misp-circl-feed/feeds/circl/stix-2.1/4dd5ab8b-f4dd-4d69-9873-745dd8196b94.json

2162 lines
1 MiB
JSON
Raw Normal View History

2023-04-21 14:44:17 +00:00
{
"type": "bundle",
"id": "bundle--4dd5ab8b-f4dd-4d69-9873-745dd8196b94",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2020-10-29T17:12:55.000Z",
"modified": "2020-10-29T17:12:55.000Z",
"name": "CIRCL",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--4dd5ab8b-f4dd-4d69-9873-745dd8196b94",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2020-10-29T17:12:55.000Z",
"modified": "2020-10-29T17:12:55.000Z",
"name": "Ransomware Activity Targeting the Healthcare and Public Health Sector",
"published": "2020-10-29T17:16:19Z",
"object_refs": [
"observed-data--e8ed65aa-592a-45ec-b196-1b0c1691145f",
"url--e8ed65aa-592a-45ec-b196-1b0c1691145f",
"indicator--bd941932-ac90-4601-8409-10e3503352eb",
"indicator--df0412b0-20bd-4f3e-a6a5-96163d3a46f0",
"indicator--a9fa2fee-1f3e-4005-8794-67dd692f2bcc",
"indicator--49b67fc9-c80b-41c6-b775-d90d9f7afbed",
"observed-data--78b4e579-efca-47ce-9976-09679fb608b8",
"domain-name--78b4e579-efca-47ce-9976-09679fb608b8",
"observed-data--14e059ac-3e14-4f38-987e-117a51a92f94",
"domain-name--14e059ac-3e14-4f38-987e-117a51a92f94",
"observed-data--cfc4d6fe-aff7-4ef3-bc0e-3d9af364a148",
"domain-name--cfc4d6fe-aff7-4ef3-bc0e-3d9af364a148",
"observed-data--fe185fbe-a117-4afa-acc4-ceecbff4e21c",
"domain-name--fe185fbe-a117-4afa-acc4-ceecbff4e21c",
"observed-data--debf720a-8aff-41ce-8d1a-b2eaa16e775c",
"domain-name--debf720a-8aff-41ce-8d1a-b2eaa16e775c",
"observed-data--e886f5b9-0b27-46b2-800d-8b2f5e3fb9e3",
"domain-name--e886f5b9-0b27-46b2-800d-8b2f5e3fb9e3",
"observed-data--f1a39259-b44b-40c0-87fe-0eedb6f8aa4c",
"domain-name--f1a39259-b44b-40c0-87fe-0eedb6f8aa4c",
"observed-data--19f7be79-61a6-4dd0-8206-b7cf9654c0bf",
"domain-name--19f7be79-61a6-4dd0-8206-b7cf9654c0bf",
"indicator--f30840fd-4dd7-4060-b255-0696fd7f30a6",
"indicator--453c92d2-b801-497c-92b8-80128c0e13a3",
"indicator--7895dbdd-0b55-4934-8464-39492814759c",
"indicator--0b9b6e76-21bc-4cea-b477-d13cba119cb9",
"indicator--519fd5a6-0028-42c7-9d27-ece7ebd38147",
"indicator--cbec37bb-c9bb-471c-8238-0a925aa633bf",
"indicator--d2b2cfec-65d0-498d-b201-ed5065badc7e",
"indicator--2dcdee70-2bf8-438e-a664-1c882d2984a0",
"observed-data--514a0357-fe50-4aff-ab00-30c627a5d58f",
"file--ce6530ed-14e6-5b7e-9713-cb3c0a18f0ba",
"observed-data--41d3b2e1-81c2-4c49-ace8-98e8b040a5ab",
"file--af2825da-40dc-5bc9-9e27-c8bfbe2ed99e",
"observed-data--e1461615-ebab-47e2-ac5a-051652516fb7",
"file--9c65557b-b248-5809-8354-23611300f1d8",
"x-misp-object--8e71181f-d0b5-4f70-8649-ca49186d6a73",
"x-misp-object--f4d243fd-d0cc-4291-9f6c-23f7d9010f53",
"x-misp-object--ec9e4c0b-dd07-4f4f-9a59-e29185e95015",
"x-misp-object--387d11bb-9594-4c6d-a113-32e869d193c4",
"x-misp-object--080646bb-ad2d-49d0-af0b-8b45e1a669d9",
"x-misp-object--22818e90-f9a9-4acc-8d3a-892a49138fb1",
"x-misp-object--4eaa6d85-7fd1-41a2-ae7e-6e35356e62b5",
"x-misp-object--1a683a48-3a2b-4e23-9bf3-ff147f81c7c7",
"x-misp-object--5c1b581d-6404-4eaa-96c6-f3e0075bcbad",
"x-misp-object--762b0e45-f3a3-4166-8b15-3a709565b2c1",
