2023-04-21 14:44:17 +00:00
{
"type" : "bundle" ,
"id" : "bundle--5c25d759-4fec-4f21-a9ed-59b90a00020f" ,
"objects" : [
{
"type" : "identity" ,
"spec_version" : "2.1" ,
"id" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2021-05-24T09:52:19.000Z" ,
"modified" : "2021-05-24T09:52:19.000Z" ,
"name" : "CIRCL" ,
"identity_class" : "organization"
} ,
{
"type" : "report" ,
"spec_version" : "2.1" ,
"id" : "report--5c25d759-4fec-4f21-a9ed-59b90a00020f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2021-05-24T09:52:19.000Z" ,
"modified" : "2021-05-24T09:52:19.000Z" ,
"name" : "Shamoon potential samples" ,
"published" : "2021-05-26T08:53:57Z" ,
"object_refs" : [
"indicator--c091d73a-f69f-49ed-91b4-bccf41318fc1" ,
"indicator--c188cacc-e4d8-4726-83e9-45037f456abd" ,
"indicator--5c25d9a9-8268-48c3-a22a-4a5a950d210f" ,
"indicator--5c25d9ad-5d0c-4e7d-b44a-4364950d210f" ,
"x-misp-object--56a5559a-9b13-4b0a-a4df-82aef6ecd4f1" ,
"x-misp-object--6e07ffc3-1402-4bf4-a5b3-c12be1a92752" ,
"indicator--781698cc-3b82-4775-9b6e-a9b5752e16ef" ,
"indicator--a2270d1a-5324-48c5-a2f2-0d9656e54127" ,
"x-misp-object--6d2ea6cd-3988-4e21-93c7-d790cfe95bce" ,
"x-misp-object--86d676f1-4d5a-4f58-8799-f879669fafde" ,
"x-misp-object--55ee131c-0227-4651-84e6-595e84411fa3" ,
"x-misp-object--35b8f3d2-dc7c-4981-8831-d5f833664eae" ,
"x-misp-object--74c8d687-0ade-4e05-ad5d-b00e851e62fa" ,
"x-misp-object--14220d97-dcbc-4c77-9a07-dfb2fd365b9d" ,
"x-misp-object--1d433c6a-3ff0-4099-9285-f26dc57988ed" ,
"x-misp-object--45bbb02f-ab78-4ba1-819d-a3347369d155" ,
"x-misp-object--2cac037c-bb77-4353-ad9c-e17a172cd779" ,
"x-misp-object--a84f8547-af96-40af-8821-230616c09f53" ,
"x-misp-object--c10d11c3-4b8c-47ba-8bcf-59fe5cdd43ad" ,
"x-misp-object--aaa2916d-ce88-42de-b4d6-71244c10d7e7" ,
"x-misp-object--305a29ce-eade-4735-acc2-1c44304f781a" ,
"x-misp-object--8eaec159-c57a-4010-93a6-580ffa89ba71" ,
"x-misp-object--ef11870a-41f0-4f64-a83e-84fbc2eca7b0" ,
2023-05-19 09:05:37 +00:00
"relationship--86aa675a-0ac5-4874-8684-d2a9e935085f" ,
"relationship--8c74bcf0-f732-4c8b-a969-57caaf6ed175"
2023-04-21 14:44:17 +00:00
] ,
"labels" : [
"Threat-Report" ,
"misp:tool=\"MISP-STIX-Converter\"" ,
"misp-galaxy:tool=\"Shamoon\"" ,
"circl:incident-classification=\"malware\"" ,
"misp-galaxy:malpedia=\"DistTrack\"" ,
"misp-galaxy:mitre-malware=\"Shamoon\""
] ,
"object_marking_refs" : [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--c091d73a-f69f-49ed-91b4-bccf41318fc1" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-12-28T07:57:45.000Z" ,
"modified" : "2018-12-28T07:57:45.000Z" ,
"pattern" : "[file:hashes.MD5 = 'd0c3852e376423247ae45c24592880b6' AND file:hashes.SHA1 = '7335b8bdc62f35e2579ba18b91dc6227c586ef75' AND file:hashes.SHA256 = 'f2bfe03ebacaa96e2897c8c01339e1ffa8c2222c3d6f89a76827548559b93af9' AND file:hashes.SHA512 = '6445a1840b8da37fa4104158177148bbe3924924fb5506311ef6482717b04df4604de265afb0ce1b78b1884de40fa12ace735131734a7f0e643a0846a235ceae' AND file:hashes.SSDEEP = '6144:hjJGkUt0bB7XcZ44T+H3r9skh5W4I2YF/sqLVu2sItWn9EQdhKLP3OxImqtextpM:hckUtGBYYWv/D4bn9EQMGxYWtJ' AND file:name = 'gfxprc_X64.exe' AND file:size = '639544' AND file:x_misp_entropy = '5.8820764880033' AND file:x_misp_mimetype = 'PE32+ executable (console) x86-64, for MS Windows']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-12-28T07:57:45Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--c188cacc-e4d8-4726-83e9-45037f456abd" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-12-28T07:57:48.000Z" ,
"modified" : "2018-12-28T07:57:48.000Z" ,
"pattern" : "[file:hashes.MD5 = '5711ac3dd15b019f558ec29e68d13ca9' AND file:hashes.SHA1 = 'b18b92a25078aa5f23a9987fd9038440b58b9566' AND file:hashes.SHA256 = 'c617120895646f73bc880c0aca18990deda3db9be03f6b3564013e26dedfa3f9' AND file:hashes.SHA512 = 'b87ccfe6d3209d4d52046529ecb4e8f96762db0bf8dd57954103da71499c7abd77289e22e8163dccfe13cc2f0edeacab30661ad5de4434508a930e2809cf72db' AND file:hashes.SSDEEP = '49152:t5ZrCJlfgRPdpes78CqH0LZtfoiFDIH+pPKo+CL:t5VKep9mUVtQiFDIeoo+CL' AND file:name = 'gfxprc_X64_pro.exe' AND file:size = '1800560' AND file:x_misp_entropy = '7.9846060599154' AND file:x_misp_mimetype = 'PE32+ executable (console) x86-64, for MS Windows']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-12-28T07:57:48Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5c25d9a9-8268-48c3-a22a-4a5a950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-12-28T08:10:00.000Z" ,
"modified" : "2018-12-28T08:10:00.000Z" ,
"pattern" : " [ f i l e : h a s h e s . M D 5 = ' d 0 c 3852e376423247 a e 45 c 24592880 b 6 ' A N D f i l e : h a s h e s . S H A 1 = ' 7335 b 8 b d c 62 f 35e2579 b a 18 b 91 d c 6227 c 586 e f 75 ' A N D f i l e : h a s h e s . S H A 256 = ' f 2 b f e 0 3 e b a c a a 96e2897 c 8 c 0 1339e1 f f a 8 c 2222 c 3 d 6 f 89 a 76827548559 b 93 a f 9 ' A N D f i l e : n a m e = ' g f x p r c _ X 64 . e x e ' A N D f i l e : s i z e = ' 639544 ' A N D ( f i l e : c o n t e n t _ r e f . p a y l o a d _ b i n = ' U E s D B B Q A C Q A I A O N A n E 18 K P w 4 y c Y E A D j C C Q A g A B w A Z D B j M z g 1 M m U z N z Y 0 M j M y N D d h Z T Q 1 Y z I 0 N T k y O D g w Y j Z V V A k A A 6 n Z J V y p 2 S V c d X g L A A E E I Q A A A A Q h A A A A W 6 M w 3 y m R d 7 h y x S x b + 7 E C n R v N 4 w E w a 1 x D J 2 s 7 K B d m m 5 E H 7 V 7 h 5 E D A T s 1 a P A 1 V t Y r m o l Y a j S I / O j 6 w 5 Q Q y E P E p U i V x v 9 k m Z k h x 24 V T 4 O I 2 I O B e 8 U f c D A l l m Q X A R K 1 g m t / H V S Q x f P 1 r c r p X d H 2 J r / Y m d F a m / j d I V W r X 8 F I R J e f I m 3 X e l t P R U a J 0 s L E f o Z x 2 Z B L D u I G C 2 V 5 G S v v 2 C a O g 3 r s 7 J 7 f j d z l X y W H G U n K N G U a K 1 c U U 9 a J Z D U E w 4 t 2 G i m S Q w 0 B R O T + h + W M S u v 8 V A J A 3 f g u f I L k P v S N + P w W g a W A s q K 37 c Y 6 O h H d e + f l P X H f 1 r T G z D I D F V p l M s D 0 R X z 7 P d s 8 H B l n I Q R 0 K p X T p n a Z j P 9 r g G U l 0 j K F u a O T H P 3 m Z s S A K V I 4 Y S 9 o R j a f / N l 6 j n Y 0 s Z g s Y t l d T 2 o j k s / n z m g l i D + o y X 2 f l U p K 17 i 3 q s V 973 s n c j b F S p k Y u a q K m i X E E q n O t e J 3 m 9 X v u 5 h l P z 2 j 9 E e U / L S 9 e m p g / e J o x O C k J Z H N F z a 3 R 1 w l x c z 5 z 8 o 1 u 4 m 0 W v c I I G 1 E e q m L 16 y 5 b L b p d D G g q 6 V 3 e G w e I v z 6 L 0 t i h e Y G 2 I d G h V 7 W K Q 5 t u