2023-04-21 13:25:09 +00:00
{
2023-06-14 17:31:25 +00:00
"type" : "bundle" ,
"id" : "bundle--5cffb200-f430-44b2-83a2-c922950d210f" ,
"objects" : [
{
"type" : "identity" ,
"spec_version" : "2.1" ,
"id" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-06-11T14:38:31.000Z" ,
"modified" : "2019-06-11T14:38:31.000Z" ,
"name" : "CIRCL" ,
"identity_class" : "organization"
} ,
{
"type" : "report" ,
"spec_version" : "2.1" ,
"id" : "report--5cffb200-f430-44b2-83a2-c922950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-06-11T14:38:31.000Z" ,
"modified" : "2019-06-11T14:38:31.000Z" ,
"name" : "Dharma Ransomware sample" ,
"published" : "2019-06-11T14:41:51Z" ,
"object_refs" : [
"observed-data--5cffb284-faf4-4802-b6b8-7f1e950d210f" ,
"url--5cffb284-faf4-4802-b6b8-7f1e950d210f" ,
"indicator--5cffb3b8-af68-4c12-a266-7303950d210f" ,
"indicator--5cffb43d-af50-4598-b611-72f8950d210f" ,
"indicator--5cffb4d4-65a4-461f-9138-c804950d210f" ,
"indicator--5cffb4d4-20b8-43f0-b3e4-c804950d210f" ,
"indicator--5cffb4d4-9518-4a8e-babf-c804950d210f" ,
"observed-data--5cffb52a-0430-44a6-85ec-c7e9950d210f" ,
"url--5cffb52a-0430-44a6-85ec-c7e9950d210f" ,
"indicator--5cffb25a-bbdc-467c-9fae-c805950d210f" ,
"indicator--41f3bbc0-3498-4e46-b709-ecf8ab06b7f7" ,
"x-misp-object--1e50392c-b19d-4eed-b377-f9d969518f18" ,
"observed-data--961d6906-3cf1-4681-baa0-1083e3236558" ,
"file--caf83adf-0962-5dcc-9e3f-8fef8fdab3a7" ,
"x-misp-object--7996b4b6-4218-487c-b44f-b692014499a5" ,
"x-misp-object--6553476c-da2b-4912-b792-1c1a66a974ac" ,
"x-misp-object--c39231fe-0086-4273-99d8-af059f62726b" ,
2023-06-24 09:36:52 +00:00
"relationship--25838701-d42c-420e-a4c4-550ba3063b90"
2023-06-14 17:31:25 +00:00
] ,
"labels" : [
"Threat-Report" ,
"misp:tool=\"MISP-STIX-Converter\"" ,
"type:OSINT" ,
"osint:lifetime=\"perpetual\"" ,
"osint:certainty=\"50\"" ,
"misp-galaxy:ransomware=\"Dharma Ransomware\"" ,
"misp-galaxy:ransomware=\"Virus-Encoder\""
] ,
"object_marking_refs" : [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--5cffb284-faf4-4802-b6b8-7f1e950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-06-11T13:54:12.000Z" ,
"modified" : "2019-06-11T13:54:12.000Z" ,
"first_observed" : "2019-06-11T13:54:12Z" ,
"last_observed" : "2019-06-11T13:54:12Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--5cffb284-faf4-4802-b6b8-7f1e950d210f"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--5cffb284-faf4-4802-b6b8-7f1e950d210f" ,
"value" : "https://www.virustotal.com/gui/file/bb966a50449436af561df9fb818217ff2c72ef3eea5b2f52646e3befe7d20b54/detection"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5cffb3b8-af68-4c12-a266-7303950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-06-11T13:59:20.000Z" ,
"modified" : "2019-06-11T13:59:20.000Z" ,
"pattern" : "[mutex:name = 'Global\\\\syncronize_K8DWMVA']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-06-11T13:59:20Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Artifacts dropped"
