839 lines
991 KiB
JSON
839 lines
991 KiB
JSON
|
{
|
||
|
|
"type": "bundle",
|
||
|
|
"id": "bundle--5d71e617-63fc-4314-bbc3-29a606536f63",
|
||
|
|
"objects": [
|
||
|
|
{
|
||
|
|
"type": "identity",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2024-09-03T08:16:05.000Z",
|
||
|
|
"modified": "2024-09-03T08:16:05.000Z",
|
||
|
|
"name": "CIRCL",
|
||
|
|
"identity_class": "organization"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "report",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "report--5d71e617-63fc-4314-bbc3-29a606536f63",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2024-09-03T08:16:05.000Z",
|
||
|
|
"modified": "2024-09-03T08:16:05.000Z",
|
||
|
|
"name": "Malicious comment on GitHub pointing to malware",
|
||
|
|
"published": "2024-09-03T08:17:17Z",
|
||
|
|
"object_refs": [
|
||
|
|
"indicator--317e63e6-b95d-4dd1-b4fd-de2f64f33fd8",
|
||
|
|
"observed-data--df23d3be-1179-4824-ac03-471f0bc6d92d",
|
||
|
|
"user-account--df23d3be-1179-4824-ac03-471f0bc6d92d",
|
||
|
|
"indicator--b0aae79f-3a6a-4ba5-8b21-375bb3305efc",
|
||
|
|
"x-misp-object--8a154039-951c-4924-9980-7b8e7e8afe7a",
|
||
|
|
"indicator--3dc26a75-5d39-4222-afd4-a986fa130172",
|
||
|
|
"indicator--09db0c2d-4b96-47dd-a090-e2f11d65f2cb",
|
||
|
|
"indicator--eec6f067-731c-4d51-9df6-a24c6518facc",
|
||
|
|
"observed-data--f5fa41ed-e37e-4739-be1d-f5fd79cb2289",
|
||
|
|
"user-account--f5fa41ed-e37e-4739-be1d-f5fd79cb2289",
|
||
|
|
"observed-data--6f65c1b1-b47f-4053-8b74-80a181257743",
|
||
|
|
"user-account--6f65c1b1-b47f-4053-8b74-80a181257743",
|
||
|
|
"indicator--f0c02983-76c2-49d0-ab74-57b87b236e5e",
|
||
|
|
"indicator--7022c31a-7485-4207-9441-633d6eeffd69",
|
||
|
|
"indicator--93750a61-e8af-4ce7-8379-01c412c92e26",
|
||
|
|
"x-misp-object--b4aa4ee7-b51f-4b38-943a-a0a1fe739e8e",
|
||
|
|
"indicator--8d7ac196-23ad-48a3-a4e6-b651c410bb17",
|
||
|
|
"x-misp-object--95ee55e7-5e03-4357-ad25-abe4430fa994",
|
||
|
|
"x-misp-object--250020a0-9d77-42ce-952d-d54dc39d059d",
|
||
|
|
"x-misp-object--6047f4e3-ff29-4683-9ec8-09fa0b18ff8e",
|
||
|
|
"x-misp-object--055ebc84-93ed-411c-8ea8-9164f9d63eba",
|
||
|
|
"relationship--9908db26-491c-4ec0-a496-cc0db51ede9a",
|
||
|
|
"relationship--a518967e-78de-489e-b9b0-8a12d642044c",
|
||
|
|
"relationship--4a471ca2-4045-4968-8e66-87174b37d3b8",
|
||
|
|
"relationship--97672ed6-5da6-4ae7-8792-8b89a25b62d4",
|
||
|
|
"relationship--f6ca4614-99a5-452c-8e4d-416e84709c10",
|
||
|
|
"relationship--18fe53dc-89e4-4c0d-9d4c-22e6dcab3587",
|
||
|
|
"relationship--efd36caf-7d75-4f36-8aae-0bb23ed76916",
|
||
|
|
"relationship--792d0e06-603d-4bf9-a13b-93ccd69c4279",
|
||
|
|
"relationship--52e6b398-1114-4e67-b564-d2e8d4c11e20"
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"Threat-Report",
|
||
|
|
"misp:tool=\"MISP-STIX-Converter\"",
|
||
|
|
"type:OSINT",
|
||
|
|
"osint:lifetime=\"perpetual\"",
|
||
|
|
"tlp:clear",
|
||
|
|
"misp-galaxy:mitre-attack-pattern=\"Spear phishing messages with malicious attachments - T1367\""
|
||
|
|
],
|
||
|
|
"object_marking_refs": [
|
||
|
|
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--317e63e6-b95d-4dd1-b4fd-de2f64f33fd8",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2024-08-27T08:56:59.000Z",
|
||
|
|
"modified": "2024-08-27T08:56:59.000Z",
|
||
|
|
"description": "Original RAR file",
|
||
|
|
"pattern": "[file:hashes.SHA1 = '7edc546f741eff3e13590a62ce2856bb39d8f71d']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2024-08-27T08:56:59Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "Payload delivery"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:type=\"sha1\"",
|
||
|
|
"misp:category=\"Payload delivery\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "observed-data",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "observed-data--df23d3be-1179-4824-ac03-471f0bc6d92d",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2024-08-27T08:59:09.000Z",
|
||
|
|
"modified": "2024-08-27T08:59:09.000Z",
|
||
|
|
"first_observed": "2024-08-27T08:59:09Z",
|
||
|
|
"last_observed": "2024-08-27T08:59:09Z",
|
||
|
|
"number_observed": 1,
|
||
|
|
"object_refs": [
|
||
|
|
"user-account--df23d3be-1179-4824-ac03-471f0bc6d92d"
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:name=\"github-user\"",
|
||
|
|
"misp:meta-category=\"misc\"",
|
||
|
|
"misp:to_ids=\"False\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "user-account",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "user-account--df23d3be-1179-4824-ac03-471f0bc6d92d",
|
||
|
|
"account_login": "MirsonMboa",
|
||
|
|
"account_type": "github",
|
||
|
|
"x_misp_profile_image": {
|
||
|
|
"value": "114339026.jpeg",
|
||
|
|
"data": "/9j/2wCEAAgGBgcGBQgHBwcJCQgKDBQNDAsLDBkSEw8UHRofHh0aHBwgJC4nICIsIxwcKDcpLDAxNDQ0Hyc5PTgyPC4zNDIBCQkJDAsMGA0NGDIhHCEyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMv/AABEIAcwBzAMBIgACEQEDEQH/xAGiAAABBQEBAQEBAQAAAAAAAAAAAQIDBAUGBwgJCgsQAAIBAwMCBAMFBQQEAAABfQECAwAEEQUSITFBBhNRYQcicRQygZGhCCNCscEVUtHwJDNicoIJChYXGBkaJSYnKCkqNDU2Nzg5OkNERUZHSElKU1RVVldYWVpjZGVmZ2hpanN0dXZ3eHl6g4SFhoeIiYqSk5SVlpeYmZqio6Slpqeoqaqys7S1tre4ubrCw8TFxsfIycrS09TV1tfY2drh4uPk5ebn6Onq8fLz9PX29/j5+gEAAwEBAQEBAQEBAQAAAAAAAAECAwQFBgcICQoLEQACAQIEBAMEBwUEBAABAncAAQIDEQQFITEGEkFRB2FxEyIygQgUQpGhscEJIzNS8BVictEKFiQ04SXxFxgZGiYnKCkqNTY3ODk6Q0RFRkdISUpTVFVWV1hZWmNkZWZnaGlqc3R1dnd4eXqCg4SFhoeIiYqSk5SVlpeYmZqio6Slpqeoqaqys7S1tre4ubrCw8TFxsfIycrS09TV1tfY2dri4+Tl5ufo6ery8/T19vf4+fr/2gAMAwEAAhEDEQA/AMzBqKQfun+lT45qNx8jfQ1wrc6jlLwf6HL9KwmAD8elbt9/x6S1huCJPwrshsc8txq1L61En1qYZI/CrZIq/cFOxSL90UvbNIpDG6Uxj0qQ9KjboKAHGmHnP0pxppH3/wDdpAxIx+7FOpqk7BxSmgBCaYT1+lOyR2pDznpQAg+6K91+Cv8AyKt5/wBfbf8AoK14UB8or3T4LDHha7P/AE9n/wBBWsMT8BpS+I9JPvUJ++frUzcLUD8Oa886CRetP6mol6VIORQA6qd5JgEA1cqjLGZG5ppAc9LZNeXOWyQKLrTlRMKO1dNDaKq5xzVO8RI1Jc1spMzkjz+eAxSH0poGK2LiJbi4zj5RVe8jjjUKvBrqi7mLRRxUsMfmOFxmoxyOK07ZFhj3H71U2TYsLB5EQdm28ZAFUZZC7Ek5pbm8MnyiqwyaSHfoWYMB8mrbXCKOOtZ654qUAY5osA55DI2TQKaKdQA4dacvWm04cUAO6GgGkPXNKKAAVk3xzdv+H8q1u9ZFxl7519WxTQmdh4fi22QYdSqjH0FO1JsMieu5j+dWNPUQwdMYJyPpVHUDIbiLJAQgfrXS/hsZJanA+I3D+IrjB+4gX8hS+F7cT63CGGQmZD+HT9apalMZtXvpeuZGAP44/pW/4MgP2yeUjhUCg+5Of6Vh9ouTtA6q4iaO1k+cYIwRUd4QIlHsKt3i5tiPcVn3bFvwrrUbHl812U+pA9TUtzpKS4mjzFKBwy9/rTE/1iCtOW5ht7cvI4VQOtMuLa2ObtrOe5upVkckBsP710FvapCoAXAHpWLp2oRLcyq7bRI+4MeldCrK4+Uj61Rc27jvlHQGlBXIySPrSY7d6XFSQJIAVODxWVd7lQ4OfatJiQpGPpVK+G23Zj6Uxow7JX8t3BxuYmpGDFsnFT2UYFqp9eaZIoDniiTNFuc3jjNNcDy2+lS01x8h+leQeochfD/RJawpPvD6Vv6gP9ElrBm++v8Au11w2MZbka+9SrUajJqUVbEAYbR1pTyOFNLk5o59akY0huy4+tIwJxnFOOTTT+tAwOM0h5Vh60HpRQAwIAME0mxT3px60hoEJtT3NSJbGVHaOMlUGSTViysHunBIxGOprauoY7ewlijXAVCKiU0nY0jTbV2csa91+C2D4VvD/wBPR/8AQVrws17p8Fxjwrc+903/AKCKzxP8MKfxHo7c8e1QP98+tWDnOKhk5O71rzzoBTxUi1CDUimmBL9aAqjtSGo5Zgi+9NCFeQjIHSsu5ge5bbz1qRr9AcZpkusxQp1UVpFEtkEtlDax/MOa5O/fdOxXpWxeak94Tt+561lXkiLHtH3zXRTTRlLUpxnHWpHlJTAJqEMAKevzYrZoyAU9OcU54tozTBxQMsA4FLuBGKhHNPWkMeDTs00dadSAcDTl5po608daBCmloPWjjFAAKy4AJNWjz0aYfzrUPCk+1Z+lgNqEZPbc36GqhuKR2dkxe2VyDypI/E1T1Bsagi/3f5VqwRiOzSP0AFYesOIhfXB6RwSN+Sk/0rpnG2plF3Z5iCZZJXPVmz+J5rv/AAnB5WmCQ/xsW/oP5V59atvtlYdGYfyr1HRIhHpNuo/uisI/EOu7QLlwCbdjWXdNha1bk4tnJ6AZrlpZZNQy5Yx23YDq3vXWjzkritdkT7YE8yQfkPrVhNNMiPdXkhkcAkKfur+FMs0TzlVFAVR0xWrfts06Zjx8h4pmifYy9MsVn00sUzuJPNAhuLAkwMWXPMbdD9PStDSI2jsIgScEZ/OrckQNDuVza6lO21GO4IjbKSjqp/p61fRg4ODzWRqNqvkPJ/EnIPcVdsJDJboW6lQelLcTXVFhgQBnpWbrLbLNyPStMnnNY+tNmAIMfMwFUEdxLYBbVBj+EVA0Ts7EDIzVtfliUbccVCmX3H/aPQVEtC4K7OXxTGHyt9Kkwaaw+U/SvMPUOS1Ef6HN9a5+YYKH2rotSUm0lxXPzj/Vn2rppmMtyFR/OpV4+tRR9ak5q2SScUlNRdyZJOadsHvUlIaW+lIW9xSlF9KTC+goAbvHrSbh60/gfwihTlsKoz9KAI92T0NWbWFXkDSo5Qf3R1rTsNN3r5lwMeiit6K7e3iCRxxKB/sCs5VOiNY03uzIjuwihYrWXA7BajvbtxbOJbaWNXBAZhxW4upXK9CB/wABqxqEn2rwlePOod1BKk9qyTVzVp2POiK91+DS48JzH/p6b+Qrwsivd/g2P+KRlOOty/8AIVWJ+AxpfEehZIcVE/cH1qVjg/Son6D3NeedA0U+PrTMU5KYiQnCmqUyPID2q6DkVHNMkSc4zVpCbMG6tmRSxJFZH9nySksxOO1bUkj3s+1R8oqS7h+z2/A+bFaxdiGjlr25FufJj6jrWeWLncTkmlnybhs9SabjFdUUYNi1MhwBioOp4qRFZiAozmqYiZpCwxSxwyPwqmr1ppkkh3EYFWri5t7JDHCA0vTJ7Vm5dirdWZbwmFfnIB9KaDTHd5ZCzdTTgKoVyVTTgKYtPFADh1p49aYKd2pAP7UCkB4paAEkbETn0U/yqlpH/H5z12EficD+tWbk4tpD/s03QEZ9QwOg2kn8c/0rSnuTPY7dcLGoGcD1rgvHN7Jb+G72SM4aZliJ9Ax5/Su8c7YPoD/KvNPiLKF8MKneS7X8gG/wroqboypnL6Sd2mwnr1r16xUR20KYwUQZ/KvIdBXdZWq/3mI/8exXskY/djI5Nc8fjYYh+4RX+TYTgdfLb+RrAaPy7K3UD+AZ/KukuE8yBwO6kfpXP3hCrGnoK6kcCelhNOXM7fSrerkrpU2R1AH61V00ZkerOtDNmiZyXdR+tU9zSO5csl2WsSgdFA/IVO2OOpNNhAWMdcDtUnAHbFMlmbqxC2MnqRipbFdtsg9hUGr82xXHVgP1q3bjbGoI4xSL+yOY461jat801umerVtkq3XNYl+wbU4V7AE0wjuTOQExntVSQbSNpHIzziprhgo69qjFk8o3HJxxwKxqOx0UYnN01uhp1IehrgO05i+fZbTnGeCK5qflI/pXS6iP9Hn/ABrmZf8AVpXRDYzkRR8ZqZcEgetQx8Z71Mv3hVskWMZH404jrTY/un6mnEVJSEIFNIFOPFLHG8r7UUk0BuMVC7BVXJNbVhpwiHmSqC3YHtVix05LdA0gy5/SrhUVjKd9DohTtqyPntQC1PwBnmjoayNRhLH8KuXLkeFbxT3Q1VPrU102fDl3/uGmtyXszhj1r3j4PceDX/6+n/pXg5r3j4QDHg1j63L1eJ
|
||
|
|
}
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--b0aae79f-3a6a-4ba5-8b21-375bb3305efc",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2024-08-27T08:58:20.000Z",
|
||
|
|
"modified": "2024-08-27T08:58:20.000Z",
|
||
|
|
"description": "to fix your trouble try download this fix, i see it in another issue,\nhttps://app.mediafire.com/3ag3jpquii3of\npassword: changeme\nwhen you installing, you need to place a check in install to path and select \"gcc.\"",
|
||
|
|
"pattern": "[url:value = 'https://app.mediafire.com/3ag3jpquii3of' AND url:x_misp_tld = 'com' AND url:x_misp_subdomain = 'app' AND url:x_misp_resource_path = '/3ag3jpquii3of' AND url:x_misp_host = 'app.mediafire.com' AND url:x_misp_domain_without_tld = 'mediafire' AND url:x_misp_domain = 'mediafire.com']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2024-08-27T08:58:20Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "network"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:name=\"url\"",
|
||
|
|
"misp:meta-category=\"network\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "x-misp-object",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "x-misp-object--8a154039-951c-4924-9980-7b8e7e8afe7a",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2024-08-27T08:57:45.000Z",
|
||
|
|
"modified": "2024-08-27T08:57:45.000Z",
|
||
|
|
"labels": [
|
||
|
|
"misp:name=\"virustotal-report\"",
|
||
|
|
"misp:meta-category=\"misc\""
|
||
|
|
],
|
||
|
|
"x_misp_attributes": [
|
||
|
|
{
|
||
|
|
"type": "link",
|
||
|
|
"object_relation": "permalink",
|
||
|
|
"value": "https://www.virustotal.com/gui/file/973af24203f9944fb0c37899a0a9c951706e7f2181aac186774798c799f6832d",
|
||
|
|
"category": "External analysis",
|
||
|
|
"uuid": "f137ab85-4b2b-49f1-96e3-ca6d8e42b848"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "text",
|
||
|
|
"object_relation": "detection-ratio",
|
||
|
|
"value": "0/63",
|
||
|
|
"category": "External analysis",
|
||
|
|
"uuid": "59aac99c-49b6-4e4b-82ea-a23cb3852e4a"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "text",
|
||
|
|
"object_relation": "comment",
|
||
|
|
"value": "zero detection as the RAR is encrypted with a password",
|
||
|
|
"category": "External analysis",
|
||
|
|
"uuid": "52c1a1ff-191f-49de-93af-106af2b31ce1"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"x_misp_comment": "7edc546f741eff3e13590a62ce2856bb39d8f71d: Enriched via the virustotal module",
|
||
|
|
"x_misp_meta_category": "misc",
|
||
|
|
"x_misp_name": "virustotal-report"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--3dc26a75-5d39-4222-afd4-a986fa130172",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2024-08-27T08:58:39.000Z",
|
||
|
|
"modified": "2024-08-27T08:58:39.000Z",
|
||
|
|
"description": "7edc546f741eff3e13590a62ce2856bb39d8f71d: Enriched via the virustotal module",
|
||
|
|
"pattern": "[file:hashes.MD5 = '6f998e5ccf82a79bf8bd9c24687f917f' AND file:hashes.SHA1 = '7edc546f741eff3e13590a62ce2856bb39d8f71d' AND file:hashes.SHA256 = '973af24203f9944fb0c37899a0a9c951706e7f2181aac186774798c799f6832d' AND file:hashes.SSDEEP = '3145728:upS5FUYLngdnQHkUzLIj6iykdTPqw5sObgp:upeFBDgdkIO8NLGOQ' AND file:x_misp_tlsh = 't1da3833f08ed45f37727851ba28913bc89a25b99f2c7dd7170e3d8892488e24d19f1a73']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2024-08-27T08:58:39Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "file"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:name=\"file\"",
|
||
|
|
"misp:meta-category=\"file\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--09db0c2d-4b96-47dd-a090-e2f11d65f2cb",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2024-08-27T09:08:04.000Z",
|
||
|
|
"modified": "2024-08-27T09:08:04.000Z",
|
||
|
|