i e K 4 m i p e E T h k y p y l w U B c X 440 w L O F 50 X y g z c 71 N 1 y + K 2 B n W g A w + 1 K C H M 8 G G H z I O s s O k N 6 M O e Q 89 b A U N d e Z Z M y W 4 m 8 p m r l q 37 P c X q O E l 6 i + M G T f + e 9 + b O H 5 W 6 A X j D V W / n / f S k X u 7 / i C I r o 6 V K n R s H F J m 7 N 1 Z 3 T w A k V p F d T I E x 6 / c p 5 r 9 G o Q x J 9 e C J K J u 80 h 0 u D 1 a B r n 4 R M T m X + n i w m f m e n h Y H R y F 2 W d n Z a F n D S q O M Q 3 x x 0 v v 6 D 7 + J 0 x I i 52 M T B d O p p d l p 5 k D n C I R L l S e 8 n f z 0 5 k + a t f D X M N 1 l E Z N 28 q 80 j 8 P J T q d K Q 1 U t M y B x v / V f w r b M o K O s h c u A l B r J u a g r l 9 z 6 Z O Q N 3 I 12 j X O 1 j L m x k W i v u 0 D u w 1 V p r 7 j n O K F 8 l p E s d j P V C C H 7E9 N x e F g B q h B N A P s F v r u u m 8 O J b r r K Z m N 7 i A n 7 g r Y N 70 z W o J I w C u C X Y n d P + f w M z 21 W / y / N r 8 d O o A L T E t W H q I w E l Q t n e Z J n b f g e F m n 9 k s H M A e b u W 9 E m R U 0 B x i I p N O B c U V f c R Y D u p 5 Q 1 d M k P X Q o Z E h T c Y Q 63 O L T 6 Z L a X S l 116 U o X 4 Y O 8 i S z Q 6 a + Y n Z S Q C L K Q I M X i W //Xu4ZB6us0TMNTOBTEMeDnFueLc4NALAKYyWasQZ2Coma3z/yB9r27tPqX2Bnemxyl2hWn7HGVCTrop8KA4CKK0I7Dy8s5YyCGvzKJlEzFfeFb02hK1YLlRhGoNAWPHHAZ8hntFyfmrzICXAZ30bgwEu1dPKylTgJtEhrVwsYyBMBLXSb5ZqnPOBR57n7E5kUHMcvrwVMW75EISoYFAIsxTRuZ6dxptEba7wX5oUn+zlhD3vujIdrnkCPnOFItUkNBiU35FixniUQwrloI2MCriNqdI3QfopBZPVU7wQkLCZwpsZ1V+iX+TYG5D7BtrEASQvrHrc1gJgyGNnauZUEHbzJ/QyXrfh1uHeb+4DrVEhw/kOU2ZiV8eEc2y0Q1FXCCaJA/afz9Wyyh6erFm8YkUE30tEwzdBh9MLreirKiL0ciClaJH8NTl4m8TNEEj68twvhPimCNB8IjGlCwsLfuVNXXgbFPFp9P8bFdflAxme5uZDA7G1Jnx936n62EehnvzeMfjekRnWtyH/cj6PFA+2/Cuk0FueWbebWZh+zx29UOnVgw6keBwmE75Ozrlw1XbHMtZOhGrihWbsXZFd1CZbFWxwX/hROdp1KIwAASFKYTBkiZtDEBoRaTarTBAxwppRBHtAqmY6cDqsG4+Avq0o79B8w8gtNmuHtpxOWIYLJal28CA7eKiqldK30BK7s7Qt2PBPtgCXlSFWEDqnHaQw17EsVWN/85M4qzw4euExZOmlNBlshP06wPwfNXgigqK/4qOCulcISlnTRRvTJ4WTc21aHN29+ESvzd2/5XIj2SpktIL4DiIbJvv/rweAhH/3Ygf025Yrjx+wP1I4bOO+xNNZMXF+jW13UnvisD7ZWe+FpcyQD9cQRkk4x5JJzw8GEqupcSs04UEKm1R92FYzFZD6+92KR5LGVkMQwotw3BsY4R7RtWIbQLazGMmPSlOzlCfWuZ2FtiSvxWms0efWdgxHBou5sn4LD8eJE9nu4fSe35v/y8zWQCrS33Sq/bXbu7ULCNeqCmTVJKFr0cwWnAsi76AbCmG8OgZH9rm9FJUze02ltP9MMtwR+cYknAlQtF5UaxVqYZZFg3pyMu0pRwOUKYDQwjGDEsBCg9ppj9QNByN7o32FbcivQ4BM57pLWcQCTn20Rde91TjFHUcsOygXODs3wI7KGHBXtbSHWd87JkxNvNNn2THuZo8E1+M773Ysek2ubmf5ySHT46iYCvtwAIC7PQcQnf0sFa3t/pX52lROaj4pC7o67k+VSxEu+6IJJf43yY7lwIGVxTJAE4Zs5NqUIC8oQgIPkQlIRCOu4UTU+hVeqBh3oCBejDpx9ZqDb3y0hQfKuF9Wl0AfJ8VkDu6hZcoaw0S78cewOCPMdoZ5xO+aekQ5LqocbOgRgfy7KZ2OUMYb00pP+K4WooOwbZLaAR2ogAZOvuYBw3w9nxiV16xS7fU2CFq1U4mirzhO5piC2bUKzVxmc19rQ0Fej8Br59I7uMluliC+xFN32XZinAbNBzCNGfhBLrq+Fo/lVfFuL1qFrOfZMLrFjBKr1Uu42QwMuep/7Yt9aPQsgqM7k00SzrMqS2iJFRHX8HQ7N6H4ozYteR9/ebEqGfJsA3rAGohbzncsx2cMaDBtYCu4XFhVogD3jTADleBi7vbVxYxyEQgSC2Kpgk/cI6sJUC+yCcMkjXF6mPQEFhMYBdZYNLX0oRuJJQ8vMUxkp8akpRnfdTAp9O79i8hEsNHFWTVW2tQAul+rInN+4LGMnEYyyYmGNPSZ9uStFxi4J2DHwSyOHrt5NZB0qHV0NyoviG4jWV+Nh2wbGdxs6+nEjG5TCzib1hS76Q7ggJmZSLuTXlGvvwXGa7Q79/Df+DnYXhluFe2OzwmduhST4D4bU2eb2XqAf40lKs3n5XtRgUSDY9rDof8wKA1CFrn/vV1omXzopm6CU1rKaSnKRYJUd4ZuEnZDDUit7sznwEu5Hc/s/8IT3xhw3+Ttqxh1WECbWxEG3BYJJhnZVpSnOSA5+ruv4CVm0mjLqIctoGrd3iroT+I5VPt831BKet7TfWsvik0NXZNk81a+eNFs9XNBUHWYRGkilK/kPd0QC5Chapc8aM5tRoNhn9Wr3PBYRF1WZtae3qkIA8yh6P1XVczuZvttukKJq5e5qvu8RXTxSrL9pl+iNq2t0Dq1fCvt5Eg4o9eQFcr/E09pVlxmPMTJYVCT/3ANxQw5eDrweNT1kaz1JnrhZrINrj2pTINu9c+0LSazVBlYnDP+3rCmsWuYxTr2ACd12ov1h5IiHMfNNbp5utK5QyBU35eTucVHSY16bZMLrXqS0OsYClRl1oJiX8jMWO9yF1JdTMM8hLS/r0dR8oGOJ/V1xAOg3gNzTlb5lYJUdlviGCw9nxHsEPYq8WFkdz0LNgioDHXvY/KtqfQWEhdXVco7Wlbi7RTwJwJF8GwTXP27kUi+XrKlf8La2ez2SSq
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-12-28T08:10:00Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5c25d9ad-5d0c-4e7d-b44a-4364950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-12-28T08:10:01.000Z" ,
"modified" : "2018-12-28T08:10:01.000Z" ,
"pattern" : " [ f i l e : h a s h e s . M D 5 = ' 5711 a c 3 d d 15 b 0 19 f 558 e c 29e68 d 13 c a 9 ' A N D f i l e : h a s h e s . S H A 1 = ' b 18 b 92 a 25078 a a 5 f 23 a 9987 f d 9038440 b 58 b 9566 ' A N D f i l e : h a s h e s . S H A 256 = ' c 617120895646 f 73 b c 880 c 0 a c a 18990 d e d a 3 d b 9 b e 0 3 f 6 b 3564013e26 d e d f a 3 f 9 ' A N D f i l e : n a m e = ' g f x p r c _ X 64 _ p r o . e x e ' A N D f i l e : s i z e = ' 1800560 ' A N D ( f i l e : c o n t e n t _ r e f . p a y l o a d _ b i n = ' U E s D B B Q A C Q A I A O V A n E 2 Z L 4 r Y b j o b A H B 5 G w A g A B w A N T c x M W F j M 2 R k M T V i M D E 5 Z j U 1 O G V j M j l l N j h k M T N j Y T l V V A k A A 63 Z J V y t 2 S V c d X g L A A E E I Q A A A A Q h A A A A V x 1 + W u 9 d 1 + B E 1 F / e W P M H q F 9 I 9 C 4 i F / A r B g G 74 o z P c Q v Q C 5 q z I o 0 d r V t 9 K 7 F T T 1 b 6 l w 8 l 9 I 0 v 2 T F u t M X d p 6 C j Y K J L M v 2 b q e Q f a I 7 U u L o R 8 + k N q g l L H e S S H B x F D q o G a 6 y E 92 o s v s W V w r 1 P D + u i G S 8 O T d a K 12 u V M p J E 7 B 3 W M y X D t i 8 O I R 1 n Z h 1 y F 0 l C U j E 3 I D s w f z C O u X / T 5 N O 4 p 5 Q n Z p 34 a 509 l Z 2 O r V U g f b O o k h b b h Q d 6 t w r 0 8 s 5 K 4 S w Y j I a 1 g l + 8 p F 5 H 6 b 4 G I l / c h r 0 5 q b 9 H B s z j F s b j q 448 y W 4 u k p u e z Y + i B b e S 3 j I p b g 9 n x f X k X U i 4 f 7 W h f P w Y u t 3 T y J s N V 4 b U 62 V Q I Z v 41 j T 63 W 1 N g A h C o P G f R e t v 4 M O n N I n F q o Z A u / U n L i R L B N j e / L 40 m o f c 2 J l 4 S 0 i K J U B K 4 Z Z z I l s T 7 H n g L p U P I 0 D c V U s C D w f L W z Y y C D 59 C K J c q Y v 1 F / K V m X 9 Y d V W q m e 3 W t p Y G 5 w j f 0 s r V F G q + l s h X h t h V w O T W f T T R B k D V x t S x l c Z y r a z v w J f 4 R g L a E q p Y V y Z m N E C Z F s 4 Y m c O k K Z 7 L c O g 5 g 2 C j y u L v / 9 q v A 21 A N X 0 a m 88 y T r E c 41 I G u q V Z T r 6 y L h S f 3 e R p K f L S w P R L i y X 2 N 6 o z 7 X C m D q o b V n o 6 J W J l n l a i 3 M J C P g T 7 M i L 5 P R 7 B i M L E N t g 7 v R t L N 509 / A o z g l G 10 B c L 4 j m J n 33 B y V r 2 v 3 i B t O K 2 S z O R V 3 J 3 n j m D P b f p L K s L q H G C 17 U o 6 n v 0 D t + D w G J t r E f y E n A / L G P H w p V N p z 5 d E q 5 T k I E l d + z l w y 9 P h y U T F j b n 4 E a R p O C j Z E V k a 0 34 I U k d R t c q X r K s 41 P s l U 6 R G 1 f / w Z B 1 P H + B k m 12 U d S J V 8 m h x E / B i t E 6 / g O