}
] ,
"labels" : [
"misp:type=\"mutex\"" ,
"misp:category=\"Artifacts dropped\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5cffb43d-af50-4598-b611-72f8950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-06-11T14:01:33.000Z" ,
"modified" : "2019-06-11T14:01:33.000Z" ,
"pattern" : "[mutex:name = 'Global\\\\syncronize_K8DWMVU']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-06-11T14:01:33Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Artifacts dropped"
}
] ,
"labels" : [
"misp:type=\"mutex\"" ,
"misp:category=\"Artifacts dropped\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5cffb4d4-65a4-461f-9138-c804950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-06-11T14:04:04.000Z" ,
"modified" : "2019-06-11T14:04:04.000Z" ,
"pattern" : "[file:name = '\\\\%WINDIR\\\\%\\\\system32\\\\996E.exe']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-06-11T14:04:04Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Artifacts dropped"
}
] ,
"labels" : [
"misp:type=\"filename\"" ,
"misp:category=\"Artifacts dropped\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5cffb4d4-20b8-43f0-b3e4-c804950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-06-11T14:04:04.000Z" ,
"modified" : "2019-06-11T14:04:04.000Z" ,
"pattern" : "[file:name = '\\\\%USERPROFILE\\\\%\\\\\u00e3\u20ac\u0152\u00e5\u00bc\u20ac\u00e5\u00a7\u2039\u00e3\u20ac\u008d\u00e8\u008f\u0153\u00e5\u008d\u2022\\\\\u00e7\u00a8\u2039\u00e5\u00ba\u008f\\\\\u00e5\u0090\u00af\u00e5\u0160\u00a8\\\\996E.exe']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-06-11T14:04:04Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Artifacts dropped"
}
] ,
"labels" : [
"misp:type=\"filename\"" ,
"misp:category=\"Artifacts dropped\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5cffb4d4-9518-4a8e-babf-c804950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-06-11T14:04:04.000Z" ,
"modified" : "2019-06-11T14:04:04.000Z" ,
"pattern" : "[file:name = '\\\\%ALLUSERSPROFILE\\\\%\\\\\u00e3\u20ac\u0152\u00e5\u00bc\u20ac\u00e5\u00a7\u2039\u00e3\u20ac\u008d\u00e8\u008f\u0153\u00e5\u008d\u2022\\\\\u00e7\u00a8\u2039\u00e5\u00ba\u008f\\\\\u00e5\u0090\u00af\u00e5\u0160\u00a8\\\\996E.exe']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-06-11T14:04:04Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Artifacts dropped"
}
] ,
"labels" : [
"misp:type=\"filename\"" ,
"misp:category=\"Artifacts dropped\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--5cffb52a-0430-44a6-85ec-c7e9950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-06-11T14:05:30.000Z" ,
"modified" : "2019-06-11T14:05:30.000Z" ,
"first_observed" : "2019-06-11T14:05:30Z" ,
"last_observed" : "2019-06-11T14:05:30Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--5cffb52a-0430-44a6-85ec-c7e9950d210f"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--5cffb52a-0430-44a6-85ec-c7e9950d210f" ,
