aab533332226",
|
||
|
"created": "2022-09-12T14:43:03.000Z",
|
||
|
"modified": "2022-09-12T14:43:03.000Z",
|
||
|
"relationship_type": "includes",
|
||
|
"source_ref": "x-misp-object--30fc9ba1-5c67-4f0e-bc2e-190385bbf94c",
|
||
|
"target_ref": "x-misp-object--a75fbab5-5c56-4112-8d3d-da255941a91e"
|
||
|
},
|
||
|
{
|
||
|
"type": "relationship",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "relationship--dd02263f-4910-4e0d-b95d-85f17daa8a41",
|
||
|
"created": "2022-09-12T14:43:03.000Z",
|
||
|
"modified": "2022-09-12T14:43:03.000Z",
|
||
|
"relationship_type": "includes",
|
||
|
"source_ref": "indicator--c1e8e21e-f823-495d-a919-b3c00d071a7c",
|
||
|
"target_ref": "x-misp-object--30fc9ba1-5c67-4f0e-bc2e-190385bbf94c"
|
||
|
},
|
||
|
{
|
||
|
"type": "marking-definition",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
|
||
|
"created": "2017-01-20T00:00:00.000Z",
|
||
|
"definition_type": "tlp",
|
||
|
"name": "TLP:WHITE",
|
||
|
"definition": {
|
||
|
"tlp": "white"
|
||
|
}
|
||
|
}
|
||
|
]
|
||
|
}
|