r L h y 9 Y 57 D A j Z N V e F F 8 S U P g + d Y T 4 N h d r r T G M D S v 73 z E 2 e w U 8 D w s K 4 / 5 O 36 G z J A l S B S Q P N m L T d 2 E x 0 q x m b f c 9 Q g G 7 d 8 h U I b g b i J B s o v i s s E Z A 93 g f k N J B J D D p x C r g q Z U q 4 S 3 K H A c V H q 2 J M k V F u J 7 d x J U b l F i 4 e Q b w V T C M Q j V Y C O t Q L Q x y O m w T X Y o t E 4 R Y / + O B X O 3 T K G s m j X W 0 7 a 1 b W g c P f G e m y y R X u T S 5 J A I E E x R o M P v T K e 82 / G S K q R h A I p / 8 W 48 H d k s 4 X L r 1 L s 9 V R 9 k 8 B y B G i C Z 9 D o j V N 4 H g h / 7 n 4 M 6 y j z u D 5 Z V T e s e D R h w A w V l Z K 5 p M m m T 6 t o g y q n + G y f 8 X e R c r Z j J e l A P m 3 R V o F q p R M I 1 n z 0 I k b j r t b y x U R X 8 C j x 4 N p r N y 1 c 0 6 s z s x N i U D 8e5 H D 9 q z r r n V h 7 j Z 477 F 5 y r Y 9 v J i d K d K F / 4 X E q 1 n l u d Z 7 V x P z R 5 C d Z W I 8 k S H e 39 a z q p U b P L E o 1 J I I U / J e G w Y 9 f j U v / a u R B o f w N w F 5 L v w e + z / F e t h W N f z E f U a Q S 9 I V b m p E d / U x G q 5 x F d H W n / 8 E r d T 1 X i t t T P k u Y s C Y T O K A j c L u c x 8 z j F c j W b W x K e C Y f G M w t 2 d a e P H 79 b 0 x c G g U I 4 V i U O w P E p K Y 55 z v 5 N 1 M e 0 m u y m Y m o N v v r H I 93 G r j E O h F k j y N q q 2 d B c X q B 4 P E m S I d r x T i j U W s + 5 b D k T Q W F D Z / f j d X x D G C t r q s r R d G F O r M p 4 k 2 Y 6 U O g j / v T 4 l F 0 f D n s i 5 q g w Z 4 t + n j / Q V Y G 1 k k w w Z o q B i 3 S e p W t T A f b 474 i S p Z i I i 6 d q 9 Z + K Y g s X 2 N E 1 X L b z N 3 J Z Y 0 f i d C 1 / T 2 p q 4 i v q b 9 w 69 Q U J J c T Z 66 B L R 3 S H y z O Y 0 D Z f p a 7 y e v M 4 n E 3 p 7 z C t l F t h 20 H z b g B 7 C x F Z D s I k q t t m c p b 2 N j J f b Z J 7 g g P Z B + j 6 W l n L Q d / 5 l g k N Z l F 2 Z + k e K k f L s Z M 5 / c 1 + K / 1 g 6 Q 5 w N / K v t o C a n J y o H s T z v Z w R e 38 j T 3 U m P L 7 q k K U O r + H z R U w y h X Y m H C p g 5 V Y e J P h 3 O 1 B r z m h Y A Q p i c d p G R + F r Y 31 H d 3 a m 83 a R g j f P A F / c F V K 4 I i e 7 G V e O F j 4 P K 714 T W p W 0 G U d j N q h B H M + w u 0 T H f n f A d Y u z 9 D x H b L w F K O V 428 e S T 95 h a 0 A 6 d w U r c n J 9 i y y 6 E R R J g F W r G 8 R 76 I r 56 O d t H J A a 1 q K z Y h 1 q X Z 9 I D b Z 56 m G r N 1 M i f Z n o V V 0 z l d u g a 0 I n Z h t h q g c U E q o b k A f Y E x q d g q J v e M B 8 i s D k 8 k W O 4 + B b H S 1 T i 1 M 17 Q K h v s t B 1 g n 6 Q z v c y k C w 51 y 8 b f S C 5 f D y k M V d 6 b q F M p u Z v x 7 V d g s + 3 C 3 m y i 2 S F J 2 q 8 Q 9 R Y 3 N Z O Z 6 a g 7 b Z Q A e m 7 / S d h V 6 O 51 B G u b K X Z E y 3 e M 7 H o + n q b m h 5 j / 8 R 5 + 3 M s 5 g h u 726 Z l M d j 1 T 5 m 7 t j y 1 w f l 2 H 5 U I J + w V w 5 E b k X w q 0 L X 8 M a o N / m N o G Q 6 T L U A H I q M Q U h C u 1 Y g V L G t 4 f i q e G T I k //c0xZBfIJN88ZrjNP4d1/ky/7ulinEw3+dOSPKDi6VysZZ3Eq5jsbLdAsaHesMOKdC1tc68XIOEbB27yG6wqKRYpOFcjgcoJpNVT2oZApUtXg714p5i2c1wTvV4vr9slzksE3tGDRTy7G7VF3F/ykWYOAom/ltukEa8O4+EAqRSSypiDz/XheBKOiRVeKdaMvDDUM6R3echQtlT4VhEIwaghUhmwfVMVtHoVchYo79DxhUz7pyjsUn7Zk0R4kXJceKmSxGbb0k2tT4dxVD/W9LeXY/O/W2rnxbuki14xTKVlqhUEhqASa65RRCbfOAPO2FvaP9TR3W6GQyv0/WaHHy1hvEk7TYI97BJ+N6HFCGN9X48SVelzvFVVBCXZ3INMwKXrbVN3Gn0IBT1SAdEDs/mspK1lhFbUQKb8ycM95d5SIpoaR2fUk2T1JJA6nBpGp/bsuIp2+eVnWx6j6OwUksV0p2znWM2n/Zndu7ulsYs+XMPrvJIiTHTU9zi7ggCNJfHqxF4E2aMNzVvekPuiv8simTwKrqmib2WvGuJkVqh5+P9BLwX9XfCwD4YIssqLgjc5LQ8OG0CgE1A4xwssx0w+lliIo9pxEW55MGqPcnS1e+hxXmY/ySZc+K8/4/tlek20aPbd75cmOoulogdEXSmfMcsY/pPHNEt9oOakG2tumX6vxxWqrEdAiFMt303WQuYu4Ux0hgaD6IjIvSqPJtGzoir+eUyHRfVtB6baqnin5TEJdCQCcV3953ll4KD8+cAdUQ9SwJ2wVEx8bpDNs7g7I/VMau7vSNnczQDXKAbx3wK3SszCbydRe+6UjgPm0bVAuqaxQl1/jB22r6hrETiVxFeuGPGD3QuIXTEIE8lFwWdky64Wh2e2oIuddxlJQBRmW+f4A9wD1d4cGlS8yuGh+/QzsNdRuO3V2aIgQQigTpXhMvjF918UfISw+OwI/r1/KXPPynZZcxXsMqlq8LV1/FtwLqKhR5NAhb9sm9HF2K0XiAxu+Wb3aEnI+RJVPGB/hvZ4Og0lOx9wNs0ZM2tWfmH1038ratEiS8F+xegCcntmxuJOS1Knlc7IVfR3YS9tq6RBjCAJ71PgvJorsjkTNhqBMmvXjO6kB02DK89b6fxKkP8UC4YUvnwli4MPkbPjuW4DHZkyBBauKOuR7B5ctbbE+OvR210ugOqchFG1rIp39+TF4xEt24CeRf/dC8RSCxdd7N15Jn7XgnJRXyZbYBi4VGVbuAHpA+RND71WYcxh4aNMWStj4bm2Nd2CfopRf4xRSnevmYmevires4FbATFPoEfc4ccPpXu60Iq62R2RktRHbl
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-12-28T08:10:01Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--56a5559a-9b13-4b0a-a4df-82aef6ecd4f1" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-12-28T08:10:01.000Z" ,
"modified" : "2018-12-28T08:10:01.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2018-12-27T21:28:09" ,
"category" : "Other" ,
"uuid" : "e8dacdf1-e25a-4f71-9655-bf1d31172fda"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/c617120895646f73bc880c0aca18990deda3db9be03f6b3564013e26dedfa3f9/analysis/1545946089/" ,
"category" : "External analysis" ,
"uuid" : "45c36174-6704-4cfb-b63f-8d9e23940331"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "28/69" ,
"category" : "Other" ,
"uuid" : "c1dc306b-c1d5-4566-9952-c29f64f637ce"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--6e07ffc3-1402-4bf4-a5b3-c12be1a92752" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-12-28T08:10:02.000Z" ,
"modified" : "2018-12-28T08:10:02.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2018-12-28T02:53:45" ,
"category" : "Other" ,
"uuid" : "ba0949ef-5657-4508-97e4-6e07b6bb8866"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/f2bfe03ebacaa96e2897c8c01339e1ffa8c2222c3d6f89a76827548559b93af9/analysis/1545965625/" ,
"category" : "External analysis" ,
"uuid" : "7ddca53c-ab45-4472-8f8c-f152791a4132"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "37/69" ,
"category" : "Other" ,
"uuid" : "ac0b4a18-7885-4dba-91d8-9198d98b5c92"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--781698cc-3b82-4775-9b6e-a9b5752e16ef" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-12-28T07:57:44.000Z" ,
"modified" : "2018-12-28T07:57:44.000Z" ,