"pattern": "[file:hashes.MD5 = '01b8c89eb83646a038d9cb368e686bdb' AND file:hashes.SHA1 = '5f217b7ec06fb5b96bb9f5c9def89f368b98cc58' AND file:hashes.SHA256 = '40c823f1d6c00f1ea2482833d7c45773b6830cc812f5352aff102df63330aea7' AND file:hashes.SHA512 = '6e5d7272088391c423feafe947310c049125aea22a1857b9f732d3d323cd11ab1c838fa1e056629f0882a91ec05cd33ac6f3cf0ec4bdb0c039f5a8416c7975d4' AND file:hashes.SSDEEP = '3072:3uw4AsOzMKuNIlQ/mciPffLHa1d+Dylq5YQooYJoT1jUWXYCJzVaXlZX:3N4AqKQmUmci3fO1d+/dPYajw7' AND file:name = 'Win64.exe' AND file:size = '244224' AND (file:content_ref.payload_bin = 'UEsDBBQACQAIAAJJG1nsDEFewKABAAC6AwAgABwAMDFiOGM4OWViODM2NDZhMDM4ZDljYjM2OGU2ODZiZGJVVAkAA3SXzWZ0l81mdXgLAAEEIQAAAAQhAAAA8U6G4AJChzs3K5G+luBJ2lax+GKt43s4zkSBJIONLvUGu4fEmpDM8KjDCAVpXIcj3LYvjJeH+Dyd3F64hVvu8pC829PyVnhfXrKZVO10oTlpmzhOL3VLTGeko35SHIwvqvAnfXPVFS0Ejj6sGyeROGshxa9VYUld+40OcAas0TBv9AVXS2yC7Jh0byRY52WMc2qUd7JfD2OimVPGN+HKuhS2aoAKv1dwgFw8ABzYz9L2sXzRDewUOuZ2pQh+UkgMdDQxADdLqN18w0JjavkIjN+O2hlPHVD23BVp5VpgiN6qDmCSvTzadQYnOLmBBxH35O/E85s1jJNirElEgSKqBBt9XfabILzOTdmCb6Jq0UcGnC0nu7TNA+1SCiDk3rOV4p3/jLPiq4e/EJP2MZRJY8v/FSxXICPO+hLuWQOdbDxAxbYOLdRpJP4wT8MP3s/jufPWNtjSdICvwsGq+Xmz0hqSC0GdctOQ6iTCIpGW+ZmY3cIZqeeuHe8BPW6w/AXrx+UvQ3kJibbTEJ17vkKWzCjXMYlVf3vV1YrPaCBC+fR2elPBDCV5t+3VMfmAbUBy196roNtfukdq/Qhjtb1N4Mq+29lHNrD0WDtPhY1dH1x8kAUnKJ5fJ2nGiL1CcEgq9UTewZsqM74oiWiVQ/v9ARBA/1YFATHRzzrbzd95tiRj7Wb0dB7IYAElL3CfnvQnKn0rFWkoo9bkYo3IwJaj9ZN5hYKwILpoB/6LM7wcQFY14jHUCEM+YyuCJs/MXDjov2FB3NfR753h1wpkmeyDKTWcY2aHRp33gzs9d1djikPrKC1mnrSWyzAJSs+qyGASpVqRSnkL19hdVp1S3yWvk1/syoFa8whAp62LEZmV+PhaPIFOxsLNTr6mdV7m0sHSfCgpDrU6I0PGWAMSoQWjYYBum+FExbSPT9ENcQWmV9/K9sS7LWh6AYYnl2gMOkp4zfXSGD4LiMDxcLf1zzonmBRiBOG13PIfq7cbxG3001zhH70QnJfz189I+WWecdAZ40uyDalNoDZHH0rPVxuwI/AsWWhCs7tEOolBAs106EON0/lrX8ANmU+Vp1J9kx73XKrbnFGXzmpHYdtoUBkgreneqR2X3MeNjrv5zu5OVbTN7vYMU9+/sFmpp4NWKigIHlJp9bw7D7H4hZAIbMwEt+vGJFvffb5n24nzl+nkAsaHk3LzArBxZtxHb0qmt9pj+6f5/FdHcbTVTbL8oMxj5HnerUWQsJIcf11rDgbGcVht4a92BI4aw44Tt98G6D7XnG87Yv4jGrwgdLJKPtHWmJ2J1/1A/RaqJPCTJm8jVrgNALLIk9L3J7d7pzTWy9MNLG0JrWSMSown0rmOsfXleDchUG42wZDORCW2UsQiI2QgXNa+3Gi5tYo0h6AhzleS28V99/TlaBfXJQcECYscyQh51O8Av2yoKIKaQ1L3C2U7UKPhfJdgUY/qx8gi7qa592eDymVptdVj7rF2aFnr2CD6R7uPWqVCvX0LSgXyqQtPzfi+gJaLab5tigdRFpUApjMZFk/umDmzp4NT+PrxWmwRd36GS52sVLCL8p3xABHiJ4wAv/Zqv+50hY1y9HpxE143DjdoVFm9xh7Io3INZ/41nyD6mnsx4XsRByNdtj55o0QYbGaQuHgW1yVVM01dKvwNZ97G2EyP5hplTCMMzfRQvMh3aakTK7POFbe3FNRoxXlr11WR96HZM+/khlD/ZXKAtW2LWhT3IWZcps9YdDH0X6EUibc2rls6cY7y89QC2WMFJUy7v5aqNsF3hDSokBXVqYJAU81hxdpi7CooU6LNXZvAAVxGnpLANrCwaU08Twlx6s/zLuIDVbslAdSUAXibziJzCF6QmsvKzuNnD+exSeu2u9+9KrQ9Tjui+TcSh98o9PpG+YS5KEs1PhC8uy0s8hWkh39Mb3ioyagsmTZkMvPzynVxaqGxGSNnMJscmIzYF/hjT3ri+HoTw54obOMSZM6j7K5b0MgqDXrmm0FOV1pMEqsOXJFHDTL2Rh3QwCqaplLUynhx9Ygp6Nt8GpgjcngPlPrkUUaZBr77mFN4Frnmp0XL4yO6VVOhWAGr+Ef4AxibYMF4ZPfv6VRMtu1ZaMMWrs4T+sKC4rMk6c5J8DS+xvlmaEfrvGOsKMJ1W54BvZ4QTnzlYlvPRMYtyn5h570APcJ1Um7CZrQ2sGGfesvoqFpScxceBRJpbbBoZwJnu3+bbe3za0emcOI+iH0M19eoz5UI1i4F9bsM0xFErSI40Q43sCUSeRZMG4YB4xN3jTg8kzO4pEYcpQcHgUDZWzwceKTLjogVqkgzLm88Y5Vlf8lVML9lrLmX29I8K+D0Xf4Dy+b7KKaW6WIEy9aIUhVHw22LkVC/vZGsqDV70ZkC0xJ3oze3i+gwNOfcnNs0tM+2bLEZWKyuT1bOHLRLo+q1eCbDGpL//oUOLym8A0WuH7JK+KConFKsvKAiHwJduoqfQyF6C/rP6qtDM4mhU5G9oqK+eHoAznXxGfzWQYT5wNc+hni3xIm9lby29jA2ZJz0mXhQhZ4/4e1ELzdwl8vG4jkPTS//PhwHEQjUIOLfmx/+9HgSjRJSkUJU4b6f5JQo/tH8QBQleRiFWYnwEh9LH9fd7TumfO7FHLHGNTwFCiaytdnMg4hLcPCb4BmThCYGP4C8jCFi5tAgAmvIvf+Bs4eJyGlqiMjzPrNTWf7LuXw/GeZQTxGprXj2taNbzaPh9AQyL3JUwAFvRKIyCYjQLWTqh/0z+7TTyKDr/uX7Ac+bByx7e7MqcpZzB3xWjSFTdNhYW9q4Bb4P17v3bPs4F7zKCOmrohDp4Ch5bUvcgOE/betQCB32M2NNVhXgKuhOX5sr29/e7feLysl0TaVDJfSahRLkfxIwr5lzv1z8uda71cZh/sm4yn7qIAM4eP2qGwpK0TzygpVuD8HVuCSYOF8HvW//Ga8b4PMX6hUdZE94KBVIK0ARBH1d33PWN/TnqZBJttODlj5nJdFHVt2dWru6J6H9uEn713f3tx4iyucMUxBAmX6ttM39npf4QdZWDK9u+fxVezFW/Qf5fRhsY7i8mRcl7gld+KiZdV78Qkermw0HWQJaOK02riLBJW6s42jDwYG0kAHlnAN8ImeXP853md2BgT5MWm5u7wBtetUF/1gCaIqGjKTktQ1ZYGKiQCeI73ApuIhES6KgIEDa95wPm25xUYUWKulg5ku7Cc2qj9u8yP3UO+cCMnFs7OsukJb0n1iruzwzABbHEVW3aXikWWP90ETtlJi8o6yvFRyj6eriu+JebjH1repWbDI7ttuO+5xwgg1ijgbzF6T3D581eiDfECOYOwZaR0+oqIiO7u61KinGkQnawLhIf
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2024-08-27T09:08:04Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "file"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:name=\"file\"",
|
||
|
|
"misp:meta-category=\"file\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--eec6f067-731c-4d51-9df6-a24c6518facc",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2024-08-27T09:47:04.000Z",
|
||
|
|
"modified": "2024-08-27T09:47:04.000Z",
|
||
|
|
"description": "Download\r\nhttps://www.mediafire.com/file/o50xaz6wgtazqnx/fix.zip/file\r\npassword: changeme\r\nIn the installer menu, select \"gcc.\"",
|
||
|
|
"pattern": "[url:value = 'https://www.mediafire.com/file/o50xaz6wgtazqnx/fix.zip/file' AND url:x_misp_domain = 'mediafire.com' AND url:x_misp_domain_without_tld = 'mediafire' AND url:x_misp_resource_path = 'file/o50xaz6wgtazqnx/fix.zip/file' AND url:x_misp_scheme = 'https' AND url:x_misp_tld = 'com']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2024-08-27T09:47:04Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "network"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:name=\"url\"",
|
||
|
|
"misp:meta-category=\"network\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "observed-data",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "observed-data--f5fa41ed-e37e-4739-be1d-f5fd79cb2289",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2024-08-27T09:46:06.000Z",
|
||
|
|
"modified": "2024-08-27T09:46:06.000Z",
|
||
|
|
"first_observed": "2024-08-27T09:46:06Z",
|
||
|
|
"last_observed": "2024-08-27T09:46:06Z",
|
||
|
|
"number_observed": 1,
|
||
|
|
"object_refs": [
|
||
|
|
"user-account--f5fa41ed-e37e-4739-be1d-f5fd79cb2289"
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:name=\"github-user\"",
|
||
|
|
"misp:meta-category=\"misc\"",
|
||
|
|
"misp:to_ids=\"False\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "user-account",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "user-account--f5fa41ed-e37e-4739-be1d-f5fd79cb2289",
|
||
|
|
"account_login": "Wanderx13",
|
||
|
|
"account_type": "github"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "observed-data",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "observed-data--6f65c1b1-b47f-4053-8b74-80a181257743",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2024-08-27T09:46:33.000Z",
|
||
|
|
"modified": "2024-08-27T09:46:33.000Z",
|
||
|
|
"first_observed": "2024-08-27T09:46:33Z",
|
||
|
|
"last_observed": "2024-08-27T09:46:33Z",
|
||
|
|
"number_observed": 1,
|
||
|
|
"object_refs": [
|
||
|
|
"user-account--6f65c1b1-b47f-4053-8b74-80a181257743"