"value" : "https://www.hybrid-analysis.com/sample/bb966a50449436af561df9fb818217ff2c72ef3eea5b2f52646e3befe7d20b54"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5cffb25a-bbdc-467c-9fae-c805950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-06-11T13:53:30.000Z" ,
"modified" : "2019-06-11T13:53:30.000Z" ,
"pattern" : " [ f i l e : h a s h e s . M D 5 = ' c d e 75 b 4 c 59682 b 1088 a c 0 9 a f f a 8 a 9 d 32 ' A N D f i l e : h a s h e s . S H A 1 = ' f f c b a 94 f 675e61 f 0 b 84e41163431 f e 62e8 e b a 93 b ' A N D f i l e : h a s h e s . S H A 256 = ' b b 966 a 50449436 a f 561 d f 9 f b 818217 f f 2 c 72 e f 3 e e a 5 b 2 f 52646e3 b e f e 7 d 20 b 54 ' A N D f i l e : n a m e = ' b b 966 a 50449436 a f 561 d f 9 f b 818217 f f 2 c 72 e f 3 e e a 5 b 2 f 52646e3 b e f e 7 d 20 b 54 . b i n ' A N D f i l e : s i z e = ' 94720 ' A N D ( f i l e : c o n t e n t _ r e f . p a y l o a d _ b i n = ' U E s D B B Q A C Q A I A K 9 u y 0 7 x j 8 A U v x I B A A B y A Q A g A B w A Y 2 R l N z V i N G M 1 O T Y 4 M m I x M D g 4 Y W M w O W F m Z m E 4 Y T l k M z J V V A k A A 1 q y / 1 x a s v 9 c d X g L A A E E I Q A A A A Q h A A A A u I U u 446 z o M D d 50 y Y Z 0 i m f f C e T r f i 97 O Y a e O h k x N U k J m X m A A Q e + V 0 X T + t h z 55 h p N K 59 N s v 1 x M j l 9 X R z / O + q t A v F H B L z H o k k k X l g 5 A m a K 8 s W y w Y b / s E u G n 0 j Z E Q 1 c 7 C G S u R e H y e O Q j o c e x m b I x T F Z x 8 f L / n J 6 M Z e 9 B Y 7 y s C F e J O P q h P s o L I L M J c w b K r j d + a k h 8 C R 3 j 9 j d 59 d V b H V K h f G 1 x b m e u X P G M 3 Q 5 D W B w P X G A 7 B q 1 E Z T R s Y Q G E Y b m C K I X K 27 k 9 A p R w l 5 H T h X A f h U 5 w U m O b + r 5 g m M n q b B l D g H m q K w e v i w m n j 6 H w 22 G l m 7 r F 1 u w u r B 4 m O J K 745 y 5 W t L W Y i m y 6 O x E Z h a a 7 Q E / d 6 R q J / 7 j n L g X y G k 3 Y y m P 96 v y 5 + j 3 x N o S o Q n R w M J 4 a W H U N 9 m 3 Q Z v / K Y u D z f y 75 g 5 A r U K j C 0 n v Q 7 I w R F 5 R / 4 r n X a / 3 e A j q X l f N r E J 5 V z m x t 3 N K L h G B q F 8 e P 6 Z o K 6 g b G a X p G j m M y I + x p N j x 9 h k C T C i P N Q N 7 F D h k z R s p Z u u H h s E o G E W Y 8 u V 40 m Q w D M S z h L x K d W o r C v 3 q x H E Y O q O 8 G Y P 3 b x b B o l r X K O l J L D K 2 m x w K X d e O f s h W I c H h r L X l M D a 91 L v D d I p N N 7 r I n g M D P 5 W c Z Q y 3 k f q o h k H f N j B C n U 4 l / c z 26 N 7e60 u C J K + 1 H R C 3 y g 3 s U H L V a e Z v c 4 H L I g p S 5 B T c Q T h 394 q d f I G F A m x B E Q T g 0 + 6 S z k P 9 e I J / P k M E k s s o r e x 4 r j / K a b z m d 35 L M p 9 m j e 6 F P D 7 V B 3 n a s f 4 l j q + R U s m + g 3 j i 4 i 91 v F f x N n P 302 d T k 8 t 0 d Y 7 H r 7 f G 1 i Y j S M / y y 5 b e 2 j S 4 j 0 W r y Y R 3 C Y G B U y g b T j 8 / b x j k O C J r J w 83 t t 2 x z s o w y G U m t Z q 91 L m r v l s S y q I b b 5 Y n 3 w e T j 9 X o b N / B P Y Y G Q 6 