"pattern" : "[file:extensions.'windows-pebinary-ext'.number_of_sections = '6' AND file:extensions.'windows-pebinary-ext'.pe_type = 'exe' AND file:extensions.'windows-pebinary-ext'.optional_header.address_of_entry_point = '5368844388' AND file:extensions.'windows-pebinary-ext'.x_misp_compilation_timestamp = '2011-07-15T16:10:08' AND file:extensions.'windows-pebinary-ext'.x_misp_original_filename = 'PC-Doctor' AND file:extensions.'windows-pebinary-ext'.x_misp_internal_filename = 'PC-Doctor' AND file:extensions.'windows-pebinary-ext'.x_misp_file_description = 'PC-Doctor Hardware Diagnostic Tools Update' AND file:extensions.'windows-pebinary-ext'.x_misp_file_version = '1.0.0.0' AND file:extensions.'windows-pebinary-ext'.x_misp_lang_id = '000004E4' AND file:extensions.'windows-pebinary-ext'.x_misp_product_name = 'PC-Doctor' AND file:extensions.'windows-pebinary-ext'.x_misp_product_version = '6.0.5205.31' AND file:extensions.'windows-pebinary-ext'.x_misp_company_name = 'Hewlett-Packard Development Company, L.P.' AND file:extensions.'windows-pebinary-ext'.x_misp_legal_copyright = 'Copyright \u00c2\u00a9 2009 Hewlett-Packard Development Company, L.P.']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-12-28T07:57:44Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"pe\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--a2270d1a-5324-48c5-a2f2-0d9656e54127" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-12-28T07:57:48.000Z" ,
"modified" : "2018-12-28T07:57:48.000Z" ,
"pattern" : "[file:extensions.'windows-pebinary-ext'.number_of_sections = '9' AND file:extensions.'windows-pebinary-ext'.pe_type = 'exe' AND file:extensions.'windows-pebinary-ext'.optional_header.address_of_entry_point = '5375569524' AND file:extensions.'windows-pebinary-ext'.x_misp_compilation_timestamp = '2011-07-15T16:10:08' AND file:extensions.'windows-pebinary-ext'.x_misp_original_filename = 'Baidu PC Faster' AND file:extensions.'windows-pebinary-ext'.x_misp_internal_filename = 'Baidu PC Faster' AND file:extensions.'windows-pebinary-ext'.x_misp_file_description = 'Baidu WiFi Hotspot Setup' AND file:extensions.'windows-pebinary-ext'.x_misp_file_version = '1.5.4' AND file:extensions.'windows-pebinary-ext'.x_misp_lang_id = '000004E4' AND file:extensions.'windows-pebinary-ext'.x_misp_product_version = '1.5.4' AND file:extensions.'windows-pebinary-ext'.x_misp_company_name = 'Baidu, Inc.' AND file:extensions.'windows-pebinary-ext'.x_misp_legal_copyright = 'Copyright (C) 2015 Baidu, Inc. All rights reserved.']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-12-28T07:57:48Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"pe\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--6d2ea6cd-3988-4e21-93c7-d790cfe95bce" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-12-28T07:57:43.000Z" ,
"modified" : "2018-12-28T07:57:43.000Z" ,
"labels" : [
"misp:name=\"pe-section\"" ,
"misp:meta-category=\"file\""
] ,
"x_misp_attributes" : [
{
"type" : "text" ,
"object_relation" : "name" ,
"value" : ".text" ,
"category" : "Other" ,
"uuid" : "a34dfda9-349a-4179-b8f4-7c843907ab69"
} ,
{
"type" : "size-in-bytes" ,
"object_relation" : "size-in-bytes" ,
"value" : "227328" ,
"category" : "Other" ,
"uuid" : "84168bdc-0492-468e-91d4-edea671774a7"
} ,
{
"type" : "float" ,
"object_relation" : "entropy" ,
"value" : "6.1008939139977" ,
"category" : "Other" ,
"uuid" : "a7ad194d-2b27-4842-9e3d-9c195ae42626"
} ,
{
"type" : "md5" ,
"object_relation" : "md5" ,
"value" : "0e05445913d343ef7ef8af7fff6caf2e" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "162ac6db-5f2c-4a33-b572-726eb0cfe1e1"
} ,
{
"type" : "sha1" ,
"object_relation" : "sha1" ,
"value" : "7e39a897146b73b023c687b531c90c0b952e84d4" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "6a28f965-d233-49ed-b0fe-be3099f33f92"
} ,
{
"type" : "sha256" ,
"object_relation" : "sha256" ,
"value" : "a0afde35dc33c0c03922626b0d699efa15764c9c063e4337cb236bce12e46803" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "254fd4c6-f389-451d-b9b7-52d0d37e57d4"
} ,
{
"type" : "sha512" ,
"object_relation" : "sha512" ,
"value" : "3aef50c5906bc3ccbff9a1eeb8b560dd6d6e48500713a9ec5c3164534b37f3ca0f7b88c4495a793b6d255d8daa9b6d0faf3610ceb8e792a9e0e4f4086e4d75e7" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "848fd7db-6e9e-41c2-8d98-df441f8665e1"
} ,
{
"type" : "ssdeep" ,
"object_relation" : "ssdeep" ,
"value" : "3072:Iz8uJGk1itXEAgB7XcxTULy44T+H3ry2skQG5W4IiR838:QjJGkUt0bB7XcZ44T+H3r9skh5W4I2R" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "84c7ded6-917f-48d5-8581-2416ecebb37a"
}
] ,
"x_misp_meta_category" : "file" ,
"x_misp_name" : "pe-section"
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--86d676f1-4d5a-4f58-8799-f879669fafde" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-12-28T07:57:43.000Z" ,
"modified" : "2018-12-28T07:57:43.000Z" ,
"labels" : [
"misp:name=\"pe-section\"" ,
"misp:meta-category=\"file\""
] ,
"x_misp_attributes" : [
{
"type" : "text" ,
"object_relation" : "name" ,
"value" : ".rdata" ,
"category" : "Other" ,
"uuid" : "8c595994-289c-4420-b94e-993ec49b7caa"
} ,
{
"type" : "size-in-bytes" ,
"object_relation" : "size-in-bytes" ,
"value" : "42496" ,
"category" : "Other" ,
"uuid" : "f046161c-4c3d-4ad1-a7be-a1192c07ff19"
} ,
{
"type" : "float" ,
"object_relation" : "entropy" ,
"value" : "4.6716861974421" ,
"category" : "Other" ,
"uuid" : "1d1c362d-d053-4dfc-847c-85eb8a6c35a4"
} ,
{
"type" : "md5" ,
"object_relation" : "md5" ,
"value" : "dc8978bbd3faf0f5bfbef34960349ed0" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "e917647c-07bd-4429-bbc6-e7f6991ebcc2"
} ,
{
"type" : "sha1" ,
"object_relation" : "sha1" ,
"value" : "f85dfb0c5bf736b34c1466d210a76ded4aa6ba2c" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "283f6c30-6918-42e3-994b-f537af3594bc"
} ,
{
"type" : "sha256" ,
"object_relation" : "sha256" ,
"value" : "434db3256589cc1a4b06121d07e944e5562fd90240cd3ed09842a029df2dd8c1" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "b3043bf1-03ab-476d-bd2b-bba4993d8bb4"
} ,
{
"type" : "sha512" ,
"object_relation" : "sha512" ,
"value" : "32e420c153acfdad372445924fe394370bfe1e57605f38636440d12147d23ef7ce4f0a6e50ecbf10d056fe5ef645d1ce2e108c1259b1212aa46764599e462c18" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "bffcc72d-89f2-4190-b8e8-3bc1889f6568"
} ,
{
"type" : "ssdeep" ,
"object_relation" : "ssdeep" ,
"value" : "768:IkUFGXakD2DX6+bf+GxsJLk/+keLxtRMm3btcSNk6wb7ts42zgg:IUMDXB7+Gxsli+kobEfyZ" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "b6f9a181-1827-43ba-b02e-b91ea50ae363"
}
] ,
"x_misp_meta_category" : "file" ,
"x_misp_name" : "pe-section"
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--55ee131c-0227-4651-84e6-595e84411fa3" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-12-28T07:57:43.000Z" ,
"modified" : "2018-12-28T07:57:43.000Z" ,
"labels" : [
