misp-circl-feed/feeds/circl/stix-2.1/b9b6dcfa-0b11-40dc-9bf4-9a36a2c1a046.json

{
    "type": "bundle",
    "id": "bundle--b9b6dcfa-0b11-40dc-9bf4-9a36a2c1a046",
    "objects": [
        {
            "type": "identity",
            "spec_version": "2.1",
            "id": "identity--5cf66e53-b5f8-43e7-be9a-49880a3b4631",
            "created": "2022-10-04T10:50:05.000Z",
            "modified": "2022-10-04T10:50:05.000Z",
            "name": "Centre for Cyber security Belgium",
            "identity_class": "organization"
        },
        {
            "type": "report",
            "spec_version": "2.1",
            "id": "report--b9b6dcfa-0b11-40dc-9bf4-9a36a2c1a046",
            "created_by_ref": "identity--5cf66e53-b5f8-43e7-be9a-49880a3b4631",
            "created": "2022-10-04T10:50:05.000Z",
            "modified": "2022-10-04T10:50:05.000Z",
            "name": "HermeticWiper | New Destructive Malware Used In Cyber Attacks on Ukraine",
            "published": "2022-10-04T10:50:06Z",
            "object_refs": [
                "indicator--de0bd41d-ffac-4e5a-8ffd-63c0ba4c6979",
                "indicator--dc288e70-bf4b-46cc-84aa-515e39f3b433",
                "indicator--e499240c-bfd1-4e5b-a70b-244c11d69053",
                "observed-data--194c007c-eb84-4987-ae29-4dca3b02db47",
                "url--194c007c-eb84-4987-ae29-4dca3b02db47",
                "observed-data--8c55aae8-9ee3-4488-93e8-ee3998518fce",
                "windows-registry-key--8c55aae8-9ee3-4488-93e8-ee3998518fce",
                "indicator--85ca7a94-fcfb-4097-affc-0b102ae4dff5",
                "x-misp-object--d611f80f-3015-4e5a-ba28-a4219aae2114",
                "indicator--f6a02b6b-91df-4a01-9115-798e59bc7023",
                "x-misp-object--d9a1332e-3511-4417-97c8-f30621513106",
                "indicator--df7db285-8f67-49a0-a570-360c55604d2c",
                "indicator--6e410e9b-426b-49ce-a8b9-4efdf1656f24",
                "indicator--c908378a-8f2a-49e1-b592-306424bd139b",
                "relationship--089560a9-55e5-4077-8340-6e4e2fa8e1cd"
            ],
            "labels": [
                "Threat-Report",
                "misp:tool=\"MISP-STIX-Converter\"",
                "misp-galaxy:target-information=\"Ukraine\"",
                "misp-galaxy:mitre-attack-pattern=\"Data Destruction - T1485\"",
                "misp-galaxy:mitre-attack-pattern=\"Disk Structure Wipe - T1561.002\"",
                "misp-galaxy:mitre-attack-pattern=\"Signed Binary Proxy Execution - T1218\"",
                "misp-galaxy:mitre-attack-pattern=\"Group Policy Modification - T1484.001\"",
                "misp-galaxy:mitre-attack-pattern=\"Inhibit System Recovery - T1490\"",
                "admiralty-scale:source-reliability=\"a\"",
                "admiralty-scale:information-credibility=\"1\""
            ],
            "object_marking_refs": [
                "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--de0bd41d-ffac-4e5a-8ffd-63c0ba4c6979",
            "created_by_ref": "identity--5cf66e53-b5f8-43e7-be9a-49880a3b4631",
            "created": "2022-02-24T07:01:11.000Z",
            "modified": "2022-02-24T07:01:11.000Z",
            "pattern": "[file:hashes.MD5 = '231b3385ac17e41c5bb1b1fcb59599c4']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2022-02-24T07:01:11Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload delivery"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload delivery\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--dc288e70-bf4b-46cc-84aa-515e39f3b433",
            "created_by_ref": "identity--5cf66e53-b5f8-43e7-be9a-49880a3b4631",