p t U V m a y E G 0 Z w F S Y z n J f h A m i u W x T z s t Z 9 Y A R 1 p Q P a J T r 1 B G A B r a j f L 0 r 6 h B P z 2 e d 2 / p Q 0 1 z 9 R N G 2 C N 6 q / Y x p v h p m a 9 u D r + 5 B R N E V C m U w d i 9 N f 9 X D x f S 8 V u j + n Z / m e Y C 1 e P b c 5 X 78 v / 26 A a a v 5 P S A t Q L C d j 0 W b r h M + H L 9 Y U 0 h w r A I t m 9 s M G R c Q 9 H O r A E W 6 M f Z B f L P d a v B + N 8 O 77 i 4 + y X J 1E6 o V d j E N Q u F g j v b X e S F T x y b p J 6 t H A S K P + J 3 F 4 w S Z U w T a G m f b j B + O u K B r 7 t Q T o r I F e m 25 e r F k 4 I t 80 M M 3e2 a e A F 0 x J T k G p b N X / 5 o 0 L k v 4 s a 7 N R o N h 9 w I L N W j 1 Y b y 6 J H d T 7 h 8 p 8 R 4 j x / Q l K D d X c M g 8 y q Z R c z x x Z B T 1 E y s + d P c Q M I u N D J C s L 1 e p o Z R y w 2 B W L 6 J I o M + l j N h T P T 27 a P p r Z x f 3 n d 7 F N g p O U b w l s C C s G T m e H L H 6 K Q Z 0 0 V Y c 5 b 8 t Y r S w Z V i n + l g C j r Q / P q P 9 j T r G y a O L r f R g m G 8 q O K Z K m m + + A J t N P 9 t 1 O e m u N X J n t / W 4 V 5 j G C O 0 Y N W l 6 G d 1 y p s b v B v h Y h w Y I C I L n 3 y t + e p f R P t q G 9 t i U N j A z 5 c M a 3 v j n g q M 6 B x F W R F T U N i w Q y L T q w A C x a r Q J L M I v J 70 M h k J z t D Y Y i S L P e + a o o D w W U P 52 d S W W g S M v j B x E E H J n b p U S I v + r n q J N f 4 G N r J C s Q M S R W n 6 Y u l Y v L 5 S n V D h f A M 0 X f r X m j P P K 4 S C 8 Q 6 z K 9 B J D 8 p E K n k c 3 q W Q F C i 5 s O q i e 9 a a 3 l j 1e9 D w u v q w 2 R b m L C K Z w 0 V H a 9 g t s U U d p j O d x N D t Y 0 V 1 + N 32 l x f 45 J x / N h I J i S V A P 4 Y Q u t L u G e K E H 1 k F f 8 b e Y C K m B r I c e L E o k 9 S n b u 5 H j a v 0 Z 9 I 0 S 1 K v 44 m 2 + 8 R h v E C B a a Z 9 + i a / k S z T C S w d Z f P 49 j D q c K a K f m W O h f / K / o t i C N k O m Y R p 4445 j J 6 R s s v U j Z t s l i 6 B 0 K Q O Q q 0 o 5 M Q a Y M f i h 1 C W i x Q L m s C + L Z A i O F A M + U U J t J E 0 L j c Y r r E 8 W p x M C r R L X y w u h h v R f E M u T E d w t U k g J c c s 2 w U x f z Z q h n K y a d D F F c 1 L N 6 A 89 O g E Q C 69 s e W a U N E m l T 42 j y 0 o M P J x G Z D 9 e a O m q s + l C u e f h Z 3 x 66 K f 9 G v O J o B s R P e K A M Q N a X z x + J P G A W + M m F o e A h m f Y Q K Q 5 M r x A W 6 F X Q t r H A p 4 x L W l A O D b n 1 a O f p L A M c z O 5 n N o h 6 O p F T H Y h o 5 U 5 H T c a Y c 1 U i p c a m N n N L i N X 4 S G a t B 0 G I 0 Y Q 5 f h P 2 W / u n n X 3 H a c / A F S T N E a o y j x R u W p h U I Y g O q n k h 8 K 3 D h D o v x a P v w 964 E b R / a g s o 5 m A 16 U r O d H b k W z E P M 7 h Z D 1 p + 48 L s E a T W O M O o y I / e t e 9 c Y B T O c h Q e 4 Z n p C 3 O 59 Q T y n l K Z o A H i 0 f m q O C 329 / O + i n W E R D T s j j S 38 R N Z D E 38 t y h T 2 y N q k t C f Q k S D v R m 3 Y Q v b n o q G K f l l 63 O U s h E h 4 Y F 4 g R W t K D C A F R s o h 5 L L b j q k a a O i F 7 j 3 + / q K n o L k