"misp:name=\"pe-section\"" ,
"misp:meta-category=\"file\""
] ,
"x_misp_attributes" : [
{
"type" : "text" ,
"object_relation" : "name" ,
"value" : ".data" ,
"category" : "Other" ,
"uuid" : "1c619cc5-b70a-4674-b0c5-6a5869a82179"
} ,
{
"type" : "size-in-bytes" ,
"object_relation" : "size-in-bytes" ,
"value" : "168448" ,
"category" : "Other" ,
"uuid" : "9414cc34-5647-4999-8ba6-a4869bd013a9"
} ,
{
"type" : "float" ,
"object_relation" : "entropy" ,
"value" : "0.88156694374417" ,
"category" : "Other" ,
"uuid" : "d455578a-a933-4ab7-9ff2-a3a3e17de125"
} ,
{
"type" : "md5" ,
"object_relation" : "md5" ,
"value" : "0187542b3d3206b1b8150429cf4d46f2" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "72829a15-6aa2-419b-9dfb-e830c6324963"
} ,
{
"type" : "sha1" ,
"object_relation" : "sha1" ,
"value" : "0fdd336b35c42877e465aaa7244706819967392b" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "6f674c31-d9a2-4ecf-bcaa-ab7c69f853c1"
} ,
{
"type" : "sha256" ,
"object_relation" : "sha256" ,
"value" : "40ee86720b3f7c2b790361245d4b9671dd9b8c655c565a486c70388a90d002ae" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "a76fe5e0-411a-432d-9f39-bdc532328bf0"
} ,
{
"type" : "sha512" ,
"object_relation" : "sha512" ,
"value" : "1357c6f55a578f61d526f6705198c0e658dcb5c4532944cf7c6cbd26cb6134c8f3ae7431e471a762b6d88c04cea090a48119da33a03fea0c34fd9cd927e292e7" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "ab9db1da-3f04-4e9a-b0d1-f7780712eb7b"
} ,
{
"type" : "ssdeep" ,
"object_relation" : "ssdeep" ,
"value" : "384:bm2kfRpZDJZmLRUuk6c49ZFp+Q5PvMpyWUaApcx:bqTPmyOcgNLkKs" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "91b141d3-e4ae-45d9-82af-71f665b75a68"
}
] ,
"x_misp_meta_category" : "file" ,
"x_misp_name" : "pe-section"
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--35b8f3d2-dc7c-4981-8831-d5f833664eae" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-12-28T07:57:43.000Z" ,
"modified" : "2018-12-28T07:57:43.000Z" ,
"labels" : [
"misp:name=\"pe-section\"" ,
"misp:meta-category=\"file\""
] ,
"x_misp_attributes" : [
{
"type" : "text" ,
"object_relation" : "name" ,
"value" : ".pdata" ,
"category" : "Other" ,
"uuid" : "3f05b433-7111-43ff-b305-d5cc43a2b9e5"
} ,
{
"type" : "size-in-bytes" ,
"object_relation" : "size-in-bytes" ,
"value" : "13312" ,
"category" : "Other" ,
"uuid" : "f26a30f9-1dae-4c0d-b566-ce472b62af0f"
} ,
{
"type" : "float" ,
"object_relation" : "entropy" ,
"value" : "5.5097110428088" ,
"category" : "Other" ,
"uuid" : "a8861fd9-3ed5-41d5-af85-431a7ffa14fc"
} ,
{
"type" : "md5" ,
"object_relation" : "md5" ,
"value" : "0662a28e65e22519d99668ac8c612770" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "dbcf30f4-d24d-494f-877c-4234d9dc5a1f"
} ,
{
"type" : "sha1" ,
"object_relation" : "sha1" ,
"value" : "4c9bd3026cdbdd8465f2f9b4fc7efdda8a01492e" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "e3af291f-557a-4dc6-9424-9bd1a2cf76d5"
} ,
{
"type" : "sha256" ,
"object_relation" : "sha256" ,
"value" : "479b42dcc05eccb1bd9b278dc3f71a03d0a15b0eec6863baf2843c8b910de1ee" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "2540ce18-8e83-4a2b-aa43-4091ad781965"
} ,
{
"type" : "sha512" ,
"object_relation" : "sha512" ,
"value" : "b68487b1ae3855c5ac2276b200e89b6d37ace9fc12b412aefb4b4aa845587a347d655ae324c9b497758b4135d0ff57be64e2a409c08be7541af17d1d60fb41f4" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "83d79ce6-d474-4489-8fb3-a9c226b539b6"
} ,
{
"type" : "ssdeep" ,
"object_relation" : "ssdeep" ,
"value" : "384:AGRZqhwRmmOTZ83vaBrbOOuKLo5u3S+jp+G3W5:5R4h2m/TZiarTu6S+jp+sm" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "52d622b5-46ce-412e-9445-33441a5e1e35"
}
] ,
"x_misp_meta_category" : "file" ,
"x_misp_name" : "pe-section"
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--74c8d687-0ade-4e05-ad5d-b00e851e62fa" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-12-28T07:57:43.000Z" ,
"modified" : "2018-12-28T07:57:43.000Z" ,
"labels" : [
"misp:name=\"pe-section\"" ,
"misp:meta-category=\"file\""
] ,
"x_misp_attributes" : [
{
"type" : "text" ,
"object_relation" : "name" ,
"value" : ".rsrc" ,
"category" : "Other" ,
"uuid" : "735b2433-2a6e-4163-983d-d4b2736da6c7"
} ,
{
"type" : "size-in-bytes" ,
"object_relation" : "size-in-bytes" ,
"value" : "178176" ,
"category" : "Other" ,
"uuid" : "bd879bcf-90ad-4531-89a0-b1bbd21dd5a2"
} ,
{
"type" : "float" ,
"object_relation" : "entropy" ,
"value" : "7.9615599049273" ,
"category" : "Other" ,
"uuid" : "508eaf0b-8c61-4e60-864e-1696efa923ee"
} ,
{
"type" : "md5" ,
"object_relation" : "md5" ,
"value" : "50d7fbee853a4e85c8774541baed7450" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "9279aabe-4c02-4565-bedd-5028ff469dbf"
} ,
{
"type" : "sha1" ,
"object_relation" : "sha1" ,
"value" : "0bf92ada61fec0bdfe0c225ab918a390cd5cd96e" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "06802101-82ff-4f01-afad-9d7229a60584"
} ,
{
"type" : "sha256" ,
"object_relation" : "sha256" ,
"value" : "9d1987fc565c410cd9e62c0d549824ed574a3f12ba6a7fd55fd29c3846c8d194" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "f30c604f-f9b1-4674-af6a-9ffe223ea349"
} ,
{
"type" : "sha512" ,
"object_relation" : "sha512" ,
"value" : "8213ed90c7395fb7667060812f319dffdeecdd8b9a15df320d0cd9f2ce46977003716be4abd5c7e1d995978bf6e3a32c5cfa2c44da88cef13de7938d92c83254" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "cd7e356f-9f75-402c-8a7f-bd69179d329b"
} ,
{
"type" : "ssdeep" ,
"object_relation" : "ssdeep" ,
"value" : "3072:vPkI7w2dWn9+xQdhh4/xc1M31WH0THsOCVBz9amqWAl/l6hxrgQpTLEM9:vsItWn9EQdhKLP3OxImqtextp/Ei" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "420945b5-6880-42ff-a3c8-d642c14c004a"
}
] ,
"x_misp_meta_category" : "file" ,
"x_misp_name" : "pe-section"
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--14220d97-dcbc-4c77-9a07-dfb2fd365b9d" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-12-28T07:57:44.000Z" ,
"modified" : "2018-12-28T07:57:44.000Z" ,
"labels" : [
"misp:name=\"pe-section\"" ,
"misp:meta-category=\"file\""
] ,
"x_misp_attributes" : [
{
"type" : "text" ,
"object_relation" : "name" ,
"value" : ".reloc" ,
"category" : "Other" ,
"uuid" : "a233eb41-3db4-47fe-a9e0-651c6feed212"
} ,
{
"type" : "size-in-bytes" ,
"object_relation" : "size-in-bytes" ,
"value" : "3072" ,
"category" : "Other" ,
"uuid" : "594ab256-ba20-4f51-b861-50047b296ff5"
} ,
{
"type" : "float" ,
"object_relation" : "entropy" ,