            "created": "2022-02-24T07:01:11.000Z",
            "modified": "2022-02-24T07:01:11.000Z",
            "pattern": "[file:hashes.MD5 = '095a1678021b034903c85dd5acb447ad']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2022-02-24T07:01:11Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload delivery"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload delivery\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--e499240c-bfd1-4e5b-a70b-244c11d69053",
            "created_by_ref": "identity--5cf66e53-b5f8-43e7-be9a-49880a3b4631",
            "created": "2022-02-24T07:01:11.000Z",
            "modified": "2022-02-24T07:01:11.000Z",
            "pattern": "[file:hashes.MD5 = 'eb845b7a16ed82bd248e395d9852f467']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2022-02-24T07:01:11Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload delivery"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload delivery\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--194c007c-eb84-4987-ae29-4dca3b02db47",
            "created_by_ref": "identity--5cf66e53-b5f8-43e7-be9a-49880a3b4631",
            "created": "2022-02-24T07:33:42.000Z",
            "modified": "2022-02-24T07:33:42.000Z",
            "first_observed": "2022-02-24T07:33:42Z",
            "last_observed": "2022-02-24T07:33:42Z",
            "number_observed": 1,
            "object_refs": [
                "url--194c007c-eb84-4987-ae29-4dca3b02db47"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--194c007c-eb84-4987-ae29-4dca3b02db47",
            "value": "https://www.sentinelone.com/labs/hermetic-wiper-ukraine-under-attack/"
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--8c55aae8-9ee3-4488-93e8-ee3998518fce",
            "created_by_ref": "identity--5cf66e53-b5f8-43e7-be9a-49880a3b4631",
            "created": "2022-02-24T07:35:23.000Z",
            "modified": "2022-02-24T07:35:23.000Z",
            "first_observed": "2022-02-24T07:35:23Z",
            "last_observed": "2022-02-24T07:35:23Z",
            "number_observed": 1,
            "object_refs": [
                "windows-registry-key--8c55aae8-9ee3-4488-93e8-ee3998518fce"
            ],
            "labels": [
                "misp:type=\"regkey|value\"",
                "misp:category=\"Artifacts dropped\""
            ]
        },
        {
            "type": "windows-registry-key",
            "spec_version": "2.1",
            "id": "windows-registry-key--8c55aae8-9ee3-4488-93e8-ee3998518fce",
            "key": "SYSTEM\\CurrentControlSet\\Control\\CrashControl CrashDumpEnabled",
            "values": [
                {
                    "data": "0"
                }
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--85ca7a94-fcfb-4097-affc-0b102ae4dff5",
            "created_by_ref": "identity--5cf66e53-b5f8-43e7-be9a-49880a3b4631",
            "created": "2022-02-24T07:40:59.000Z",
            "modified": "2022-02-24T07:40:59.000Z",
            "pattern": "[file:name = 'empntdrv.sys']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2022-02-24T07:40:59Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload delivery"
                }
            ],
            "labels": [
                "misp:type=\"filename\"",
                "misp:category=\"Payload delivery\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "x-misp-object",
            "spec_version": "2.1",
            "id": "x-misp-object--d611f80f-3015-4e5a-ba28-a4219aae2114",
            "created_by_ref": "identity--5cf66e53-b5f8-43e7-be9a-49880a3b4631",