"x-misp-object--ba247d9b-6233-460b-a4a2-b8e5e33db725",
"x-misp-object--d06622bc-83da-486f-a8ec-d13a099f9594",
"x-misp-object--1baf4488-d4a7-4697-96f5-adaab26fd82c",
"x-misp-object--670e5a03-ff66-4e61-8bb6-6a054d9095c9",
"x-misp-object--050c7b9c-4024-4168-85b1-f97902fe2936",
"x-misp-object--954fee15-e83f-4f4d-9f5c-a2f8ccb3a875",
"x-misp-object--0f22fabc-a2d0-4eef-84f4-660448755f0d",
"x-misp-object--970305b9-a8e2-4c41-b13e-baedc1fcb2d2",
"x-misp-object--dabfb04d-bde6-45e7-ac84-2682f064aabd"
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"type:OSINT",
"osint:lifetime=\"perpetual\"",
"osint:certainty=\"50\"",
"misp-galaxy:ransomware=\"Ryuk ransomware\""
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--e8ed65aa-592a-45ec-b196-1b0c1691145f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2020-10-29T17:05:32.000Z",
"modified": "2020-10-29T17:05:32.000Z",
"first_observed": "2020-10-29T17:05:32Z",
"last_observed": "2020-10-29T17:05:32Z",
"number_observed": 1,
"object_refs": [
"url--e8ed65aa-592a-45ec-b196-1b0c1691145f"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--e8ed65aa-592a-45ec-b196-1b0c1691145f",
"value": "https://us-cert.cisa.gov/sites/default/files/publications/AA20-302A_Ransomware%20_Activity_Targeting_the_Healthcare_and_Public_Health_Sector.pdf"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--bd941932-ac90-4601-8409-10e3503352eb",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2020-10-29T17:06:03.000Z",
"modified": "2020-10-29T17:06:03.000Z",
"pattern": "[domain-name:value = 'kostunivo.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-10-29T17:06:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--df0412b0-20bd-4f3e-a6a5-96163d3a46f0",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2020-10-29T17:06:03.000Z",
"modified": "2020-10-29T17:06:03.000Z",
"pattern": "[domain-name:value = 'chishir.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-10-29T17:06:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--a9fa2fee-1f3e-4005-8794-67dd692f2bcc",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2020-10-29T17:06:03.000Z",
"modified": "2020-10-29T17:06:03.000Z",
"pattern": "[domain-name:value = 'mangoclone.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-10-29T17:06:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--49b67fc9-c80b-41c6-b775-d90d9f7afbed",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2020-10-29T17:06:03.000Z",
"modified": "2020-10-29T17:06:03.000Z",
"pattern": "[domain-name:value = 'onixcellent.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-10-29T17:06:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--78b4e579-efca-47ce-9976-09679fb608b8",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2020-10-29T17:07:12.000Z",
"modified": "2020-10-29T17:07:12.000Z",
"first_observed": "2020-10-29T17:07:12Z",
"last_observed": "2020-10-29T17:07:12Z",
"number_observed": 1,
"object_refs": [
"domain-name--78b4e579-efca-47ce-9976-09679fb608b8"
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\""
]
},
{
"type": "domain-name",
"spec_version": "2.1",
"id": "domain-name--78b4e579-efca-47ce-9976-09679fb608b8",