"value" : "3.5959273270587" ,
"category" : "Other" ,
"uuid" : "dfe03f78-6fb6-4d64-a66a-90270f603f53"
} ,
{
"type" : "md5" ,
"object_relation" : "md5" ,
"value" : "c38d6b4dd72f6c203b9b6e6f7b600c95" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "964a7716-0648-4698-8d11-27a4126a9b9e"
} ,
{
"type" : "sha1" ,
"object_relation" : "sha1" ,
"value" : "0664d776696abe79a6c1847a2678c89d7d52e643" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "e19ae793-3c4a-453a-b39a-49c21689b204"
} ,
{
"type" : "sha256" ,
"object_relation" : "sha256" ,
"value" : "34ec2817a0ba5a3761e0d5c570e14a712babf9e5589e8e5865d9f8ddc033a05e" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "245257fa-c390-42c5-9d49-0629dedade4a"
} ,
{
"type" : "sha512" ,
"object_relation" : "sha512" ,
"value" : "fded8ac76d489b9311f56aa38571c356bb2b14af2335b5c2738cedb77d58f3ac5f70d99ad1ba68d8133037ba450d41981085da6a6328dbf9109371add2890ac0" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "7b3337a9-0cf9-4d3a-8420-634dd8104793"
} ,
{
"type" : "ssdeep" ,
"object_relation" : "ssdeep" ,
"value" : "12:vqAG/n4n/oJFM3EMUH8FMsSFng9HoAIgo+hK1vveQggQHHHHHoAIgoAI+lKs0gXE:uM3EMUH8+heFuvvgRKs0q7/UklsJ" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "7cedc476-8221-4825-8ac3-7770d2331514"
}
] ,
"x_misp_meta_category" : "file" ,
"x_misp_name" : "pe-section"
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--1d433c6a-3ff0-4099-9285-f26dc57988ed" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-12-28T07:57:46.000Z" ,
"modified" : "2018-12-28T07:57:46.000Z" ,
"labels" : [
"misp:name=\"pe-section\"" ,
"misp:meta-category=\"file\""
] ,
"x_misp_attributes" : [
{
"type" : "size-in-bytes" ,
"object_relation" : "size-in-bytes" ,
"value" : "92160" ,
"category" : "Other" ,
"uuid" : "30ac3be3-d59b-4cbb-beba-ba0c7d315548"
} ,
{
"type" : "float" ,
"object_relation" : "entropy" ,
"value" : "7.9976290331568" ,
"category" : "Other" ,
"uuid" : "91eadc8b-3481-43b6-9cc5-eea1d046ad56"
} ,
{
"type" : "md5" ,
"object_relation" : "md5" ,
"value" : "0df19b2f4a86d4deff0d9d1408238808" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "98b6802a-b551-46ae-bfa7-a478fc2ae529"
} ,
{
"type" : "sha1" ,
"object_relation" : "sha1" ,
"value" : "7dbbf319c0cbb7d598859caae37bdca71a510cc9" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "6ed412e6-e69d-48fd-94ee-fb110ac99155"
} ,
{
"type" : "sha256" ,
"object_relation" : "sha256" ,
"value" : "c83c72127dabeae4a2c020b348fa722e6b458f9f42fe1056d2890f45b8f388a7" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "a89c3ddd-f900-4df8-82a6-e48854883950"
} ,
{
"type" : "sha512" ,
"object_relation" : "sha512" ,
"value" : "92fb2a3f70ffd15ce4a4ecd244458ebbf7d4760c5a149f898e4439c93e3cf240c6d991e33082d612e05f11678f4ca144b12411d55f66ace0fb5ce97bb77cc476" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "17363175-bdc4-4b9b-a05b-faffe031902e"
} ,
{
"type" : "ssdeep" ,
"object_relation" : "ssdeep" ,
"value" : "1536:JCLlRNzYX9gJXNwDcmBmzHb0q+GPlhmtTVpwhEnrtOqiUzP/aRN/lD5PPmL:JgN8IXCDpBmc6PEnwhOZOqPzncDtm" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "ca8d58cd-8382-4cb9-a6e4-3f139c265f54"
}
] ,
"x_misp_meta_category" : "file" ,
"x_misp_name" : "pe-section"
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--45bbb02f-ab78-4ba1-819d-a3347369d155" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-12-28T07:57:46.000Z" ,
"modified" : "2018-12-28T07:57:46.000Z" ,
"labels" : [
"misp:name=\"pe-section\"" ,
"misp:meta-category=\"file\""
] ,
"x_misp_attributes" : [
{
"type" : "size-in-bytes" ,
"object_relation" : "size-in-bytes" ,
"value" : "13312" ,
"category" : "Other" ,
"uuid" : "fab3a50b-f934-41d9-b326-c760d61bd4fa"
} ,
{
"type" : "float" ,
"object_relation" : "entropy" ,
"value" : "7.9456438323275" ,
"category" : "Other" ,
"uuid" : "049db129-e1bb-443a-ae58-253a854f3337"
} ,
{
"type" : "md5" ,
"object_relation" : "md5" ,
"value" : "e4abb06763d8b59b2acd6958e35757e0" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "dce691f4-ed1b-4b50-b04d-01c46a8d62e1"
} ,
{
"type" : "sha1" ,
"object_relation" : "sha1" ,
"value" : "ca09c0c8a2440bf06295e930bab7f1f8cbb60faa" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "e37e3586-2647-4cb0-abac-a7d7d7c7fdba"
} ,
{
"type" : "sha256" ,
"object_relation" : "sha256" ,
"value" : "88e0b04681abbe603f4f4e160e972b8172baf7e87e055e5b27b15cd13ae0722d" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "8e3148d5-da37-4914-8e65-32c73cbfcd0a"
} ,
{
"type" : "sha512" ,
"object_relation" : "sha512" ,
"value" : "2adecfb2eabd9d91aeed0be5fdeaebc9dc0af5ab2de034be8ac0e4b48442a5cb85a589674cfff6354981b53b6ce1d9d29ed4863aa6dfc9cfa90f653ecaf5ea55" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "07652f70-1946-4873-909e-0d58096bfb30"
} ,
{
"type" : "ssdeep" ,
"object_relation" : "ssdeep" ,
"value" : "384:WUh4A2lHA8lRg0IdIjQE6O0Kcte/5FUS/0Bkx3qpydLhXW:T4lHpqtdKQENh+580Bkxa" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "a41972e8-b67b-46ec-a49f-5d6c58e20314"
}
] ,
"x_misp_meta_category" : "file" ,
"x_misp_name" : "pe-section"
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--2cac037c-bb77-4353-ad9c-e17a172cd779" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-12-28T07:57:46.000Z" ,
"modified" : "2018-12-28T07:57:46.000Z" ,
"labels" : [
"misp:name=\"pe-section\"" ,
"misp:meta-category=\"file\""
] ,
"x_misp_attributes" : [
{
"type" : "size-in-bytes" ,
"object_relation" : "size-in-bytes" ,
"value" : "11264" ,
"category" : "Other" ,
"uuid" : "7274e566-d4cd-4e42-a495-18162198e054"
} ,
{
"type" : "float" ,
"object_relation" : "entropy" ,
"value" : "7.9415040964491" ,
"category" : "Other" ,
"uuid" : "da383770-4732-4d9f-8ba4-a456dee19709"
} ,
{
"type" : "md5" ,
"object_relation" : "md5" ,
"value" : "b5916eed7f9fc8eef435f6930435391e" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "cfc15a95-0e80-4acf-8eca-2497640ede93"
} ,
{
"type" : "sha1" ,
"object_relation" : "sha1" ,
"value" : "3df10439fc781d94dd09587dba7f4b6ecbb95ea0" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "1be86d2e-1979-416a-8d62-b3e3c1c511b3"
} ,
{
"type" : "sha256" ,
"object_relation" : "sha256" ,
"value" : "6063e5ec0f84f451f5baaeed515818df9b36f02f38608f128ba9c15dac340dd9" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "9c557939-3f17-4ad2-86b5-71068f4565c9"
} ,
{
"type" : "sha512" ,
"object_relation" : "sha512" ,