            "created": "2022-02-24T07:19:05.000Z",
            "modified": "2022-02-24T07:19:05.000Z",
            "labels": [
                "misp:name=\"virustotal-report\"",
                "misp:meta-category=\"misc\""
            ],
            "x_misp_attributes": [
                {
                    "type": "link",
                    "object_relation": "permalink",
                    "value": "https://www.virustotal.com/gui/file/0385eeab00e946a302b24a91dea4187c1210597b8e17cd9e2230450f5ece21da/detection/f-0385eeab00e946a302b24a91dea4187c1210597b8e17cd9e2230450f5ece21da-1645685791",
                    "category": "External analysis",
                    "uuid": "df316954-b61d-436a-8804-d2f38a368eeb"
                },
                {
                    "type": "text",
                    "object_relation": "detection-ratio",
                    "value": "8/71",
                    "category": "Other",
                    "uuid": "8becd4d8-0f4c-429a-a3d4-9e33ac8f55c5"
                }
            ],
            "x_misp_comment": "912342f1c840a42f6b74132f8a7c4ffe7d40fb77: Enriched via the virustotal module",
            "x_misp_meta_category": "misc",
            "x_misp_name": "virustotal-report"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--f6a02b6b-91df-4a01-9115-798e59bc7023",
            "created_by_ref": "identity--5cf66e53-b5f8-43e7-be9a-49880a3b4631",
            "created": "2022-02-24T07:21:35.000Z",
            "modified": "2022-02-24T07:21:35.000Z",
            "description": "912342f1c840a42f6b74132f8a7c4ffe7d40fb77: Enriched via the virustotal module",
            "pattern": "[file:hashes.MD5 = '84ba0197920fd3e2b7dfa719fee09d2f' AND file:hashes.SHA1 = '912342f1c840a42f6b74132f8a7c4ffe7d40fb77' AND file:hashes.SHA256 = '0385eeab00e946a302b24a91dea4187c1210597b8e17cd9e2230450f5ece21da']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2022-02-24T06:35:51Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "file"
                }
            ],
            "labels": [
                "misp:name=\"file\"",
                "misp:meta-category=\"file\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "x-misp-object",
            "spec_version": "2.1",
            "id": "x-misp-object--d9a1332e-3511-4417-97c8-f30621513106",
            "created_by_ref": "identity--5cf66e53-b5f8-43e7-be9a-49880a3b4631",
            "created": "2022-02-24T07:25:48.000Z",
            "modified": "2022-02-24T07:25:48.000Z",
            "labels": [
                "misp:name=\"virustotal-report\"",
                "misp:meta-category=\"misc\""
            ],
            "x_misp_attributes": [
                {
                    "type": "link",
                    "object_relation": "permalink",
                    "value": "https://www.virustotal.com/gui/file/1bc44eef75779e3ca1eefb8ff5a64807dbc942b1e4a2672d77b9f6928d292591/detection/f-1bc44eef75779e3ca1eefb8ff5a64807dbc942b1e4a2672d77b9f6928d292591-1645686225",
                    "category": "External analysis",
                    "uuid": "bafabadb-48ca-48a7-b192-ed30a1ffc57c"
                },
                {
                    "type": "text",
                    "object_relation": "detection-ratio",
                    "value": "28/71",
                    "category": "Other",
                    "uuid": "fecf0286-1c32-478d-93e3-507253b34c26"
                }
            ],
            "x_misp_comment": "61b25d11392172e587d8da3045812a66c3385451: Enriched via the virustotal module",
            "x_misp_meta_category": "misc",