E s h + n D 1 Q 1 Q Y b W U w b C + K / Q z / V / 737 E z x 50 A e Y f D c 3 n I q R Z H J 9 A U x Z J 4 A n g q M D S B 3 H 2 x F S B 4 z F 85 o U R 70 M f P Y m A z C v b Z 5 B 1 z 8 K i Z l / o y T A c z 3 R v N Z O T N P X Y 5 f G X H 4 U c D 9 r H 26 l x t b p V q 7 k c a G 1 F N E h B + / 2 l D S B 0 89 T e 67 P 0 m t 9 A d 1 n I L m q e t u 7 t y C 9 Q R R Y C p + r f q K 8 C V B d O k Z X T e 1 f Y z F S w O y h 19 g X V 4 m p X j b 1 z u g 3 c 0 O h G A J d i Y 2 D 8 d Y J a t / 0 s l K X W 1 / o E 1 z A / 9 y 2 J k G Q u + R x W 35 J r I 2 t S b k m s 9 / 7 d a x i U T m z 5 C 93 s m s r 0 4 a c p y R k 8 + / M i h V c T / i 7 g w g + Z t W K K / D H F m p t 5 m g u 9 P Y Y V X r 41 Y D L k z L l a N E O V F v V H O 3 z a 9 N s P y w 1 H b j O S 9 L r t Z i Q F l c H U t u j / 2 O t q X m 1 j 4 J I 1 X m 1 F d 5 D p y i P u Q w C s G K a H 8 K v m 27 F A s C q h r F k 5 L K P 38 V n n g c d J O V C 49 N R D 4 l u w T D J w u h 7 w y z i b 2 G i Q a K J l y u 3 h B X o M h + A 8 Z L M A r b f a j H A a 0 y 5 f + k 2 X M w z D u 55 D 0 Z X Z h t v O t 2 G L K 4 s u c A U e L K k s 1 S R m d 0 79 + 5 v 45 L o f u n / M v a y + E x J e e t S o v o t S f R P P 7 T S O V n 1 u 7 s 8 i / 2 r l S + G 1 v 5 / T Y E h J 730 W / B d v P r H N h W L x m F K s u g 0 c 77 z Z B V w v N b B b + 5 p Y A W o I J a R J F 3 M i 2 i 41 K E s A d g V Y 8 q w / D P t q / j p c G h t w E 22 B / S d h Z 7 O B R l A I s l n o W j + M v m d 67 c 911 h U 5 Y x 1 k c n h B B a / E H 35 G Q E V 9 B 5 S I c c k 5 r j 28 Z T K p i + j h t v / W n q r C J 6 U Y K 6 P M T m F y L C Y P y l j c j g n o h E 2 k r N w y v 17 g e K D 0 Q a c U E i 7 A H m M q z 6 q Q H 5 n K 52 k 6 B G G Q P l M 2 m s M 3 p t U T l 20492 T x y i R 7 p v b e B K O g D K l C c 7 W v N R J x o b Z z E D F I k o g B Q Q m L C 9 o k A K b b n K p c h e d y X n 8 v r 9 Q X 1 F C g j 1 P O x D e / m R w E 8 N R 2 m n 2 H k c 5 r c B v W / 922 R j T V 0 l H J n g U b V y / Q N A v f I J Z n W l 23 / I U t 7 x 7 N P w z p D 8 V J 93 o K 3 l r 1 S p F h E 1 Z / 7 c k M C D W f E C W 9 o 7 + J h J E s 3 x s E 6 T J F V o X E P r 2 g d g R Z P v L w H 5 j 7 B R Z L e x c 7 u o F 7 x K D Y O y L 6 B 5 M 11 S 2 R R a Z P b a Q u n W i m a 3 s E c u X a z / u h 3 O z 9 b k T j 7 w k n Q 5 f r t S r 4 t f q K R q M z u v J 5 c L Z q g Z i B D b B O H 6 L U a j 7 p 4 U o 8 D P J d x T e r T 2 e r c 4e5 G j + O m t j
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-06-11T13:53:30Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--41f3bbc0-3498-4e46-b709-ecf8ab06b7f7" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-06-11T14:21:16.000Z" ,
"modified" : "2019-06-11T14:21:16.000Z" ,