"value": "ipecho.net"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--14e059ac-3e14-4f38-987e-117a51a92f94",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2020-10-29T17:07:12.000Z",
"modified": "2020-10-29T17:07:12.000Z",
"first_observed": "2020-10-29T17:07:12Z",
"last_observed": "2020-10-29T17:07:12Z",
"number_observed": 1,
"object_refs": [
"domain-name--14e059ac-3e14-4f38-987e-117a51a92f94"
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\""
]
},
{
"type": "domain-name",
"spec_version": "2.1",
"id": "domain-name--14e059ac-3e14-4f38-987e-117a51a92f94",
"value": "api.ipify.org"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--cfc4d6fe-aff7-4ef3-bc0e-3d9af364a148",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2020-10-29T17:07:12.000Z",
"modified": "2020-10-29T17:07:12.000Z",
"first_observed": "2020-10-29T17:07:12Z",
"last_observed": "2020-10-29T17:07:12Z",
"number_observed": 1,
"object_refs": [
"domain-name--cfc4d6fe-aff7-4ef3-bc0e-3d9af364a148"
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\""
]
},
{
"type": "domain-name",
"spec_version": "2.1",
"id": "domain-name--cfc4d6fe-aff7-4ef3-bc0e-3d9af364a148",
"value": "checkip.amazonaws.com"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--fe185fbe-a117-4afa-acc4-ceecbff4e21c",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2020-10-29T17:07:12.000Z",
"modified": "2020-10-29T17:07:12.000Z",
"first_observed": "2020-10-29T17:07:12Z",
"last_observed": "2020-10-29T17:07:12Z",
"number_observed": 1,
"object_refs": [
"domain-name--fe185fbe-a117-4afa-acc4-ceecbff4e21c"
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\""
]
},
{
"type": "domain-name",
"spec_version": "2.1",
"id": "domain-name--fe185fbe-a117-4afa-acc4-ceecbff4e21c",
"value": "ip.anysrc.net"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--debf720a-8aff-41ce-8d1a-b2eaa16e775c",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2020-10-29T17:07:12.000Z",
"modified": "2020-10-29T17:07:12.000Z",
"first_observed": "2020-10-29T17:07:12Z",
"last_observed": "2020-10-29T17:07:12Z",
"number_observed": 1,
"object_refs": [
"domain-name--debf720a-8aff-41ce-8d1a-b2eaa16e775c"
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\""
]
},
{
"type": "domain-name",
"spec_version": "2.1",
"id": "domain-name--debf720a-8aff-41ce-8d1a-b2eaa16e775c",
"value": "wtfismyip.com"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--e886f5b9-0b27-46b2-800d-8b2f5e3fb9e3",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2020-10-29T17:07:12.000Z",
"modified": "2020-10-29T17:07:12.000Z",
"first_observed": "2020-10-29T17:07:12Z",
"last_observed": "2020-10-29T17:07:12Z",
"number_observed": 1,
"object_refs": [
"domain-name--e886f5b9-0b27-46b2-800d-8b2f5e3fb9e3"
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\""
]
},
{
"type": "domain-name",
"spec_version": "2.1",
"id": "domain-name--e886f5b9-0b27-46b2-800d-8b2f5e3fb9e3",
"value": "ipinfo.io"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--f1a39259-b44b-40c0-87fe-0eedb6f8aa4c",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2020-10-29T17:07:12.000Z",