            "x_misp_name": "virustotal-report"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--df7db285-8f67-49a0-a570-360c55604d2c",
            "created_by_ref": "identity--5cf66e53-b5f8-43e7-be9a-49880a3b4631",
            "created": "2022-02-24T07:25:57.000Z",
            "modified": "2022-02-24T07:25:57.000Z",
            "description": "61b25d11392172e587d8da3045812a66c3385451: Enriched via the virustotal module",
            "pattern": "[file:hashes.MD5 = '3f4a16b29f2f0532b7ce3e7656799125' AND file:hashes.SHA1 = '61b25d11392172e587d8da3045812a66c3385451' AND file:hashes.SHA256 = '1bc44eef75779e3ca1eefb8ff5a64807dbc942b1e4a2672d77b9f6928d292591']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2022-02-24T07:25:57Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "file"
                }
            ],
            "labels": [
                "misp:name=\"file\"",
                "misp:meta-category=\"file\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--6e410e9b-426b-49ce-a8b9-4efdf1656f24",
            "created_by_ref": "identity--5cf66e53-b5f8-43e7-be9a-49880a3b4631",
            "created": "2022-02-24T07:25:12.000Z",
            "modified": "2022-02-24T07:25:12.000Z",
            "pattern": "[file:hashes.MD5 = 'a952e288a1ead66490b3275a807f52e5']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2022-02-24T07:25:12Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "file"
                }
            ],
            "labels": [
                "misp:name=\"file\"",
                "misp:meta-category=\"file\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--c908378a-8f2a-49e1-b592-306424bd139b",
            "created_by_ref": "identity--5cf66e53-b5f8-43e7-be9a-49880a3b4631",
            "created": "2022-02-24T07:43:19.000Z",
            "modified": "2022-02-24T07:43:19.000Z",
            "name": "MAL_HERMETIC_WIPER",
            "description": "HermeticWiper - broad hunting rule",
            "pattern": "rule MAL_HERMETIC_WIPER {\r\n    meta:\r\n      desc = \\\\\"HermeticWiper - broad hunting rule\\\\\"\r\n      author = \\\\\"Friends @ SentinelLabs\\\\\"\r\n      version = \\\\\"1.0\\\\\"\r\n      last_modified = \\\\\"02.23.2022\\\\\"\r\n      hash = \\\\\"1bc44eef75779e3ca1eefb8ff5a64807dbc942b1e4a2672d77b9f6928d292591\\\\\"\r\n    strings:\r\n        $string1 = \\\\\"DRV_XP_X64\\\\\" wide ascii nocase\r\n        $string2 = \\\\\"EPMNTDRV\\\\\\\\%u\\\\\" wide ascii nocase\r\n        $string3 = \\\\\"PhysicalDrive%u\\\\\" wide ascii nocase\r\n        $cert1 = \\\\\"Hermetica Digital Ltd\\\\\" wide ascii nocase\r\n    condition:\r\n      uint16(0) == 0x5A4D and\r\n      all of them\r\n}",
            "pattern_type": "yara",
            "valid_from": "2022-02-24T07:43:19Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "misc"
                }
            ],
            "labels": [
                "misp:name=\"yara\"",
                "misp:meta-category=\"misc\"",
                "misp:to_ids=\"True\""
            ],
            "x_misp_context": "disk"
        },
        {
            "type": "relationship",
            "spec_version": "2.1",
            "id": "relationship--089560a9-55e5-4077-8340-6e4e2fa8e1cd",
            "created": "2022-10-04T10:50:05.000Z",
            "modified": "2022-10-04T10:50:05.000Z",
            "relationship_type": "analysed-with",
            "source_ref": "indicator--f6a02b6b-91df-4a01-9115-798e59bc7023",
            "target_ref": "x-misp-object--d611f80f-3015-4e5a-ba28-a4219aae2114"
        },
        {
            "type": "marking-definition",
            "spec_version": "2.1",