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:name=\"github-user\"",
|
||
|
|
"misp:meta-category=\"misc\"",
|
||
|
|
"misp:to_ids=\"False\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "user-account",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "user-account--6f65c1b1-b47f-4053-8b74-80a181257743",
|
||
|
|
"account_login": "llowvxe",
|
||
|
|
"account_type": "github"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--f0c02983-76c2-49d0-ab74-57b87b236e5e",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2024-08-27T10:04:38.000Z",
|
||
|
|
"modified": "2024-08-27T10:04:38.000Z",
|
||
|
|
"pattern": "[file:hashes.MD5 = '70fe41f4e0ba092e841fad1aafa46400' AND file:hashes.SHA1 = 'e21b9b9b981d788bfa8852154cc51c48b823b071' AND file:hashes.SHA256 = 'b1f401a32d82597d042df138825c90dd0b673d71017e16cee0f458a78a85cac7' AND file:name = 'fix.zip' AND file:size = '295208' AND (file:content_ref.payload_bin = 'UEsDBBQACQAIAKJNG1mubwWcQYEEACiBBAAgABwANzBmZTQxZjRlMGJhMDkyZTg0MWZhZDFhYWZhNDY0MDBVVAkAAx+gzWYfoM1mdXgLAAEEIQAAAAQhAAAAIKjkQ8P/674pc27zUjIaM4sjyZRwrmamIRSgyF7yCLs8LTvwfSwmvOPC55mkQ0iCJiqMTCp3MPLLxfDyYLWozJats8H3EKHMvuo1/84bq/HTtf+19uyFiP5VLiOYgcBG4jWg+ioRQz7MF1Ymsua4dKgR4V6815UF2X3OVRLArf/MC7SfpIs3wTonBtzuKFQK8gLCSzCyNB7v5dwNY9nRISP7HIaaSdc4o4GqdBW0qcU5YHO5uX12WDI44J3oivod4mUU0FRqjLSPU49p1zIFGTOyKH0O5MuOfDqVQ/RCIoK1AjW6CDjijWjICXRJP+4iluGERLZ7mJsou7UeDX4jobAM2MxDoDb4+8ngVdNTXu0ZG4rh3mZD97VcD9cUwCuuAaUptazPHn9KoFe68Qw04EtxWzkZ/uZ6kEJuDtaqtng2jSokQcOKENY65aKNeJXrg43tKfyvo+HLVVwqedZc0W1cHu0M8g6qsVklWxLB1qhYjEwX/qHAkyI7mAQelnsFWLbZuzYeXBjE2HCR5F2wrufA1yUo3zuGTfkEj693l+sdkmeaLVAjUOfj9ES/C1KVHCjezXDXWZqYKTW9pdc2yE9+HdNQ3rDawdCVhlLF3279bsXtOJychzdj1wtC2PqjDXZJjeyip5QpGCqCRjyEOTA7lfF5J/mTRtnzpw50eK/kS0YO9f1dyI8A7Mb5kDTPHK4ji63tXBnepVHQ/L6+KQ95twwBW0ORQWIp5YxjXIOQbWraNm0xwetPZJs2krI9h597zp3mikigcpXjfH68ejdbAaxL/IZev0jKZg/NyZ3EtQU9tKUaiX/P0PwQqmZhomkaPzM3AmCC8Rt69aIdSZA84vkq1UmORTHo4EZWLjY+1ZORAx9cp14jh8XAPtaiuPc8pkN9HZsbXXsjq1Q66Nn7iMs44nuGVLocwPID6+HSdgXXbQJEBPjNHo89iIS/S/L0nFLJEh9VBlIDoS6ARQF/NKAYRyyHJH1/ZKsdTjdSVkjWxmxeYl/fKudojOEv+18g5INMPn/OkzmvV70EMhMQRKd9tqGV+E6ik1kdjls+RCeD2HWB1563G/VVJpnmos7QpfKH7Ox+OxrgpsZg0WMICZEAHy1Zu8QIfiWS/AUR/wZ+iphgA5XzHO84yPYgxAT8Tj5iIZj4fzROYhjVtOhwtpSCv2bKjp3hfbYCesSjDUJs23W8ylHdUBu4NLhZJgyLqkBpkZvrMUfjJ6mNKR1cb1JT1lqZm3DJwCy6me7yXGBiKSE+5juaSxZsuXEk8Wc0h+HvkMctOQjbu1yPjTRMplW4jNDXjCR0GKFKINLwFV88Ie9yPC7u/n6GuLI4LTcDWlct8ox3XtpNMdLW5r3zWtCbxa7AmWf2D2G0wAqFrDjCDa3fOp7CWuYKJAUbbh2i7OItBePc12U5cGgyhhvOrrVukx15Qqe/eXUUUDe4vVgNVY6gd/IvU29sAZDr8HYWdlzfzmrQV5rEb5sI3IlIvF6wVyi4Asfinf3s4jH6/jp4Z0zO/WktRSC9NAObrZu+ApK/qJWPBjjLSOY0iBWKr563lcwl7FoNE42EScx9rrQRJS0cEtlVugzp/I3aCaMnbUv2HXFu0P7Xnarmo6VCBiKiqBLNeafLlDRKdtBF0KAsG6BF9zwetXD1iUEmrfMBmEEHusF/lzT4YdaEVDpHImuwSIf5vf0UH3h93vMT8wE6x1Rb3SN15HgCqNMuuQa/xYxdzSmScBUK3QcEJnFRTd809KaKrUC5M/lE5dEEgh+Nh0AxOUD6tIZa9Xgwm8l4rWMWlko2xr/hGINXYXjyVkBvc6fplj/Nyu673OMQRlWqp2d7HTWCiNaZ5M+/G3hrCgQd/OVn3OMBFVTRbOnSxW6+/OjEJLnnf6eqp2Twx67op88tlo++6AypKiXWKsYVZZxaboXYLukBCnb1zONxwVoWWK85zKUsX76VAAwkcyZXXBpxkEQXwAskGZBz7mEiUcxDyoD6XfHp/rbaXRUr2pBucwG3tFpjlDHr/S8NG2PmmodjSCvPXdP4ThukJE1Gkb2p4odHElMSOsvn3Fdgt/Rqqaxo9DQkHcf9FJnPyKLSvisQUNKeBjMDDW2o2kTSuh8rKUUhy7kaA6tMcyYbL6Ibngu5ljwrG0PBGzObI3RCJ6sZ9yHIGi/CNbS76T7RGXYZ45k+TJguuU5toFlBrP9kVHcEL2zo8Qs8MRqZ7OAe6jNwsrKVqBmBE8yxx9WPqnLyzo6XoulfdUvXay27bBPlwZtuTGJEScP9NuZrxYe6EA6TxWrfO8Ij021xlYUeBdNl0gLysSopR27DdZEOq7dxnBX4nSKG/IUDaBqeJwTllSFhtU2rJqJ4r2uiG+FLml4vo/FdPPr9VvOTB9HSMtKauTUqspKd7S1jCrtTYQG2MvUAQ2gDlxVXiuGHxazK4sCDxlWrwHXON59Kn9oeBKkrAnTWpV944ptLdCVJqOxbUT8mZcSEG1GfMKXa12BSjo+II8yJm7ISR+hRuQjqM9d+7TTS934lJ45KUCdpCFTNw2dOrBhTogr+JhW4ZuvE/WzEvL70CyFOyhi7XakCs8OcX5SpTVvpF8YIyoEu9AB9ZO04Nd8ovIh2CeAdrwwGsIOBcEpYqngvvCfIYgUJu6BNKt90ACrV6//G6soYYBUPtD1ERtz/8q2aJGY/w9W1GvP3F5kjjpCIORbKWMl85PPNC07LMrKm7SSeiJCXpBvZBUFfWSmhnk67pbhFt5AwjtSAkMH6QMEBvm3MKfoqk/56q2QVBwlkq8zQ6I92IwZyjdr23lzKxKjqdFNU609ASmtZgMugKlonhhJrhx8sMX63ehpunZATnVPUbG41yKFGFy20Rn0KBpwYnIHJ7Xxl67/ro1l/K1aX59TVn6OIzUb4VoT4KyXDv0r2gt5FqQ2pUwOLZ6hadp2iOYo4AOAxeNgHWW9tN1YILvR949jopP9E9lwOKtwDbe+xvSdjZfjPL4h5amIDXP8kM1IpFhaan+x8a+njuvvP+kK9f8ziRr9V8BnykAgRZbJJua5LwscfffjGivpztz0wKnSRKCyTKP6TobMOy+7FZ1AW1APbyPvhFbfhklk8XzbtScsyLtK+ocE56WrfK640NX+SgbjqBK5oxuVGPJs8jfR+rPcsy/IIWiFkXkFVyUPBLsua+TF1Po6NG0bAs94RE1pnfe5sq9PHOjolbr4JvOSQhcfeTzuC4JBYlovSlln1RK1jMAz/Vyp03pSY4AErVwGD+IzQz6fbQEzndwMVsWlzBwH/btvRIObhyEyPzyEpkk/S40G3idHUCk28gsBivPCh5cMPAzuxs5rMAWYCB7hFQ1GEkUDe3sA6TFBfq4XsimmBKacoK4Ekrok/o0B7pzq2Eirh1WTEdBGrTZMXykDeAGhX9p67h/5jhFcocapgr5ngxmHAiZ92gatL2V1uZ/wG3zzA1fxZNLu9unIkxDdKpavTPTHWpLw903MkxywoP6kC/J+0S2Lqyn984QDuDby8WIVRlCn4IpOIoqtSrLCmsV+HZCUZDZP/2UmWptAMMhLvlKxrROh/eSOljZ/ERwarraa+bH7DIpZZ/nnc9GOrFTPmsiRGN/ANxJiJZywV8uMu7mkidx16qoQgrG8z4l/Voia
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2024-08-27T10:04:38Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "file"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:name=\"file\"",
|
||
|
|
"misp:meta-category=\"file\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--7022c31a-7485-4207-9441-633d6eeffd69",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2024-08-27T10:03:39.000Z",
|
||
|
|
"modified": "2024-08-27T10:03:39.000Z",
|
||
|
|
"pattern": "[file:hashes.MD5 = 'ed79026082a5acdf3c0d803411007933' AND file:hashes.SHA1 = 'd7eb77293f139f688c502c4c187b7f2aa6791640' AND file:hashes.SHA256 = '3e6587a54953714ca433ba384139f03c30827c5f90a054fb10d5cd2f79f25f4b' AND file:name = 'libssp-0.dll' AND file:size = '13824' AND (file:content_ref.payload_bin = 