"pattern" : "[file:hashes.MD5 = 'cde75b4c59682b1088ac09affa8a9d32' AND file:hashes.SHA1 = 'ffcba94f675e61f0b84e41163431fe62e8eba93b' AND file:hashes.SHA256 = 'bb966a50449436af561df9fb818217ff2c72ef3eea5b2f52646e3befe7d20b54' AND file:hashes.SHA512 = '6e1d6b8683205cb6e4334183d92ae746c33400dcd1eedd763109b2246513cd7b03f49fe6c607686286d38817e2d23d694eb8f6ad551fcce58311079a76b3c4ae' AND file:hashes.SSDEEP = '1536:mBwl+KXpsqN5vlwWYyhY9S4AaFAFLZYEKox+2yZzOcJwqCsQ:Qw+asqN5aW/hL0FABKa6S' AND file:name = 'bb966a50449436af561df9fb818217ff2c72ef3eea5b2f52646e3befe7d20b54.bin' AND file:size = '94720' AND file:x_misp_entropy = '7.4429543683099' AND file:x_misp_mimetype = 'PE32 executable (GUI) Intel 80386, for MS Windows']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-06-11T14:21:16Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--1e50392c-b19d-4eed-b377-f9d969518f18" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-06-11T14:21:16.000Z" ,
"modified" : "2019-06-11T14:21:16.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2019-02-02T18:08:36" ,
"category" : "Other" ,
"uuid" : "0a544a91-ac88-45c7-b030-a0405cfcb72c"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/bb966a50449436af561df9fb818217ff2c72ef3eea5b2f52646e3befe7d20b54/analysis/1549130916/" ,
"category" : "Payload delivery" ,
"uuid" : "70f70408-602e-4f78-8918-d0e24a4d06cf"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "59/69" ,
"category" : "Payload delivery" ,
"uuid" : "aeab3071-f51a-4f34-8f4d-96ca079c2125"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--961d6906-3cf1-4681-baa0-1083e3236558" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-06-11T14:17:12.000Z" ,
"modified" : "2019-06-11T14:17:12.000Z" ,
"first_observed" : "2019-06-11T14:17:12Z" ,
"last_observed" : "2019-06-11T14:17:12Z" ,
"number_observed" : 1 ,
"object_refs" : [
"file--caf83adf-0962-5dcc-9e3f-8fef8fdab3a7"
] ,
"labels" : [
"misp:name=\"pe\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"False\""
]
} ,
{
"type" : "file" ,
"spec_version" : "2.1" ,
"id" : "file--caf83adf-0962-5dcc-9e3f-8fef8fdab3a7" ,
"name" : "" ,
"extensions" : {
"windows-pebinary-ext" : {
"pe_type" : "exe" ,
"number_of_sections" : 3 ,
"optional_header" : {
"address_of_entry_point" : 4237776
} ,
"x_misp_compilation_timestamp" : "2017-03-02T23:49:06"
}
}
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--7996b4b6-4218-487c-b44f-b692014499a5" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-06-11T14:17:10.000Z" ,
"modified" : "2019-06-11T14:17:10.000Z" ,
"labels" : [
"misp:name=\"pe-section\"" ,
"misp:meta-category=\"file\""
] ,
"x_misp_attributes" : [
{
"type" : "text" ,
"object_relation" : "name" ,
"value" : ".text" ,
"category" : "Other" ,
"uuid" : "9440dca8-a32e-4ea3-967f-a697cbe84b40"
} ,
{
"type" : "size-in-bytes" ,
"object_relation" : "size-in-bytes" ,
"value" : "40448" ,
"category" : "Other" ,
"uuid" : "6ff23e67-08d6-4c9c-9ae5-3c8e52e16d73"
} ,
{
"type" : "float" ,
"object_relation" : "entropy" ,
"value" : "5.9960482530521" ,
"category" : "Other" ,
"uuid" : "fb1b5b5d-83c0-4b37-9b74-ee5d3b7e0290"
} ,
{
"type" : "md5" ,
"object_relation" : "md5" ,