            "id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
            "created": "2017-01-20T00:00:00.000Z",
            "definition_type": "tlp",
            "name": "TLP:WHITE",
            "definition": {
                "tlp": "white"
            }
        }
    ]
}
chg: [misp-stix] STIX 2.1 export added 2023-04-21 14:44:17 +00:00			`{`
			`"type": "bundle",`
			`"id": "bundle--b9b6dcfa-0b11-40dc-9bf4-9a36a2c1a046",`
			`"objects": [`
			`{`
			`"type": "identity",`
			`"spec_version": "2.1",`
			`"id": "identity--5cf66e53-b5f8-43e7-be9a-49880a3b4631",`
			`"created": "2022-10-04T10:50:05.000Z",`
			`"modified": "2022-10-04T10:50:05.000Z",`
			`"name": "Centre for Cyber security Belgium",`
			`"identity_class": "organization"`
			`},`
			`{`
			`"type": "report",`
			`"spec_version": "2.1",`
			`"id": "report--b9b6dcfa-0b11-40dc-9bf4-9a36a2c1a046",`
			`"created_by_ref": "identity--5cf66e53-b5f8-43e7-be9a-49880a3b4631",`
			`"created": "2022-10-04T10:50:05.000Z",`
			`"modified": "2022-10-04T10:50:05.000Z",`
			`"name": "HermeticWiper \| New Destructive Malware Used In Cyber Attacks on Ukraine",`
			`"published": "2022-10-04T10:50:06Z",`
			`"object_refs": [`
			`"indicator--de0bd41d-ffac-4e5a-8ffd-63c0ba4c6979",`
			`"indicator--dc288e70-bf4b-46cc-84aa-515e39f3b433",`
			`"indicator--e499240c-bfd1-4e5b-a70b-244c11d69053",`
			`"observed-data--194c007c-eb84-4987-ae29-4dca3b02db47",`
			`"url--194c007c-eb84-4987-ae29-4dca3b02db47",`
			`"observed-data--8c55aae8-9ee3-4488-93e8-ee3998518fce",`
			`"windows-registry-key--8c55aae8-9ee3-4488-93e8-ee3998518fce",`
			`"indicator--85ca7a94-fcfb-4097-affc-0b102ae4dff5",`
			`"x-misp-object--d611f80f-3015-4e5a-ba28-a4219aae2114",`
			`"indicator--f6a02b6b-91df-4a01-9115-798e59bc7023",`
			`"x-misp-object--d9a1332e-3511-4417-97c8-f30621513106",`
			`"indicator--df7db285-8f67-49a0-a570-360c55604d2c",`
			`"indicator--6e410e9b-426b-49ce-a8b9-4efdf1656f24",`
			`"indicator--c908378a-8f2a-49e1-b592-306424bd139b",`
			`"relationship--089560a9-55e5-4077-8340-6e4e2fa8e1cd"`
			`],`
			`"labels": [`
			`"Threat-Report",`
			`"misp:tool=\"MISP-STIX-Converter\"",`
			`"misp-galaxy:target-information=\"Ukraine\"",`
			`"misp-galaxy:mitre-attack-pattern=\"Data Destruction - T1485\"",`
			`"misp-galaxy:mitre-attack-pattern=\"Disk Structure Wipe - T1561.002\"",`
			`"misp-galaxy:mitre-attack-pattern=\"Signed Binary Proxy Execution - T1218\"",`
			`"misp-galaxy:mitre-attack-pattern=\"Group Policy Modification - T1484.001\"",`
			`"misp-galaxy:mitre-attack-pattern=\"Inhibit System Recovery - T1490\"",`
			`"admiralty-scale:source-reliability=\"a\"",`
			`"admiralty-scale:information-credibility=\"1\""`
			`],`
			`"object_marking_refs": [`
			`"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"`
			`]`
			`},`
			`{`
			`"type": "indicator",`
			`"spec_version": "2.1",`
			`"id": "indicator--de0bd41d-ffac-4e5a-8ffd-63c0ba4c6979",`
			`"created_by_ref": "identity--5cf66e53-b5f8-43e7-be9a-49880a3b4631",`
			`"created": "2022-02-24T07:01:11.000Z",`
			`"modified": "2022-02-24T07:01:11.000Z",`
			`"pattern": "[file:hashes.MD5 = '231b3385ac17e41c5bb1b1fcb59599c4']",`
			`"pattern_type": "stix",`
			`"pattern_version": "2.1",`
			`"valid_from": "2022-02-24T07:01:11Z",`
			`"kill_chain_phases": [`
			`{`
			`"kill_chain_name": "misp-category",`
			`"phase_name": "Payload delivery"`
			`}`
			`],`
			`"labels": [`
			`"misp:type=\"md5\"",`
			`"misp:category=\"Payload delivery\"",`
			`"misp:to_ids=\"True\""`
			`]`
			`},`
			`{`
			`"type": "indicator",`
			`"spec_version": "2.1",`