"modified": "2020-10-29T17:07:12.000Z",
"first_observed": "2020-10-29T17:07:12Z",
"last_observed": "2020-10-29T17:07:12Z",
"number_observed": 1,
"object_refs": [
"domain-name--f1a39259-b44b-40c0-87fe-0eedb6f8aa4c"
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\""
]
},
{
"type": "domain-name",
"spec_version": "2.1",
"id": "domain-name--f1a39259-b44b-40c0-87fe-0eedb6f8aa4c",
"value": "icanhazip.com"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--19f7be79-61a6-4dd0-8206-b7cf9654c0bf",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2020-10-29T17:07:12.000Z",
"modified": "2020-10-29T17:07:12.000Z",
"first_observed": "2020-10-29T17:07:12Z",
"last_observed": "2020-10-29T17:07:12Z",
"number_observed": 1,
"object_refs": [
"domain-name--19f7be79-61a6-4dd0-8206-b7cf9654c0bf"
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\""
]
},
{
"type": "domain-name",
"spec_version": "2.1",
"id": "domain-name--19f7be79-61a6-4dd0-8206-b7cf9654c0bf",
"value": "myexternalip.com"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--f30840fd-4dd7-4060-b255-0696fd7f30a6",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2020-10-29T17:07:45.000Z",
"modified": "2020-10-29T17:07:45.000Z",
"description": "Anchor_DNSmalware historically used the following C2 servers.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '23.95.97.59']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-10-29T17:07:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--453c92d2-b801-497c-92b8-80128c0e13a3",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2020-10-29T17:07:45.000Z",
"modified": "2020-10-29T17:07:45.000Z",
"description": "Anchor_DNSmalware historically used the following C2 servers.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '51.254.25.115']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-10-29T17:07:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--7895dbdd-0b55-4934-8464-39492814759c",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2020-10-29T17:07:45.000Z",
"modified": "2020-10-29T17:07:45.000Z",
"description": "Anchor_DNSmalware historically used the following C2 servers.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '193.183.98.66']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-10-29T17:07:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--0b9b6e76-21bc-4cea-b477-d13cba119cb9",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2020-10-29T17:07:45.000Z",
"modified": "2020-10-29T17:07:45.000Z",
"description": "Anchor_DNSmalware historically used the following C2 servers.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '91.217.137.37']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-10-29T17:07:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--519fd5a6-0028-42c7-9d27-ece7ebd38147",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2020-10-29T17:07:45.000Z",
"modified": "2020-10-29T17:07:45.000Z",
"description": "Anchor_DNSmalware historically used the following C2 servers.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '87.98.175.85']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-10-29T17:07:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--cbec37bb-c9bb-471c-8238-0a925aa633bf",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2020-10-29T17:09:32.000Z",