"value" : "4729c85c03958b286289c3ccd49fbadb8335ffdd133ab091077917c3d80db05f1b3f7217737502efcd2be2d70824b1607f9f6a7f10157a631d0197b472804243" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "6095d436-fa7c-449b-beb1-b5b1518a3915"
} ,
{
"type" : "ssdeep" ,
"object_relation" : "ssdeep" ,
"value" : "192:m1NaO3dPdfbn49IOIZ2ivbkvG1nZ/URcFqXJwVSPNfZBs5:m2IPdsS/MivgvCZ8RcAXJwIPtHy" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "87241bd9-3619-42d1-ba9d-ff3d021f4465"
}
] ,
"x_misp_meta_category" : "file" ,
"x_misp_name" : "pe-section"
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--a84f8547-af96-40af-8821-230616c09f53" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-12-28T07:57:46.000Z" ,
"modified" : "2018-12-28T07:57:46.000Z" ,
"labels" : [
"misp:name=\"pe-section\"" ,
"misp:meta-category=\"file\""
] ,
"x_misp_attributes" : [
{
"type" : "size-in-bytes" ,
"object_relation" : "size-in-bytes" ,
"value" : "7680" ,
"category" : "Other" ,
"uuid" : "c8341732-8cc8-4f4d-a13d-efa2b9d30ead"
} ,
{
"type" : "float" ,
"object_relation" : "entropy" ,
"value" : "7.8320185946322" ,
"category" : "Other" ,
"uuid" : "2cb46601-cdb1-44a2-921d-7845817a194f"
} ,
{
"type" : "md5" ,
"object_relation" : "md5" ,
"value" : "37b2435a5411df97ec7a28433f267359" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "aadd90f6-ff3a-4778-8ec4-cd248fcdc8a5"
} ,
{
"type" : "sha1" ,
"object_relation" : "sha1" ,
"value" : "6a77b8e957bcb877ba637104ed304a9e45cc4943" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "7870ecd0-a250-4c0d-b76d-ef622d375aa0"
} ,
{
"type" : "sha256" ,
"object_relation" : "sha256" ,
"value" : "ee53e1bd592495987619f9366eb65f97aa5908721b65dcb33b82a5857c5bd01a" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "e217e261-9397-4e4f-b494-f2d17182cec5"
} ,
{
"type" : "sha512" ,
"object_relation" : "sha512" ,
"value" : "1d2ff5cfce297f456e8e4c464246c5dac6c959d70fa50b40cb2c65b7daee569576897ee259a89bb5801ea4223f95e22fc4be167e059f59bdda623be9db7bf074" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "3417cef5-2c09-4cb5-b886-bb410c2f119a"
} ,
{
"type" : "ssdeep" ,
"object_relation" : "ssdeep" ,
"value" : "192:Y/zvRxuxKyfCs4ATLeoBYSA86+g1yTz1KkMbtNzM58fl:gvRyDtTL0jN1yfQXbHS8" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "55898f1d-df42-4eb3-bbff-aa04ce325a7d"
}
] ,
"x_misp_meta_category" : "file" ,
"x_misp_name" : "pe-section"
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--c10d11c3-4b8c-47ba-8bcf-59fe5cdd43ad" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-12-28T07:57:46.000Z" ,
"modified" : "2018-12-28T07:57:46.000Z" ,
"labels" : [
"misp:name=\"pe-section\"" ,
"misp:meta-category=\"file\""
] ,
"x_misp_attributes" : [
{
"type" : "size-in-bytes" ,
"object_relation" : "size-in-bytes" ,
"value" : "177664" ,
"category" : "Other" ,
"uuid" : "a79fb449-266f-403c-a03c-bf367a56d97f"
} ,
{
"type" : "float" ,
"object_relation" : "entropy" ,
"value" : "7.9989145284078" ,
"category" : "Other" ,
"uuid" : "18f0897e-2a39-4e13-993e-db4cd75deca1"
} ,
{
"type" : "md5" ,
"object_relation" : "md5" ,
"value" : "265ea2f012973e1d1d61a2a3b076257a" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "82c1c4c4-0e33-49e7-b697-8894eaad6344"
} ,
{
"type" : "sha1" ,
"object_relation" : "sha1" ,
"value" : "dc31ae1d8cb037aa186feaf0ca51a58ac28607b3" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "4a67da00-a140-4817-b94a-4bc614935f36"
} ,
{
"type" : "sha256" ,
"object_relation" : "sha256" ,
"value" : "656447600a622143ed38cb8f4eb37e0e4c05b7feb1287b80b06153c4336494e5" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "ac3826b4-15eb-4e20-829b-d685c0ab2d8a"
} ,
{
"type" : "sha512" ,
"object_relation" : "sha512" ,
"value" : "f2f50fcad565b70fcdb8ff90cecb52e33c5082a1512ef1ae37c21e9eb9c8f9ce3244cae70eff99b9196fc0542d62fbe2d804f609839077c357d0e93bbeed353b" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "e29c8665-0b41-46c8-b329-84104e383c65"
} ,
{
"type" : "ssdeep" ,
"object_relation" : "ssdeep" ,
"value" : "3072:Ht/z1bfLOtbUtRuC066GgbFNL+5reOWHxYfCrPaZEvYoTWOUJwwMoNJH3u3J2qFr:HtNfwbUtRuCr6zjAnWH2fKbYoTOwJ2qJ" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "cc552ba9-bef3-4d02-b00d-2db88bdc151f"
}
] ,
"x_misp_meta_category" : "file" ,
"x_misp_name" : "pe-section"
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--aaa2916d-ce88-42de-b4d6-71244c10d7e7" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-12-28T07:57:46.000Z" ,
"modified" : "2018-12-28T07:57:46.000Z" ,
"labels" : [
"misp:name=\"pe-section\"" ,
"misp:meta-category=\"file\""
] ,
"x_misp_attributes" : [
{
"type" : "size-in-bytes" ,
"object_relation" : "size-in-bytes" ,
"value" : "1536" ,
"category" : "Other" ,
"uuid" : "7d134479-f575-4cd1-a81e-669bc0424893"
} ,
{
"type" : "float" ,
"object_relation" : "entropy" ,
"value" : "7.8485683932965" ,
"category" : "Other" ,
"uuid" : "e950946c-cf9c-4eb9-bd08-26948b08ebbc"
} ,
{
"type" : "md5" ,
"object_relation" : "md5" ,
"value" : "247b6cf36ce0933afa9245b77c824fcd" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "f295771b-bf2a-418b-a366-486445e6cb56"
} ,
{
"type" : "sha1" ,
"object_relation" : "sha1" ,
"value" : "bbfcca07ac95f5180093ace4e08578d68f8b4adb" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "22e8029d-bdce-444a-b8fc-5e45dcf46c7e"
} ,
{
"type" : "sha256" ,
"object_relation" : "sha256" ,
"value" : "9377716dd6c82bea0481dc2c7cc4b95db53fd7cac46e9bb124efc9614a273d56" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "081c5173-c5c8-43ae-9b71-e57c22586152"
} ,
{
"type" : "sha512" ,
"object_relation" : "sha512" ,
"value" : "a138e7f213e1f407a45798c1729ac29a1f9a9016015245b39c2bbfbe1c30e04b56ceddd76dbc30f475b82611359b4201ef474fb2e2aeb30d10607dea598ef535" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "9f176ab6-2002-4a73-8142-a350a4e17d8e"
} ,
{
"type" : "ssdeep" ,
"object_relation" : "ssdeep" ,
"value" : "24:4Ax28T++ItP48LR9WuuYMIT/FhJSjX9Y9DkW4gDelksrS5Jgibd7KS3GagJ:V28T++IW8t9Wfwdm9U5ClksrCt5PDgJ" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "34eb84bd-95df-4fde-b708-aa8d8c514ba9"
}
] ,
"x_misp_meta_category" : "file" ,
"x_misp_name" : "pe-section"
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--305a29ce-eade-4735-acc2-1c44304f781a" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-12-28T07:57:46.000Z" ,
"modified" : "2018-12-28T07:57:46.000Z" ,
"labels" : [
"misp:name=\"pe-section\"" ,
"misp:meta-category=\"file\""
] ,
"x_misp_attributes" : [
{
"type" : "text" ,
"object_relation" : "name" ,
"value" : ".rsrc" ,