			`"id": "indicator--dc288e70-bf4b-46cc-84aa-515e39f3b433",`
			`"created_by_ref": "identity--5cf66e53-b5f8-43e7-be9a-49880a3b4631",`
			`"created": "2022-02-24T07:01:11.000Z",`
			`"modified": "2022-02-24T07:01:11.000Z",`
			`"pattern": "[file:hashes.MD5 = '095a1678021b034903c85dd5acb447ad']",`
			`"pattern_type": "stix",`
			`"pattern_version": "2.1",`
			`"valid_from": "2022-02-24T07:01:11Z",`
			`"kill_chain_phases": [`
			`{`
			`"kill_chain_name": "misp-category",`
			`"phase_name": "Payload delivery"`
			`}`
			`],`
			`"labels": [`
			`"misp:type=\"md5\"",`
			`"misp:category=\"Payload delivery\"",`
			`"misp:to_ids=\"True\""`
			`]`
			`},`
			`{`
			`"type": "indicator",`
			`"spec_version": "2.1",`
			`"id": "indicator--e499240c-bfd1-4e5b-a70b-244c11d69053",`
			`"created_by_ref": "identity--5cf66e53-b5f8-43e7-be9a-49880a3b4631",`
			`"created": "2022-02-24T07:01:11.000Z",`
			`"modified": "2022-02-24T07:01:11.000Z",`
			`"pattern": "[file:hashes.MD5 = 'eb845b7a16ed82bd248e395d9852f467']",`
			`"pattern_type": "stix",`
			`"pattern_version": "2.1",`
			`"valid_from": "2022-02-24T07:01:11Z",`
			`"kill_chain_phases": [`
			`{`
			`"kill_chain_name": "misp-category",`
			`"phase_name": "Payload delivery"`
			`}`
			`],`
			`"labels": [`
			`"misp:type=\"md5\"",`
			`"misp:category=\"Payload delivery\"",`
			`"misp:to_ids=\"True\""`
			`]`
			`},`
			`{`
			`"type": "observed-data",`
			`"spec_version": "2.1",`
			`"id": "observed-data--194c007c-eb84-4987-ae29-4dca3b02db47",`
			`"created_by_ref": "identity--5cf66e53-b5f8-43e7-be9a-49880a3b4631",`
			`"created": "2022-02-24T07:33:42.000Z",`
			`"modified": "2022-02-24T07:33:42.000Z",`
			`"first_observed": "2022-02-24T07:33:42Z",`
			`"last_observed": "2022-02-24T07:33:42Z",`
			`"number_observed": 1,`
			`"object_refs": [`
			`"url--194c007c-eb84-4987-ae29-4dca3b02db47"`
			`],`
			`"labels": [`
			`"misp:type=\"link\"",`
			`"misp:category=\"External analysis\""`
			`]`
			`},`
			`{`
			`"type": "url",`
			`"spec_version": "2.1",`
			`"id": "url--194c007c-eb84-4987-ae29-4dca3b02db47",`
			`"value": "https://www.sentinelone.com/labs/hermetic-wiper-ukraine-under-attack/"`
			`},`
			`{`
			`"type": "observed-data",`
			`"spec_version": "2.1",`
			`"id": "observed-data--8c55aae8-9ee3-4488-93e8-ee3998518fce",`
			`"created_by_ref": "identity--5cf66e53-b5f8-43e7-be9a-49880a3b4631",`
			`"created": "2022-02-24T07:35:23.000Z",`
			`"modified": "2022-02-24T07:35:23.000Z",`
			`"first_observed": "2022-02-24T07:35:23Z",`
			`"last_observed": "2022-02-24T07:35:23Z",`
			`"number_observed": 1,`
			`"object_refs": [`
			`"windows-registry-key--8c55aae8-9ee3-4488-93e8-ee3998518fce"`
			`],`
			`"labels": [`
			`"misp:type=\"regkey\|value\"",`
			`"misp:category=\"Artifacts dropped\""`
			`]`
			`},`
			`{`
			`"type": "windows-registry-key",`
			`"spec_version": "2.1",`
			`"id": "windows-registry-key--8c55aae8-9ee3-4488-93e8-ee3998518fce",`
			`"key": "SYSTEM\\CurrentControlSet\\Control\\CrashControl CrashDumpEnabled",`
			`"values": [`
			`{`
			`"data": "0"`
			`}`
			`]`
			`},`
			`{`
			`"type": "indicator",`
			`"spec_version": "2.1",`
			`"id": "indicator--85ca7a94-fcfb-4097-affc-0b102ae4dff5",`
			`"created_by_ref": "identity--5cf66e53-b5f8-43e7-be9a-49880a3b4631",`
			`"created": "2022-02-24T07:40:59.000Z",`
			`"modified": "2022-02-24T07:40:59.000Z",`
			`"pattern": "[file:name = 'empntdrv.sys']",`
			`"pattern_type": "stix",`
			`"pattern_version": "2.1",`
			`"valid_from": "2022-02-24T07:40:59Z",`
			`"kill_chain_phases": [`
			`{`
			`"kill_chain_name": "misp-category",`
			`"phase_name": "Payload delivery"`