"value" : "a089253c3119b6d705e6f8891c3efc7f" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "aa737ffe-ef31-4ab4-8cd7-4c5552c5b16f"
} ,
{
"type" : "sha1" ,
"object_relation" : "sha1" ,
"value" : "2d8a3402038ad0dbf58cc87ae1e13c0b88338940" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "59e347d8-7b1b-4852-bfe5-7cd6c7562382"
} ,
{
"type" : "sha256" ,
"object_relation" : "sha256" ,
"value" : "cdb6cc8ce78283d4bbab3f1527e681972ec3310dea3d22c11ed461438b463ffc" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "ed660fde-8117-42b0-94e3-4be833b2af18"
} ,
{
"type" : "sha512" ,
"object_relation" : "sha512" ,
"value" : "cabb1030f9710181d127eb4352e7e1cedbee93b114e60b979a6bf8962e399146de0e759d20f852702be99c9277e5edbcb7936dde6d448c6ba5871d01d17619ea" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "78466251-218c-42f5-8428-d8cb08804ea3"
} ,
{
"type" : "ssdeep" ,
"object_relation" : "ssdeep" ,
"value" : "768:bBNNi5pl+CVzfqqXHKuAZTAr4I9saBGpwpB7+Evlw1wTg2AyQoRE:bBwl+KXpsqN5vlwWYyhE" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "c96cbe9c-6cd3-4c1d-aaa8-d0bca31f034a"
}
] ,
"x_misp_meta_category" : "file" ,
"x_misp_name" : "pe-section"
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--6553476c-da2b-4912-b792-1c1a66a974ac" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-06-11T14:17:11.000Z" ,
"modified" : "2019-06-11T14:17:11.000Z" ,
"labels" : [
"misp:name=\"pe-section\"" ,
"misp:meta-category=\"file\""
] ,
"x_misp_attributes" : [
{
"type" : "text" ,
"object_relation" : "name" ,
"value" : ".rdata" ,
"category" : "Other" ,
"uuid" : "5005c76c-5e6a-48fc-adc8-eac71e252c03"
} ,
{
"type" : "size-in-bytes" ,
"object_relation" : "size-in-bytes" ,
"value" : "10240" ,
"category" : "Other" ,
"uuid" : "f75fc266-c282-4e43-aab1-49e80e286c0b"
} ,
{
"type" : "float" ,
"object_relation" : "entropy" ,
"value" : "7.934634534506" ,
"category" : "Other" ,
"uuid" : "9547fbe0-98ef-4978-8c5b-3d81b67c09bb"
} ,
{
"type" : "md5" ,
"object_relation" : "md5" ,
"value" : "ec25b0d78eb75da6d2c3442f37e14483" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "29f11f89-e436-4ea2-b4f0-a0ff57730a88"
} ,
{
"type" : "sha1" ,
"object_relation" : "sha1" ,
"value" : "1d13e7c63fcef26e1525cf0e1fe6d1eaddc069af" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "deae458d-adbe-4ef9-b170-05690f092908"
} ,
{
"type" : "sha256" ,
"object_relation" : "sha256" ,
"value" : "409f08d916d46107980530f3ebb777329742c891d12d78dfc7da4d84ae0d7378" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "4dc58246-f784-4eae-a8c7-8a54deaa035d"
} ,
{
"type" : "sha512" ,
"object_relation" : "sha512" ,
"value" : "46b388ef10cbe9659a98092806f4b145baead82bd88558376d6c2f8170f209ce1d48d0806fc4dada69ad580db3064b2d5495bf0283c3a2f364a21d4fea474401" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "2ca32899-d9a5-4a30-be46-24cde81b25e0"
} ,
{
"type" : "ssdeep" ,
"object_relation" : "ssdeep" ,