'UEsDBBQACQAIAHRQG1nVk9XuHBcAAAA2AAAgABwAZWQ3OTAyNjA4MmE1YWNkZjNjMGQ4MDM0MTEwMDc5MzNVVAkAA3ukzWZ7pM1mdXgLAAEEIQAAAAQhAAAAB80VIp5Qh73so5/wMlsIf0p7KK68l9A0bjjP2Y/KtJdS7HrAY5b1wq4K7g3pe1jb6avUOmOsfRyqk3JcfjY3ihxEz6lTAiOf1GuURB/YRLuYGSbnMDfgCxLPBsR3c7iRaPQWWhs5bm/u3EDP9JjB6hZIcWE3E/VF13WcbdFwmOSzN5mIMUyZ/OnXiQ7K5ZpbQE9z/AY0EfGf/cuaZ5sZu49cHXAPAxyhuKvnYnnP5QZhptYAaq7OBBNTHcGvUpU/VVJ889KgKOOZUl62QsAgqWw7K605cV43f40rwGLJgksVc+c/SmeRk05nzgd7C15GiA+uu4Q+oWUn0tbG0T2qgXUim4OCx5rIveqHreFhK18BFGgZg6ItkoTyj3k+pwmmh3AXzwu+tWNyd/+W7Ln/nZpTjacDx20taus5p2/iTe1Um0XkZSwMb1EbtF13SXXH76lmhICVSjZUTOhV4Cu/NSzKoOWPo4h+rxblQv9lnfOqrGGce/UhyxGHZmDInaf1ZugzSN8Cnbqag7jDeRLGFASfzYTb7Wrb5STAxJSEHw3mEgLHRUVbJfRPevZPiKmBaQ8CRPxlky0W3cEN4hycSF8dNImXcq+s1H6b9ec4HkpOrAO7bLVm2oqhFismCUvuCqoSNlcvlSz6x9RxndpwTka8x2T5QSCo/L38RZELqD8A5zjREscj1VX5SrT6DbrAIm2F7DgvdeUTIFicAvcaWpjdPuUPxevcyaX9fCyntYM8VbY7/MtmM4SoW7iC44mJsSPfqwNO5IXFoMCHR9NmygOhBp0/TfYjgLa+cG/+mhqN/e4tQN0ZprogxNBnTJsOfqPC7dsjIlwwxxRlz3ipbywukL47vuDJQSijmlXmcRF63tWeAoIrKdd1H5aT95Ypggp7uOmpJwPIoUQaS5dvT7yYqU1TL9OgndTWHefezlEHQ6zb/wRbBd8ZgLr2RtREh9VBXCYTIPiHVhRWIIB//B0+R+v5yZOPT7KGdj68rvQujBg4jcY6xAg54b1wkM5QULjAFNOtAP4yXfCiI9KiKVxwbqA5pqpFGVn8K1YrzVAX56AjuclP6FdjNdkkKNnqz8ybtLBQO+5xADdlRt3FqPFjNAFlKiqy7/Bn7LVLbQFFP0CpPGsnYw9AJIuBBkYUyAD7bt1OXQOMn4eTVvUl+ff1Lxy8qAVMSN2ilWQSkExOcRH3122IYMgkYcslGJkOL9PCDQuKUpTRAvQDCc7kj87UKI6keOec6l3trXWVE92TmaVyhBiflXziZaAql4BwrQwtyLJC0TM2YkazyoBnKOdmzQhY1wo62xXDvQIcMUH+1DSlkYn9HeQdowCeXHniSoG0c9wKqd+y/k2PjiU3QjKzwgEB2HFpfedJf+vjrcXSyGO9Tab0AY/Pzd3mMzcgzRx4cG8Sf6piDfdnWwBDZseeBEupFWEj+CSMADyGVRFx/HdNtsCNLYJUwz8VBb5HM5iyIQwm2HWxPK3OFV1rLdZPcuIlIv3i+/tSDn58yodDvWPj/nrtPObWn2H+6yBALvWLE9zUPSB9xdOe8ZzcaUTnRKclTnqMuYu/+V164uIQbRCvEIu7tW6erhMTEakDfJ0B2U9oX8yCCaf5YQWHs2yfcE7fnUdejBEJgXPmq7e8ue1LH1OLcsIm9kAFnOATC5VWDPXK+ei7efR5TjWr7g5U2qW+rVpq+ewWzSO9z7LIBu9UJVVAOJUjpQzieHMm2fnVj6ZO5/e4IP7cCyRFvH700a84PeIivjnmVb5ushRrH63hx98K9gMZbXxLTZD0ve+cBeWuX8ibSCLRimriT3WfQc2CXSF/daTJ1psi3Z0tqFsubxr6SO9lP9SJteK2KqTqbwm/pmvSHAtOjCH2w0YYo8AK/9RavHDwx43hCQ/a+ut/RDsPRYjY0eMKYpxCjhckQMA4tizz4OQ1a4Viw7SumYzshzZ5k0XDK2Rd6ZAo0Ec9btF2Ji+KcXV27h6wUQv3wDFGFvZ2VqZvRGQ9oQj8cQRYN6ywU/ASZp4cp39WIoPxkYSOibYd/I+SkXtCwXeosJ5UDKC4XiYZslW6L0FcfEK3k4OdOS9b/+L0lkieFBxADap/nVXVcQe14LjBKcXabRq2psRM0owIjaE55fYPptcTQ6cxatI2ZiaGgnIF/IV+1ZhFSZDRmVxVsvdbJvfWhXJp3wKAIN3iyCEwMXO8zCykwz0shYMsEybiFb5+FqRXW6nnQ6vfB87omtmL2/crviGIdAiTPDkxBfmO+TQwe/rZ62699q3uBW30rL7pjzLVbKe7uIrrLZt4ehpRMLmJQ17PAloE17vSyVUVU61HlepbWJ/b8uK6suOWFa4qLfZE7S8vyX7GaNRy7BVhWYr5RQ6DeHiGhz+xQbuWpgOfrFGEGmjgcxOfp0T9QMo6xqYqXSVKADbLRt3RaT+OoTZCaIMTTxiObB0+l2251GZOk5dDl08+YBhpwNwQPgHi+xlC6GSCdNtJRJxqi7gzEI9tsHsE7ZX9ZkgIgYhKD63esc5rd87p6adDLA6mH3+buBtuCs0epH0yiNuDKCIPhbbFEqCPB6hqEYYXi57UoXekf5JqMUQse7VmqcuSJYAEQdaaQgD/wH/lI8T1nu/lwXc1b7onYrdSWhOHgQnMG8tpMEzHiWSjpvnsAJIyGew41T4At5jkGmrZkV/aLcDD7ia2asuHEPtASU0FcqOHcbpD0LRKp9nvdW7N9utv22bfRlD928SJbst1/9kO09qiKlUkBDdjJvvKIBYe7oNGU1N4Gqe9nraUM8ze4fG2iu/LS1hsc/yzdVFSwHwipOa6tixaYsaC+xD9mqjLp8EYsay4zqm1FZsdvFGm3BYWVY49jxXhijNDT8m6s4WctCk4QCRsAuyAGzuqoFli3LFlaQtOEO8677ZYvav2KZesi7KZKz1f9xGbdTRS18yJ2N6LSin6pRZj98LPaeUKHKe6vLRIxTE+1D8qUmHNteiM7s4cgiEeNZ/KOo5JetU7Uh6zThAAOrkES8xzKfdFFmGFi8foAL4d1oprdGpInfBUR2hs5k7jNitihC4smDTHIxKCg6Rphb/mqq0u93zGLawp1xSFBNxj/hKpdMWsVNFoLcCDQx/pm0ZRJ5AH57MmwvVeGWQjpo0tCihkYGCqBCY42wEWJ5ZUMQhoefTBh856I/q33dzvoegMFnN4P2By+a6IQNoaWp+Z+u9U97wNlKuuOZ3Q9s46qpN6jZ2lS+yfvGrBc0q/qxuDOhQusI3XdH5qyOLiAoLSwAdqtXy0qgWJQmcan3HuSqHvYdJFNF6Zy5k0aFZGy0DoT9WccFCKA4QEuEA2yTM+8lnr8psXoh/Ois9YM0afrHddnHk5HO9sUw4CL81A6gUXXwrJpm92GbCi3Mf65dCOES/EIL6I3NFyEy2iQ5M3Q4n/yhBpWKXLWEwah7Y42HrolRbFMH5o6jrYh0LA4R7fXoK9xWRzx179cSn3Djhu0MaIcYyDOm+PqyjNhShNKMg7w6pTqEoXeSt5Mv2dPXAsguTKsKgzvCCnC07CgqHwap/shiKh5WaAzhk11Dq/1h6DeOt8MCXi92yc6YTA47Bprzq1v0FJE3OIPLI4WI5BOiS8IzyjfgD3f3DbrKAdt8dUUGEF1V4IOp4
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2024-08-27T10:03:39Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "file"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:name=\"file\"",
|
||
|
|
"misp:meta-category=\"file\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--93750a61-e8af-4ce7-8379-01c412c92e26",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2024-08-27T10:03:49.000Z",
|
||
|
|
"modified": "2024-08-27T10:03:49.000Z",
|
||
|
|
"pattern": "[file:hashes.MD5 = 'b58fe0a5a58266e2d16703e7725a6f77' AND file:hashes.SHA1 = 'bbdfd57437aa760246c6cbfa7a97405344347633' AND file:hashes.SHA256 = 'b127de888f09ce23937c12b7fccfa47a8f48312b0e43eb59b6243f665c6d366a' AND file:name = 'x86_64-w64-ranlib.exe' AND file:size = '292352' AND (file:content_ref.payload_bin = 'UEsDBBQACQAIAHlQG1la52+ieWgEAAB2BAAgABwAYjU4ZmUwYTVhNTgyNjZlMmQxNjcwM2U3NzI1YTZmNzdVVAkAA4WkzWaFpM1mdXgLAAEEIQAAAAQhAAAA8vBcy7S3lrXxYYQ/uxY0F0DOdYsOxcMqEVH189EiCK2V5qoa303T7/rdB82G01KLnoninfqLbSiMZDmMp/nGegVwSCkbgFPCavrNj/QEqmPD/4DIL3HQc20xQluudH8OpXZ5ScLAUYmATCRP7zPiakqbo+uPikxK64jTg56adUV+EeYcAbfUn6gsQMIJ8hYM6VdH4jbNXZCxjo26cZJn3ZIdUQdveGxMPYTAv+zVygVCVzY7sOYf8n1ipK5ag+s2W0p1AFZOkp2Z2zvPCJV55aGzGzrMOuyEmQn/glnVyKQDDVR+sYOS7TEkwdLHhQLjLNIxQIohfB2uXVj5QcL6Uj/WFUs+x2tumQnKHXVbO36G28e3fQW3U1yfr3M0EUvY1oURiXmQNBwtaKK+SVjSSmIuEHKRwcqi12gnX6DQKxEWqqGUXAzA8alXp9jKPO2rSOsxLpqlzlNLikLvs6qDnQSyTDpYdVOtNYz6Oly/E31oceJWh946M6XJ+UOa2T43i++59SSOdGgrO0YuG78GH3LecCNv1O5aDwGecdFb+u2nDiIZJtTf1chDINnIcTl1JT8hUFVyb4UBXIz6OlA+KMxJWe0rbbga7Ex4yF8HdU7BOsyABiHPBE2nbW8IyKFz2zoWXK6AFJdJ/ud82X0MjA5UaRqNKlMJvulbXOUm3piaEqtIt0/Tksh86iI+pt6eL0DtL0n5ruzH5BFBN2AvVxi3qSviKAjqO8ENa5/WEg2jO5uHmjQ9tHwNaaoY1f7g0XyuFZf8eKrC6d7rDX4H0qu2tlgsyTb6QGYSRAQuO2MmalJID5y+ryEMdERIPdJlCZZaTQsSh2qWlm4QZIDSho4GjENGusqGY9wB9VBmt9yG8XP7RwNMd7CQpftDn86lRiS1lwZ+Xv8WGzAKloOUt0vggXZCUVIOVtb8PLIebQhNCQKtN/cLMLtCthVoCrzwOhXarzAmOCRu+2yAm8kYkXcMoe/11/yIZyRMoS3VBGARsT+085yc36TbCzoBtxhLx7RbWYXb23x4d1djqqIM5mMP+SQKk0OEkQ7CznFCpSMNMQQjDyKJ5D0G+J4ARv5+/uc8H7PMLcnJgxYigaEfAA1ejs9dx5f8RvFvQW+p9xquforLMSC6hrSnHRA93hCMa0zvUQCUf90jjr0aSNuZMuqJkQ3INAC/MMGjl96mK1PY3SJUtvCy6k2IbHjlR2KYLrSjcJHLqDYXX2lg1zSKEE2+dKHrsHuS+TCrSycvFEdjzWxD03cPNUuWIN8u10i7ivBEoJNIhWz4R+x9obqZ7DaE2CVIaWVQ/ZVuKJLJmyINuhw2wDDEk6rZ05uvX4wFUN9joZo0UEzFaQRvv8kp43+0FVq9ORC8WhD4nZobwa15XYEOa6oo7DanezmI6h5TQKfUcYxHdCFc6bEfcpy01NKtCr4FA1TnI9ybvbbgNzl0OqSNsupLw1jdePnOFVpsOgYAofQV7tFqrVXw5B+0H9JzT+GtObIs4x0nyV0iB86FTDDa6ugshu1P81KQVEWc3QNN1qtlp9jgkrXCDRlQLi3w42ta1GajIWNFdTaNh5CfG+ji1x5jnKC5fboUJymj5VYyWR0fm1tzPBBg3wfrvXWgxqo15ewdi4HO3IGKGpKPzjpHgkI45sn+JL6fLeC0CiQarh6NwcxUEzu3FloGRuTa+aOIChfmN0Zhu2hJtv+pvLH9+vkucRhvLEFlMP+/1QHdnZSHtBCp5ZM6A3CSyMDbCk6uPaCgNj97R7ZJRXfiEYnrvPzpqTEM0kVDmvxR2LqxUT6vFRjpqJ/pqvnvCkan178T0BDH1VWqJpd7HY1Svcs8f5gbuNemXaYVYRmGvGJ0K8Op3+r0y3OP6POQIrNcitMgAKNAP7NpMMdF6keUB1rP9ROYVgzAGnnXgEhyy5f5s9+BeCLX6T1T/HJFT0bem+f81u2baR34AjXArf5n9uE35fNZZinQVNvLkSKcEOt1ksYHV2Zdrf21HuXL5cpbPGANDf8aKWgEQkDw4am/k8w1FsrtgKVOGp0z8k5Q/B5xesDnygGK0/56J4VnEEqQrkN7qy2Kojh57pPi6zVl6mQqRd0grfntmelM9cdewxrsVoWMkM6m0+kygOOjSsgz909n8s6Ybvj9CI7B3kgsPB5BLKkEfUMsrsxfN63V/Uoyll0Ax1EPItC3/25YNC+3qHIZ7muOjlIwWHHURPDWYuPlhl8qEIu+EL1b4ge5IsI7/0a4/PiO59z1k6XJwK+zEJ1sJr3Xc/8D/R5fNKXqlSm7G7w1bBJRWVygKo2MweiM3ckVRhhJkjHNlFKWwfXJ4hJR5NeTaRMoIhTU5UmhzTh5tEiaInq4VB+9tL1Kl8aOOANVRjOk6Py2aKJjgbaG+Tr4vxGYAVuO0SmKkuu0fcRzDQ40wljMh0kSfpicdrtTPcH3hmUyo8t2qVKhj3BLJtenywEIGVn8RwdPmfhnhfmwYLcBIuOiw6so51jHnpJpb+2JmwfL/yzOapr3Mn2sxpy3tvyBheEpuxSiPUY5EnLosPRn5EQJHU3coA2fACQKjleSaxupMxIVkCTXk+NTfOMP3LVclRkbXRdXnyDJ8Do9JlPI+VDoAW4lruKRnon9485W+AK8eyzgd+t2