			`}`
			`],`
			`"labels": [`
			`"misp:type=\"filename\"",`
			`"misp:category=\"Payload delivery\"",`
			`"misp:to_ids=\"True\""`
			`]`
			`},`
			`{`
			`"type": "x-misp-object",`
			`"spec_version": "2.1",`
			`"id": "x-misp-object--d611f80f-3015-4e5a-ba28-a4219aae2114",`
			`"created_by_ref": "identity--5cf66e53-b5f8-43e7-be9a-49880a3b4631",`
			`"created": "2022-02-24T07:19:05.000Z",`
			`"modified": "2022-02-24T07:19:05.000Z",`
			`"labels": [`
			`"misp:name=\"virustotal-report\"",`
			`"misp:meta-category=\"misc\""`
			`],`
			`"x_misp_attributes": [`
			`{`
			`"type": "link",`
			`"object_relation": "permalink",`
			`"value": "https://www.virustotal.com/gui/file/0385eeab00e946a302b24a91dea4187c1210597b8e17cd9e2230450f5ece21da/detection/f-0385eeab00e946a302b24a91dea4187c1210597b8e17cd9e2230450f5ece21da-1645685791",`
			`"category": "External analysis",`
			`"uuid": "df316954-b61d-436a-8804-d2f38a368eeb"`
			`},`
			`{`
			`"type": "text",`
			`"object_relation": "detection-ratio",`
			`"value": "8/71",`
			`"category": "Other",`
			`"uuid": "8becd4d8-0f4c-429a-a3d4-9e33ac8f55c5"`
			`}`
			`],`
			`"x_misp_comment": "912342f1c840a42f6b74132f8a7c4ffe7d40fb77: Enriched via the virustotal module",`
			`"x_misp_meta_category": "misc",`
			`"x_misp_name": "virustotal-report"`
			`},`
			`{`
			`"type": "indicator",`
			`"spec_version": "2.1",`
			`"id": "indicator--f6a02b6b-91df-4a01-9115-798e59bc7023",`
			`"created_by_ref": "identity--5cf66e53-b5f8-43e7-be9a-49880a3b4631",`
			`"created": "2022-02-24T07:21:35.000Z",`
			`"modified": "2022-02-24T07:21:35.000Z",`
			`"description": "912342f1c840a42f6b74132f8a7c4ffe7d40fb77: Enriched via the virustotal module",`
			`"pattern": "[file:hashes.MD5 = '84ba0197920fd3e2b7dfa719fee09d2f' AND file:hashes.SHA1 = '912342f1c840a42f6b74132f8a7c4ffe7d40fb77' AND file:hashes.SHA256 = '0385eeab00e946a302b24a91dea4187c1210597b8e17cd9e2230450f5ece21da']",`
			`"pattern_type": "stix",`
			`"pattern_version": "2.1",`
			`"valid_from": "2022-02-24T06:35:51Z",`
			`"kill_chain_phases": [`
			`{`
			`"kill_chain_name": "misp-category",`
			`"phase_name": "file"`
			`}`
			`],`
			`"labels": [`
			`"misp:name=\"file\"",`
			`"misp:meta-category=\"file\"",`
			`"misp:to_ids=\"True\""`
			`]`
			`},`
			`{`
			`"type": "x-misp-object",`
			`"spec_version": "2.1",`
			`"id": "x-misp-object--d9a1332e-3511-4417-97c8-f30621513106",`
			`"created_by_ref": "identity--5cf66e53-b5f8-43e7-be9a-49880a3b4631",`
			`"created": "2022-02-24T07:25:48.000Z",`
			`"modified": "2022-02-24T07:25:48.000Z",`
			`"labels": [`
			`"misp:name=\"virustotal-report\"",`
			`"misp:meta-category=\"misc\""`
			`],`
			`"x_misp_attributes": [`
			`{`
			`"type": "link",`
			`"object_relation": "permalink",`
			`"value": "https://www.virustotal.com/gui/file/1bc44eef75779e3ca1eefb8ff5a64807dbc942b1e4a2672d77b9f6928d292591/detection/f-1bc44eef75779e3ca1eefb8ff5a64807dbc942b1e4a2672d77b9f6928d292591-1645686225",`
			`"category": "External analysis",`
			`"uuid": "bafabadb-48ca-48a7-b192-ed30a1ffc57c"`
			`},`
			`{`
			`"type": "text",`
			`"object_relation": "detection-ratio",`
			`"value": "28/71",`
			`"category": "Other",`
			`"uuid": "fecf0286-1c32-478d-93e3-507253b34c26"`
			`}`
			`],`
			`"x_misp_comment": "61b25d11392172e587d8da3045812a66c3385451: Enriched via the virustotal module",`
			`"x_misp_meta_category": "misc",`
			`"x_misp_name": "virustotal-report"`
			`},`
			`{`
			`"type": "indicator",`
			`"spec_version": "2.1",`
			`"id": "indicator--df7db285-8f67-49a0-a570-360c55604d2c",`