"value" : "192:dcbI+LyvzbIQusOo8Vdpk0rsJUiPKDkBMnRKE9sfb8e:GLe37usOo8Vd6ciPKDkAKBfb8e" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "b176ca0c-16d2-49d9-b9ba-f46bfb3d3f55"
}
] ,
"x_misp_meta_category" : "file" ,
"x_misp_name" : "pe-section"
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--c39231fe-0086-4273-99d8-af059f62726b" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-06-11T14:17:11.000Z" ,
"modified" : "2019-06-11T14:17:11.000Z" ,
"labels" : [
"misp:name=\"pe-section\"" ,
"misp:meta-category=\"file\""
] ,
"x_misp_attributes" : [
{
"type" : "text" ,
"object_relation" : "name" ,
"value" : ".data" ,
"category" : "Other" ,
"uuid" : "d48fd9bf-3e9d-454e-a709-c0ae0066d380"
} ,
{
"type" : "size-in-bytes" ,
"object_relation" : "size-in-bytes" ,
"value" : "43008" ,
"category" : "Other" ,
"uuid" : "11831991-0caa-4ba1-971e-04b99bf703f9"
} ,
{
"type" : "float" ,
"object_relation" : "entropy" ,
"value" : "7.9825769147348" ,
"category" : "Other" ,
"uuid" : "1947d27e-6d29-444c-b308-9f08f6a18135"
} ,
{
"type" : "md5" ,
"object_relation" : "md5" ,
"value" : "0da80d06d2d6dc225daae951b2901c29" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "80af7503-9adf-4b9b-82c4-13db7cb504ad"
} ,
{
"type" : "sha1" ,
"object_relation" : "sha1" ,
"value" : "87c60db200881b7f71ef5a6ab4c90539c7959506" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "faea2dce-ce15-45d0-9289-5a7b1bc6c066"
} ,
{
"type" : "sha256" ,
"object_relation" : "sha256" ,
"value" : "859c6c8407b1f60ce3deea11cc41352c3f900aba6b7a808625850336fd39c2be" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "782eb604-c782-4064-a0e9-33ca42f225ca"
} ,
{
"type" : "sha512" ,
"object_relation" : "sha512" ,
"value" : "6019897e209c2ff7921d5053b7432807f20f1165ba322b7026fc9f6f453a2a57ef60e41605f062cfa6c86cd4763b3de4f8e13419351228e742f8e925c0ce9af5" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "8ea56e36-c3d9-4ecb-8d30-07b36a35f357"
} ,
{
"type" : "ssdeep" ,
"object_relation" : "ssdeep" ,
"value" : "768:rRuy6EAFLZYEl2doxbadck/ZzOAHJx7wHrLtu1CaRw5:FFAFLZYEKox+2yZzOcJwqCsQ" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "e401c300-5d81-4a8e-9216-c5a0d7ef8351"
}
] ,
"x_misp_meta_category" : "file" ,
"x_misp_name" : "pe-section"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2023-06-24 09:36:52 +00:00
"id" : "relationship--25838701-d42c-420e-a4c4-550ba3063b90" ,
2023-06-14 17:31:25 +00:00
"created" : "2019-06-11T14:21:16.000Z" ,
"modified" : "2019-06-11T14:21:16.000Z" ,
2023-04-21 13:25:09 +00:00
"relationship_type" : "analysed-with" ,
2023-06-14 17:31:25 +00:00
"source_ref" : "indicator--41f3bbc0-3498-4e46-b709-ecf8ab06b7f7" ,
"target_ref" : "x-misp-object--1e50392c-b19d-4eed-b377-f9d969518f18"
} ,
{
"type" : "marking-definition" ,
"spec_version" : "2.1" ,
"id" : "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ,
"created" : "2017-01-20T00:00:00.000Z" ,
"definition_type" : "tlp" ,
"name" : "TLP:WHITE" ,
"definition" : {
"tlp" : "white"
}
}
2023-04-21 13:25:09 +00:00
]
}