f81wV9kG+ZWYE9RfdY2paMNCrsltGYjMtIPuK70oXfL/+qTDuje+qWQgXUaCt6geSxxVcWvi5E3CfREmS+hh6J2RBBPpj1SYp0qF9/tjkLqBzd5e6+dFmPDMVot6rF220PdIDE0MyEjhpc0B86PkYz+Jkt5PfFc0Wn2BRdCHEud+hCc7CptDuhDZZ0bS8ITHWnVa7YvnXya+GYZ8exKfNtgObtxPl0PG2KzsoaPMtIykWb53TpadKpD1d6UTvGV2cBmHHwIz6Lqb5HRgT3c6KsQrV51soCCQMQxxsEz/AjTBK8wNpQ/jCePfVCAEgHdXEo+KYg9laZMbmYsPrE+K5ucBt3CTR5uC7coh6TBPejSDAusGhfUKnuEnBsnXaKeL76XQrBBO//dKxThQ2WbS141fEf4wHPgp+V490j0aUYh8PA6TQmWgx0oNs7Fi80o3uiO2u4lFcreYn828lVuB9heuuYU/WC4CZNZezVS3CZXCjdAC1VtXOip4ZAzdF7qpUNntHXYytWjRsNehoQ0FoLWlfFH0Klqklx7eaEGlL/eZRjCWkn7GdvSuE35TtPs2VDecr1TrNgbp2d6dg0eoZFuWGpLERJlRczSocXr5H7XYR1A6aElfZ8bGwfWoYiq7h32YZA2vyzw5ZmZmQeTmFX25sKWmPx9KgNL+3EAO6dgPlT6i1aUtiz3yhiw4z5+xCmuI2pBKojBQbSCrAPQ+fL5E4b5GAgA0nAq+Wmf7dxYRvEnQ3lL/IfOCQAXTscy2XXT7CKxNDmOxMNO8K3EDFbLRwLv9h1iVZtIn3SpwZc/f73939aDZnQFPmMt1Z28E66MRcuFBxoW4+n2xoY7VpjcGu5snUWY9oBYBy543k2ual7aoQTBNW7jKJetbuZClQzE4mKOXAekl+yNN7Ql8PUFecud1xD7sIhK6tFzQ2nH26vvpqaCpuHVuXwnIXFpb22B/yBSpwTYmpUAQ6qIzqNKo2H4/g18pt
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2024-08-27T10:03:49Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "file"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:name=\"file\"",
|
||
|
|
"misp:meta-category=\"file\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "x-misp-object",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "x-misp-object--b4aa4ee7-b51f-4b38-943a-a0a1fe739e8e",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2024-08-27T10:07:48.000Z",
|
||
|
|
"modified": "2024-08-27T10:07:48.000Z",
|
||
|
|
"labels": [
|
||
|
|
"misp:name=\"virustotal-report\"",
|
||
|
|
"misp:meta-category=\"misc\""
|
||
|
|
],
|
||
|
|
"x_misp_attributes": [
|
||
|
|
{
|
||
|
|
"type": "link",
|
||
|
|
"object_relation": "permalink",
|
||
|
|
"value": "https://www.virustotal.com/gui/file/b127de888f09ce23937c12b7fccfa47a8f48312b0e43eb59b6243f665c6d366a",
|
||
|
|
"category": "External analysis",
|
||
|
|
"uuid": "e1899a28-a983-43e3-bbcf-80e08c630a51"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "text",
|
||
|
|
"object_relation": "detection-ratio",
|
||
|
|
"value": "49/74",
|
||
|
|
"category": "Other",
|
||
|
|
"uuid": "294926f6-2f56-4f58-a719-50ba0e553b13"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"x_misp_comment": "b58fe0a5a58266e2d16703e7725a6f77: Enriched via the virustotal module",
|
||
|
|
"x_misp_meta_category": "misc",
|
||
|
|
"x_misp_name": "virustotal-report"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "indicator",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "indicator--8d7ac196-23ad-48a3-a4e6-b651c410bb17",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2024-08-27T09:08:54.000Z",
|
||
|
|
"modified": "2024-08-27T09:08:54.000Z",
|
||
|
|
"pattern": "[file:extensions.'windows-pebinary-ext'.imphash = '2ca53fefee819fb338d7a7a06e21cce5' AND file:extensions.'windows-pebinary-ext'.number_of_sections = '4' AND file:extensions.'windows-pebinary-ext'.pe_type = 'exe' AND file:extensions.'windows-pebinary-ext'.optional_header.address_of_entry_point = '4344345' AND file:extensions.'windows-pebinary-ext'.x_misp_compilation_timestamp = '2024-08-27T04:27:13+00:00' AND file:extensions.'windows-pebinary-ext'.x_misp_authentihash = 'a733adc42a128b0c2f6b770066a3bf952907da545e55dcdeb94635fbd5753548']",
|
||
|
|
"pattern_type": "stix",
|
||
|
|
"pattern_version": "2.1",
|
||
|
|
"valid_from": "2024-08-27T09:08:54Z",
|
||
|
|
"kill_chain_phases": [
|
||
|
|
{
|
||
|
|
"kill_chain_name": "misp-category",
|
||
|
|
"phase_name": "file"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"labels": [
|
||
|
|
"misp:name=\"pe\"",
|
||
|
|
"misp:meta-category=\"file\"",
|
||
|
|
"misp:to_ids=\"True\""
|
||
|
|
]
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "x-misp-object",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "x-misp-object--95ee55e7-5e03-4357-ad25-abe4430fa994",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2024-08-27T09:08:04.000Z",
|
||
|
|
"modified": "2024-08-27T09:08:04.000Z",
|
||
|
|
"labels": [
|
||
|
|
"misp:name=\"pe-section\"",
|
||
|
|
"misp:meta-category=\"file\""
|
||
|
|
],
|
||
|
|
"x_misp_attributes": [
|
||
|
|
{
|
||
|
|
"type": "text",
|
||
|
|
"object_relation": "name",
|
||
|
|
"value": ".text",
|
||
|
|
"category": "Other",
|
||
|
|
"uuid": "591589da-583b-4f25-a41b-cc2dd5b7cce2"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "size-in-bytes",
|
||
|
|
"object_relation": "size-in-bytes",
|
||
|
|
"value": "205312",
|
||
|
|
"category": "Other",
|
||
|
|
"uuid": "667676a6-b0a1-4b2b-bcc1-70a19192a3f6"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "float",
|
||
|
|
"object_relation": "entropy",
|
||
|
|
"value": "6.6109726378592",
|
||
|
|
"category": "Other",
|
||
|
|
"uuid": "d579e333-0211-441f-8b68-64bb16f3b8b9"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "md5",
|
||
|
|
"object_relation": "md5",
|
||
|
|
"value": "a41258a5357d2ffd722add9aaf1ee411",
|
||
|
|
"category": "Payload delivery",
|
||
|
|
"to_ids": true,
|
||
|
|
"uuid": "1f5bccd8-aefa-4d90-afad-3f18475c5cc3"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "sha1",
|
||
|
|
"object_relation": "sha1",
|
||
|
|
"value": "402f2c0211dcf44e71038f8b55c1b54ce90e2c47",
|
||
|
|
"category": "Payload delivery",
|
||
|
|
"to_ids": true,
|
||
|
|
"uuid": "6bf28fdf-0e25-41dc-897e-fee2b128de89"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "sha256",
|
||
|
|
"object_relation": "sha256",
|
||
|
|
"value": "bd674dbf63d516a479d8225595fdd8ce45a0d5935bd9753fcefc5f39a9f325ac",
|
||
|
|
"category": "Payload delivery",
|
||
|
|
"to_ids": true,
|
||
|
|
"uuid": "11ebc97f-527d-41eb-adf9-139cc01638bc"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "sha512",
|
||
|
|
"object_relation": "sha512",
|
||
|
|
"value": "513904024aaac04d64f58d9162ca987f90ce1876c337047a0c80a328a6ed20e77d5a8e4d46423614fc05fe07e9ee5e45a721ee31a13f3b8f79bbeb098471723e",
|
||
|
|
"category": "Payload delivery",
|
||
|
|
"to_ids": true,
|
||
|
|
"uuid": "b0da2812-764a-4e37-b7bc-23340f0273d4"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "ssdeep",
|
||
|
|
"object_relation": "ssdeep",
|
||
|
|
"value": "3072:luw4AsOzMKuNIlQ/mciPffLHa1d+Dylq5YQooYJoT1jUl:lN4AqKQmUmci3fO1d+/dPYaja",
|
||
|
|
"category": "Payload delivery",
|
||
|
|
"to_ids": true,
|
||
|
|
"uuid": "bd73306d-7db7-4c7e-8f16-063988db641a"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"x_misp_meta_category": "file",