			`"created_by_ref": "identity--5cf66e53-b5f8-43e7-be9a-49880a3b4631",`
			`"created": "2022-02-24T07:25:57.000Z",`
			`"modified": "2022-02-24T07:25:57.000Z",`
			`"description": "61b25d11392172e587d8da3045812a66c3385451: Enriched via the virustotal module",`
			`"pattern": "[file:hashes.MD5 = '3f4a16b29f2f0532b7ce3e7656799125' AND file:hashes.SHA1 = '61b25d11392172e587d8da3045812a66c3385451' AND file:hashes.SHA256 = '1bc44eef75779e3ca1eefb8ff5a64807dbc942b1e4a2672d77b9f6928d292591']",`
			`"pattern_type": "stix",`
			`"pattern_version": "2.1",`
			`"valid_from": "2022-02-24T07:25:57Z",`
			`"kill_chain_phases": [`
			`{`
			`"kill_chain_name": "misp-category",`
			`"phase_name": "file"`
			`}`
			`],`
			`"labels": [`
			`"misp:name=\"file\"",`
			`"misp:meta-category=\"file\"",`
			`"misp:to_ids=\"True\""`
			`]`
			`},`
			`{`
			`"type": "indicator",`
			`"spec_version": "2.1",`
			`"id": "indicator--6e410e9b-426b-49ce-a8b9-4efdf1656f24",`
			`"created_by_ref": "identity--5cf66e53-b5f8-43e7-be9a-49880a3b4631",`
			`"created": "2022-02-24T07:25:12.000Z",`
			`"modified": "2022-02-24T07:25:12.000Z",`
			`"pattern": "[file:hashes.MD5 = 'a952e288a1ead66490b3275a807f52e5']",`
			`"pattern_type": "stix",`
			`"pattern_version": "2.1",`
			`"valid_from": "2022-02-24T07:25:12Z",`
			`"kill_chain_phases": [`
			`{`
			`"kill_chain_name": "misp-category",`
			`"phase_name": "file"`
			`}`
			`],`
			`"labels": [`
			`"misp:name=\"file\"",`
			`"misp:meta-category=\"file\"",`
			`"misp:to_ids=\"True\""`
			`]`
			`},`
			`{`
			`"type": "indicator",`
			`"spec_version": "2.1",`
			`"id": "indicator--c908378a-8f2a-49e1-b592-306424bd139b",`
			`"created_by_ref": "identity--5cf66e53-b5f8-43e7-be9a-49880a3b4631",`
			`"created": "2022-02-24T07:43:19.000Z",`
			`"modified": "2022-02-24T07:43:19.000Z",`
			`"name": "MAL_HERMETIC_WIPER",`
			`"description": "HermeticWiper - broad hunting rule",`
			"pattern": "rule MAL_HERMETIC_WIPER {\r\n meta:\r\n desc = \\\\\"HermeticWiper - broad hunting rule\\\\\"\r\n author = \\\\\"Friends @ SentinelLabs\\\\\"\r\n version = \\\\\"1.0\\\\\"\r\n last_modified = \\\\\"02.23.2022\\\\\"\r\n hash = \\\\\"1bc44eef75779e3ca1eefb8ff5a64807dbc942b1e4a2672d77b9f6928d292591\\\\\"\r\n strings:\r\n $string1 = \\\\\"DRV_XP_X64\\\\\" wide ascii nocase\r\n $string2 = \\\\\"EPMNTDRV\\\\\\\\%u\\\\\" wide ascii nocase\r\n $string3 = \\\\\"PhysicalDrive%u\\\\\" wide ascii nocase\r\n $cert1 = \\\\\"Hermetica Digital Ltd\\\\\" wide ascii nocase\r\n condition:\r\n uint16(0) == 0x5A4D and\r\n all of them\r\n}",
			`"pattern_type": "yara",`
			`"valid_from": "2022-02-24T07:43:19Z",`
			`"kill_chain_phases": [`
			`{`
			`"kill_chain_name": "misp-category",`
			`"phase_name": "misc"`
			`}`
			`],`
			`"labels": [`
			`"misp:name=\"yara\"",`
			`"misp:meta-category=\"misc\"",`
			`"misp:to_ids=\"True\""`
			`],`
			`"x_misp_context": "disk"`
			`},`
			`{`
			`"type": "relationship",`
			`"spec_version": "2.1",`
			`"id": "relationship--089560a9-55e5-4077-8340-6e4e2fa8e1cd",`
			`"created": "2022-10-04T10:50:05.000Z",`
			`"modified": "2022-10-04T10:50:05.000Z",`
			`"relationship_type": "analysed-with",`
			`"source_ref": "indicator--f6a02b6b-91df-4a01-9115-798e59bc7023",`
			`"target_ref": "x-misp-object--d611f80f-3015-4e5a-ba28-a4219aae2114"`
			`},`
			`{`
			`"type": "marking-definition",`
			`"spec_version": "2.1",`
			`"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",`
			`"created": "2017-01-20T00:00:00.000Z",`
			`"definition_type": "tlp",`
			`"name": "TLP:WHITE",`
			`"definition": {`
			`"tlp": "white"`
			`}`
			`}`
			`]`
			`}`