"category" : "Other" ,
"uuid" : "a01effba-b5d7-4c03-976d-5f4e232247f0"
} ,
{
"type" : "size-in-bytes" ,
"object_relation" : "size-in-bytes" ,
"value" : "2048" ,
"category" : "Other" ,
"uuid" : "1798bd0f-70a4-439f-b1a6-b17f3260eb46"
} ,
{
"type" : "float" ,
"object_relation" : "entropy" ,
"value" : "3.6116064980795" ,
"category" : "Other" ,
"uuid" : "982a30b4-1279-493b-acdf-c59a7a9b0beb"
} ,
{
"type" : "md5" ,
"object_relation" : "md5" ,
"value" : "deef08361c6418703700a26d487c6923" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "f9c9d8c7-493b-45ba-a0b5-2424e39f204c"
} ,
{
"type" : "sha1" ,
"object_relation" : "sha1" ,
"value" : "0fc03aa527f31489f2d7a9d6bdf548c738842b00" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "4e0cdee3-50a7-4fa2-ac99-279f3615a7aa"
} ,
{
"type" : "sha256" ,
"object_relation" : "sha256" ,
"value" : "c98dc270e01c2bebfb3986787f686824f6a50c4fc567bd29ddc6ac29f6e8d1f1" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "b3c3b15e-f092-4438-9423-a2747b9eb967"
} ,
{
"type" : "sha512" ,
"object_relation" : "sha512" ,
"value" : "4cde259a1851d8b920154edf27c7c6be9ab7d36051bce33a5798ca25445e2ec36c1481c62769ba86eaa0dda7d9fce7a300fd174f9c23230b432bb033f2a09501" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "3b68cae4-9b2e-43ba-bbee-c2a88adace0b"
} ,
{
"type" : "ssdeep" ,
"object_relation" : "ssdeep" ,
"value" : "48:G0XB1vlDacmj9GZFCufNfInFC/cTTqgCS:G0XLvtmEUuFQnULgC" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "5ece4e7d-e7a2-49c8-be4b-8999219dc1a1"
}
] ,
"x_misp_meta_category" : "file" ,
"x_misp_name" : "pe-section"
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--8eaec159-c57a-4010-93a6-580ffa89ba71" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-12-28T07:57:47.000Z" ,
"modified" : "2018-12-28T07:57:47.000Z" ,
"labels" : [
"misp:name=\"pe-section\"" ,
"misp:meta-category=\"file\""
] ,
"x_misp_attributes" : [
{
"type" : "size-in-bytes" ,
"object_relation" : "size-in-bytes" ,
"value" : "245248" ,
"category" : "Other" ,
"uuid" : "a6522915-89a3-47ab-a0d1-c3bc8359d50e"
} ,
{
"type" : "float" ,
"object_relation" : "entropy" ,
"value" : "7.999104414694" ,
"category" : "Other" ,
"uuid" : "bc1d6325-1952-4f46-b388-0565fda420fe"
} ,
{
"type" : "md5" ,
"object_relation" : "md5" ,
"value" : "a89543a93cc6103f08eed75483238d18" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "c4b38c1c-e64e-4d57-891d-029613ef699f"
} ,
{
"type" : "sha1" ,
"object_relation" : "sha1" ,
"value" : "4527506910921f4b168236078a1a3f788bb62069" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "66b65ad8-5f98-4462-aab5-e47a7d4563bb"
} ,
{
"type" : "sha256" ,
"object_relation" : "sha256" ,
"value" : "6f8cf2d401feb2025f8ed0353638ac4e99de94b60fa5b5d4036faf5060c5d73d" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "0cc5cdf5-fb6d-440c-b08f-ab8ea95ed25d"
} ,
{
"type" : "sha512" ,
"object_relation" : "sha512" ,
"value" : "b8f96b1d006c1a137907ca2143ba48577fc72b97217fbd02615f4c34b6df3a47c2ddf1c86c78e950feb2dc8c6c43dcb397ff3c201d49de5ef2106ee3ad1654b6" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "3075f13a-a4a6-429e-ac27-e18716aa10f5"
} ,
{
"type" : "ssdeep" ,
"object_relation" : "ssdeep" ,
"value" : "6144:L2F2mSt6wU+Y0PuvZVOGIh97gtmQVJCqklJhvmlLmMzeabg:Lnu+Y0mvLOcfrChJhvmliMI" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "3dc54be8-f6e2-460e-b17d-1891cefac070"
}
] ,
"x_misp_meta_category" : "file" ,
"x_misp_name" : "pe-section"
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--ef11870a-41f0-4f64-a83e-84fbc2eca7b0" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-12-28T07:57:47.000Z" ,
"modified" : "2018-12-28T07:57:47.000Z" ,
"labels" : [
"misp:name=\"pe-section\"" ,
"misp:meta-category=\"file\""
] ,
"x_misp_attributes" : [
{
"type" : "size-in-bytes" ,
"object_relation" : "size-in-bytes" ,
"value" : "1243136" ,
"category" : "Other" ,
"uuid" : "5ea6b5fe-3362-4bf3-b103-8f429d8e3480"
} ,
{
"type" : "float" ,
"object_relation" : "entropy" ,
"value" : "7.9712731055236" ,
"category" : "Other" ,
"uuid" : "ce82b1b7-7715-4f5e-a3b4-32116f01fd4e"
} ,
{
"type" : "md5" ,
"object_relation" : "md5" ,
"value" : "38a76cd6572c66a48f91f9dd5297d6d0" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "1d3447b3-1be1-4785-b142-9cb0d7eb4116"
} ,
{
"type" : "sha1" ,
"object_relation" : "sha1" ,
"value" : "1472ed40a3f3d548df68cfcc36047f0fa6520f99" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "7b77e373-212c-4b3d-9599-2a0dc184c71a"
} ,
{
"type" : "sha256" ,
"object_relation" : "sha256" ,
"value" : "b956242f4fcb8c4ce895aeb80ba9ac943c5dcaf385d9d80524d1e5f3702b2b26" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "863288a6-281b-45e1-b416-2e20ca8ab393"
} ,
{
"type" : "sha512" ,
"object_relation" : "sha512" ,
"value" : "4a8bf5392dfe3b37b6f578748553d935965dd531b461bddf7dae358bdfe149c525487da69a0e18bd88e4af2c7dcadf3c6909fbc4bbb0ec4e906c9a05536db143" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "e5ed984a-21a2-46c2-9cf2-3c0308ad1bcd"
} ,
{
"type" : "ssdeep" ,
"object_relation" : "ssdeep" ,
"value" : "24576:RkioKFvekj7fU2A+XTqHElLZW7RwDyEkZXxU2YFDIH+pPKyFXkvCL:RPdpes78CqH0LZtfoiFDIH+pPKo+CL" ,
"category" : "Payload delivery" ,
"to_ids" : true ,
"uuid" : "86e75b52-bed7-485a-9715-c1cd755b8675"
}
] ,
"x_misp_meta_category" : "file" ,
"x_misp_name" : "pe-section"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2023-05-19 09:05:37 +00:00
"id" : "relationship--86aa675a-0ac5-4874-8684-d2a9e935085f" ,
2023-04-21 14:44:17 +00:00
"created" : "2021-05-24T09:52:20.000Z" ,
"modified" : "2021-05-24T09:52:20.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "indicator--5c25d9a9-8268-48c3-a22a-4a5a950d210f" ,
"target_ref" : "x-misp-object--6e07ffc3-1402-4bf4-a5b3-c12be1a92752"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2023-05-19 09:05:37 +00:00
"id" : "relationship--8c74bcf0-f732-4c8b-a969-57caaf6ed175" ,
2023-04-21 14:44:17 +00:00
"created" : "2021-05-24T09:52:20.000Z" ,
"modified" : "2021-05-24T09:52:20.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "indicator--5c25d9ad-5d0c-4e7d-b44a-4364950d210f" ,
"target_ref" : "x-misp-object--56a5559a-9b13-4b0a-a4df-82aef6ecd4f1"
} ,
{
"type" : "marking-definition" ,
"spec_version" : "2.1" ,
"id" : "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ,
"created" : "2017-01-20T00:00:00.000Z" ,
"definition_type" : "tlp" ,
"name" : "TLP:WHITE" ,
"definition" : {
"tlp" : "white"
}
}
]
}