|
||
|
|
"x_misp_name": "pe-section"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "x-misp-object",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "x-misp-object--250020a0-9d77-42ce-952d-d54dc39d059d",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2024-08-27T09:08:04.000Z",
|
||
|
|
"modified": "2024-08-27T09:08:04.000Z",
|
||
|
|
"labels": [
|
||
|
|
"misp:name=\"pe-section\"",
|
||
|
|
"misp:meta-category=\"file\""
|
||
|
|
],
|
||
|
|
"x_misp_attributes": [
|
||
|
|
{
|
||
|
|
"type": "text",
|
||
|
|
"object_relation": "name",
|
||
|
|
"value": ".rdata",
|
||
|
|
"category": "Other",
|
||
|
|
"uuid": "6ae9bab5-f788-4c13-ac52-45a23eda207c"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "size-in-bytes",
|
||
|
|
"object_relation": "size-in-bytes",
|
||
|
|
"value": "27648",
|
||
|
|
"category": "Other",
|
||
|
|
"uuid": "970c6aab-94e4-45af-b189-0281b8970b56"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "float",
|
||
|
|
"object_relation": "entropy",
|
||
|
|
"value": "4.9748897647804",
|
||
|
|
"category": "Other",
|
||
|
|
"uuid": "3198f964-0ef6-42af-ba2c-09f609077c7e"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "md5",
|
||
|
|
"object_relation": "md5",
|
||
|
|
"value": "fd65a2d1ee7096cd37865ddc2b9c7990",
|
||
|
|
"category": "Payload delivery",
|
||
|
|
"to_ids": true,
|
||
|
|
"uuid": "4ea88949-3772-4247-ab0a-cdf2956ad6dd"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "sha1",
|
||
|
|
"object_relation": "sha1",
|
||
|
|
"value": "c9766716bd6ad2f4c55858e44f9c590430d33363",
|
||
|
|
"category": "Payload delivery",
|
||
|
|
"to_ids": true,
|
||
|
|
"uuid": "f922ff76-fbf1-401e-87a2-6dda28fe8ea0"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "sha256",
|
||
|
|
"object_relation": "sha256",
|
||
|
|
"value": "40a8124d89bd4794840aa206d6b7cd669b8b2118b71d4f3438ae74dc2512f9bf",
|
||
|
|
"category": "Payload delivery",
|
||
|
|
"to_ids": true,
|
||
|
|
"uuid": "b6db251e-975a-438a-be88-186e6d9cfa8e"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "sha512",
|
||
|
|
"object_relation": "sha512",
|
||
|
|
"value": "af9cda12f138f8ced041c77b3e6cb9b954485cb27fd5e1bb8f2e5fb29e570e712b204735d256ab867a350cce08cd93e324df67ea2ae6f51c1dc4e62dd6d52b6f",
|
||
|
|
"category": "Payload delivery",
|
||
|
|
"to_ids": true,
|
||
|
|
"uuid": "8315e2eb-22c3-4b07-9d4f-c9434789f7aa"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "ssdeep",
|
||
|
|
"object_relation": "ssdeep",
|
||
|
|
"value": "768:iLJ+F9JMYWUQxR1r9sWHGzcd3D9vm+7PNgcFi+p2FG:OXYC1r9sWacdzvL5aG",
|
||
|
|
"category": "Payload delivery",
|
||
|
|
"to_ids": true,
|
||
|
|
"uuid": "6fc504e8-a13e-4fbd-b12d-74eeb820ffb5"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"x_misp_meta_category": "file",
|
||
|
|
"x_misp_name": "pe-section"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "x-misp-object",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "x-misp-object--6047f4e3-ff29-4683-9ec8-09fa0b18ff8e",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2024-08-27T09:08:04.000Z",
|
||
|
|
"modified": "2024-08-27T09:08:04.000Z",
|
||
|
|
"labels": [
|
||
|
|
"misp:name=\"pe-section\"",
|
||
|
|
"misp:meta-category=\"file\""
|
||
|
|
],
|
||
|
|
"x_misp_attributes": [
|
||
|
|
{
|
||
|
|
"type": "text",
|
||
|
|
"object_relation": "name",
|
||
|
|
"value": ".data",
|
||
|
|
"category": "Other",
|
||
|
|
"uuid": "c5ee816d-4724-457e-a998-ba9307e1da1d"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "size-in-bytes",
|
||
|
|
"object_relation": "size-in-bytes",
|
||
|
|
"value": "2560",
|
||
|
|
"category": "Other",
|
||
|
|
"uuid": "8159bb7c-60e5-4c71-a482-b040b79a5f93"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "float",
|
||
|
|
"object_relation": "entropy",
|
||
|
|
"value": "2.3709432940388",
|
||
|
|
"category": "Other",
|
||
|
|
"uuid": "a5cc04f1-a982-4d84-b66b-4b13c06663ff"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "md5",
|
||
|
|
"object_relation": "md5",
|
||
|
|
"value": "a67cc471d9382ac0d18bba84b002df76",
|
||
|
|
"category": "Payload delivery",
|
||
|
|
"to_ids": true,
|
||
|
|
"uuid": "cbef5fbd-35c7-4a0f-876c-d7a53c9b29a6"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "sha1",
|
||
|
|
"object_relation": "sha1",
|
||
|
|
"value": "de3381c0c541ddd20412cb36d2812d67c87aef9a",
|
||
|
|
"category": "Payload delivery",
|
||
|
|
"to_ids": true,
|
||
|
|
"uuid": "66c72067-20b2-40fd-b05c-24890fca8933"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "sha256",
|
||
|
|
"object_relation": "sha256",
|
||
|
|
"value": "84305cb7dae956248cbaf30cd944ed380fd1407c2c90143f5683b8f632a43295",
|
||
|
|
"category": "Payload delivery",
|
||
|
|
"to_ids": true,
|
||
|
|
"uuid": "71ff8ded-44cd-4b70-9370-45684f47c260"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "sha512",
|
||
|
|
"object_relation": "sha512",
|
||
|
|
"value": "ad0c95a3ee98e2c2a270945fa76fdaddab1fcc1bd1c52e206032bd3550f13fe8a2e10252ff039b8f98f1e2f18ed49a0ec0b8a9f0ed216d1d2a39c069c9a183bc",
|
||
|
|
"category": "Payload delivery",
|
||
|
|
"to_ids": true,
|
||
|
|
"uuid": "8cde47b2-91eb-44a1-b90d-8b1121813c90"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "ssdeep",
|
||
|
|
"object_relation": "ssdeep",
|
||
|
|
"value": "24:ncd/v/v/v/v/pZE6uSkeKv6uSkeK8hBSqu1AKihu:clHHHHzETk4Tkvkpihu",
|
||
|
|
"category": "Payload delivery",
|
||
|
|
"to_ids": true,
|
||
|
|
"uuid": "f7cf9219-444f-4cbb-944e-117877956b93"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"x_misp_meta_category": "file",
|
||
|
|
"x_misp_name": "pe-section"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "x-misp-object",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "x-misp-object--055ebc84-93ed-411c-8ea8-9164f9d63eba",
|
||
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
|
"created": "2024-08-27T09:08:04.000Z",
|
||
|
|
"modified": "2024-08-27T09:08:04.000Z",
|
||
|
|
"labels": [
|
||
|
|
"misp:name=\"pe-section\"",
|
||
|
|
"misp:meta-category=\"file\""
|
||
|
|
],
|
||
|
|
"x_misp_attributes": [
|
||
|
|
{
|
||
|
|
"type": "text",
|
||
|
|
"object_relation": "name",
|
||
|
|
"value": ".reloc",
|
||
|
|
"category": "Other",
|
||
|
|
"uuid": "dfa7a784-c338-4602-8cd8-b766d68e5898"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "size-in-bytes",
|
||
|
|
"object_relation": "size-in-bytes",
|
||
|
|
"value": "7680",
|
||
|
|
"category": "Other",
|
||
|
|
"uuid": "b46bc7b1-f326-46ef-84f2-be5189ab06af"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "float",
|
||
|
|
"object_relation": "entropy",
|
||
|
|
"value": "6.6712439836418",
|
||
|
|
"category": "Other",
|
||
|
|
"uuid": "ffaf4207-a235-49ea-8ca3-7cf5627fb0dd"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "md5",
|
||
|
|
"object_relation": "md5",
|
||
|
|
"value": "6bec76fa74cae31e4bfaaeb033b78a78",
|
||
|
|
"category": "Payload delivery",
|
||
|
|
"to_ids": true,
|
||
|
|
"uuid": "a1a8bbb0-f001-4bfb-95f6-e5b507e265a0"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "sha1",
|
||
|
|
"object_relation": "sha1",
|
||
|
|
"value": "afcc960b5bb522c9c5a4fdad794d3232b060f46b",
|
||
|
|
"category": "Payload delivery",
|
||
|
|
"to_ids": true,
|
||
|
|
"uuid": "5fa6e6d2-8bb3-4100-8246-b3da4271a789"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "sha256",
|
||
|
|
"object_relation": "sha256",
|
||
|
|
"value": "23ac2026e92ab90c47980bd8c15e5bca21aad13d175a008ac1c8e741df816ddf",
|
||
|
|
"category": "Payload delivery",
|
||
|
|
"to_ids": true,
|
||
|
|
"uuid": "01bc68dc-5c8f-415e-9636-bd06ad95b0df"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "sha512",
|
||
|
|
"object_relation": "sha512",
|
||
|
|
"value": "94159c5cba2f62d71aaf11eba9926efb390215591aad3fb0bf71fbbe74c071522ca57a0fe89a2bb292e2a163d5d5d312981e4e4fa382efce2dec05293b5a5373",
|
||
|
|
"category": "Payload delivery",
|
||
|
|
"to_ids": true,
|
||
|
|
"uuid": "1dfe7b87-78a8-446d-91a6-8f8b9d29eb38"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "ssdeep",
|
||
|
|
"object_relation": "ssdeep",
|
||
|
|
"value": "192:Q7MOry+JIn4ad94s+KmWLfCVWMTHZnblPb:I5y5z94s+Km2C5DZlb",
|
||
|
|
"category": "Payload delivery",
|
||
|
|
"to_ids": true,
|
||
|
|
"uuid": "dd728689-3646-4f6e-a853-b54b1a1de9cd"
|
||
|
|
}
|
||
|
|
],
|
||
|
|
"x_misp_meta_category": "file",
|
||
|
|
"x_misp_name": "pe-section"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "relationship",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "relationship--9908db26-491c-4ec0-a496-cc0db51ede9a",
|
||
|
|
"created": "2024-08-27T08:59:09.000Z",
|
||
|
|
"modified": "2024-08-27T08:59:09.000Z",
|
||
|
|
"relationship_type": "mentions",
|
||
|
|
"source_ref": "observed-data--df23d3be-1179-4824-ac03-471f0bc6d92d",
|
||
|
|
"target_ref": "indicator--b0aae79f-3a6a-4ba5-8b21-375bb3305efc"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "relationship",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "relationship--a518967e-78de-489e-b9b0-8a12d642044c",
|
||
|
|
"created": "2024-08-27T08:58:20.000Z",
|
||
|
|
"modified": "2024-08-27T08:58:20.000Z",
|
||
|
|
"relationship_type": "downloaded",
|
||
|
|
"source_ref": "indicator--b0aae79f-3a6a-4ba5-8b21-375bb3305efc",
|
||
|
|
"target_ref": "indicator--3dc26a75-5d39-4222-afd4-a986fa130172"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "relationship",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "relationship--4a471ca2-4045-4968-8e66-87174b37d3b8",
|
||
|
|
"created": "2024-08-27T08:58:39.000Z",
|
||
|
|
"modified": "2024-08-27T08:58:39.000Z",
|
||
|
|
"relationship_type": "references",
|
||
|
|
"source_ref": "indicator--3dc26a75-5d39-4222-afd4-a986fa130172",
|
||
|
|
"target_ref": "x-misp-object--8a154039-951c-4924-9980-7b8e7e8afe7a"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "relationship",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "relationship--97672ed6-5da6-4ae7-8792-8b89a25b62d4",
|
||
|
|
"created": "2024-08-27T09:47:04.000Z",
|
||
|
|
"modified": "2024-08-27T09:47:04.000Z",
|
||
|
|
"relationship_type": "contains",
|
||
|
|
"source_ref": "indicator--eec6f067-731c-4d51-9df6-a24c6518facc",
|
||
|
|
"target_ref": "indicator--f0c02983-76c2-49d0-ab74-57b87b236e5e"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "relationship",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "relationship--f6ca4614-99a5-452c-8e4d-416e84709c10",
|
||
|
|
"created": "2024-08-27T09:46:06.000Z",
|
||
|
|
"modified": "2024-08-27T09:46:06.000Z",
|
||
|
|
"relationship_type": "mentions",
|
||
|
|
"source_ref": "observed-data--f5fa41ed-e37e-4739-be1d-f5fd79cb2289",
|
||
|
|
"target_ref": "indicator--eec6f067-731c-4d51-9df6-a24c6518facc"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "relationship",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "relationship--18fe53dc-89e4-4c0d-9d4c-22e6dcab3587",
|
||
|
|
"created": "2024-08-27T09:46:33.000Z",
|
||
|
|
"modified": "2024-08-27T09:46:33.000Z",
|
||
|
|
"relationship_type": "Acquaintance",
|
||
|
|
"source_ref": "observed-data--6f65c1b1-b47f-4053-8b74-80a181257743",
|
||
|
|
"target_ref": "indicator--eec6f067-731c-4d51-9df6-a24c6518facc"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "relationship",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "relationship--efd36caf-7d75-4f36-8aae-0bb23ed76916",
|
||
|
|
"created": "2024-08-27T10:04:18.000Z",
|
||
|
|
"modified": "2024-08-27T10:04:18.000Z",
|
||
|
|
"relationship_type": "contains",
|
||
|
|
"source_ref": "indicator--f0c02983-76c2-49d0-ab74-57b87b236e5e",
|
||
|
|
"target_ref": "indicator--93750a61-e8af-4ce7-8379-01c412c92e26"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "relationship",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "relationship--792d0e06-603d-4bf9-a13b-93ccd69c4279",
|
||
|
|
"created": "2024-08-27T10:04:38.000Z",
|
||
|
|
"modified": "2024-08-27T10:04:38.000Z",
|
||
|
|
"relationship_type": "contains",
|
||
|
|
"source_ref": "indicator--f0c02983-76c2-49d0-ab74-57b87b236e5e",
|
||
|
|
"target_ref": "indicator--7022c31a-7485-4207-9441-633d6eeffd69"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "relationship",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "relationship--52e6b398-1114-4e67-b564-d2e8d4c11e20",
|
||
|
|
"created": "2024-08-27T09:08:54.000Z",
|
||
|
|
"modified": "2024-08-27T09:08:54.000Z",
|
||
|
|
"relationship_type": "contained-within",
|
||
|
|
"source_ref": "indicator--8d7ac196-23ad-48a3-a4e6-b651c410bb17",
|
||
|
|
"target_ref": "indicator--3dc26a75-5d39-4222-afd4-a986fa130172"
|
||
|
|
},
|
||
|
|
{
|
||
|
|
"type": "marking-definition",
|
||
|
|
"spec_version": "2.1",
|
||
|
|
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
|
||
|
|
"created": "2017-01-20T00:00:00.000Z",
|
||
|
|
"definition_type": "tlp",
|
||
|
|
"name": "TLP:WHITE",
|
||
|
|
"definition": {
|
||
|
|
"tlp": "white"
|
||
|
|
}
|
||
|
|
}
|
||
|
|
]
|
||
|
|
}
|