"modified": "2020-10-29T17:09:32.000Z",
"pattern": "[file:hashes.MD5 = '19a36d6f300a39a4fa4b02ec31e05405' AND file:hashes.SHA1 = '8c98a1b82cc925c3a2de77a07f25452d9083d26e' AND file:hashes.SHA256 = '52a1ca4e65a99f997db0314add8c3b84c6f257844eda73ae6e5debce6abc2bd4' AND file:hashes.SHA512 = '5ae63a270bf6efcf1e7d0b9d43ddea6592703d3e1ed5bea39c292bb999fe5f5c084f9f0fd930397b5247d425846a4e2066fc31a69d9b71381fedfc0fd7bb797e' AND file:hashes.SSDEEP = '12288:hjaid3A0naz9n4K75nxz6yNmBdD1zuVvOePD8+:gidQ0nVK75np6WmBdDtuBl' AND file:name = '52a1ca4e65a99f997db0314add8c3b84c6f257844eda73ae6e5debce6abc2bd4' AND file:size = '439296' AND (file:content_ref.payload_bin = 'UEsDBBQACQAIADCJXVHLAAvtIZsDAAC0BgAgABwAMTlhMzZkNmYzMDBhMzlhNGZhNGIwMmVjMzFlMDU0MDVVVAkAA0z3ml9M95pfdXgLAAEEIQAAAAQhAAAAfd58vMx9F7adFFmsAMBvaOfegMPf0TXkKy7koYwas5+U6u3oacyQTbW2pHIM45fO8lHednDumlnNrDHplF20GI7kZ/1smTUrdvUQSpWrAHZp9xtVEQbBYt2+SjRy8GIiIwe2T2xtMd0SccoQN6ch1wDuvrqJcMiO86hOXjFEtAWZwrpu2eA+nS4UXUl6lkXlvb7Yya++vX3u/jaXqQWRj/KWlhRtLAS1OUw+uBHZn0AjI313glPGUu/F5yNbVaWBYpXMtvz0NpzrIKOEQf8S7NbzxubrTkSMVm/KtzV1w0kB0/IJuKesU3CfHBJ4nQumd9FMPvMtLTleyYoA3TuO47y7KJ43X2NOXQhRxarsRAE4oGMPqfDTtmKrcPMg+bt62Vyd6ugdqlfkgXZFCqQIxzBE4qz/QLwz8AXdpNZK1d/i3BFnsBdh9iLG2LQWLAXOSWj6iCK+AnnxjpeVccpU6uG1TPbJx9uLGmnbpYiZNesLb7u1YdIVrVk5amjUf9E5SgsqGxa+kRFXowslLwYBYMhmrSyDp4Fd1ZJiBblZtMvHVhAIiyY5DRQt4uqtkAdJrQFPAGp1Mi1Um+PPiN2IPsFgPse00v5BDil6k2xj0RL3WpkQsyLLqBZE9EUhbjf3RIWTbXnx6wNwTKRtN2rqhcAvgSI6+y3UHd2Bfs7VLfQ0GoeP82t5zzNEqbjQmg7bLu+XhdQqpah0QGnbj+W6Et4wFyi/5SED1SSFJz3mJh8+keX0NU35q7khi3xqY0UaT1fwm2K3qKTwL43TK9kuwqdl9pMNTbleO4JoXH9Kor4VYnQGB8ZoLexGZvmbX3+bf5IXpNrbgmrqBWFzLrpXkdwEB2a67MDXv5iUmWJ0kfF2SBpoMEtWjfWX9gutGvFwwd+1hh7emcwwc+gmUST0xPsJP0yVJxR3eFCbJW+Fg1D/Ds1My278prN0vFcL68am6Avlm3f65E9grM0SjdfBR1augMLwpJAaPD+PkThM32h9auZLklKBoQ5QxdIUUzYqtc7ZkTJR5iqehEveZXg5jEAV3QPOAD3uIXA5DHvWtyGXCQlZJ2a5h21MMzFXGK6MaPV9X64WOF2qkwLpxm/UFqZIMOkiibGOq4f3+b1qT3o/uguEivkNfz8dMNtgWUc2wvKdxiHDS5MYnHtQjeDkiizcVN1FUPehZMX7A9e9W9fmCd2crq2xdP08w2UvYBX5jeJ50QZICWoeWyM+MOuDcpHQ0yYH0YLw1oS3zmt1ed6boo6EjW/YJp2aMTQu1RerGJV397BcG+7QYTMCZhVM7B6pbDKw1PNt6CgP2/AYfi5ERa4GRMIN7NmTbHqTL7p6xomEdKn1JC+jZj4loHkDxVqBNVoJMDDBr1WCGGMULCO04O+JNothkaa37OYDW3550q89PHB+g3CgKZaeC0U0DhxELdgHH97rPDt6uLDXdYbctVHDequeg5Lk1KI4+ukHzz2UmlD73EhE1rIYBB9WRcd+5VB7oKqd8WnUFyRHoYZIhQxgKEYbpQdMuRLB7brCdE+M3HGj+D0KGc1QeGKx76fVRsgp6blbEKn2cokD7Twx4ExlFBE/emOlBLJvjoTC4BEsVZyHtJ0xg3o/i8lgznDoGNjQJiIWmQoD+xMnlrYNZ9lk10nOVZ1DVokg2oh2iX3VZT9ZSh8bS8zSb3dO3yz1vkU660GBSyG7nCqcMn2Wj89pJccnQaxFHNY0aodaEDiuWoFq0h6418UEncQIEY7EOaWdcKHVo+2WTOrdn51QiFzjEaKfu5thxCWov2C9EWw8Bs6fXFoyNM/rvpeliku7eC5ndr/aM2OcQQiW+4OG/ukCQd/ZY6GMqAmRz/lXoEnkl54MBzjZ3liNTEr5v7BusbiYKhPVHy4kOaBIVlLdgzW92ERaTdLnnTetNrpd6PsHmTwCAhapMr9KjTuDPc8NrtcNxfyQ3RhKqq4IHHZI9X94WrpJl1TdriUi/w5CGBMS6ZuHjll3RPo48vrg/BZ+XdnHQ5MqzOxb7lZmFx6PUd/RKWjolMpAfUh1Dw/g5d6ys8mXNk1dqdZZiLeoXE6arbZ37W1L8gS8tw5bDS64V9/CSdSAlAXh7wZusDlLY0pu45UmYP7rDSkZbPrQDT5MxSSdWh07jHMfX+gWCHsF3A+zrWSVTjbSF2xaPc3pGlSVii5IxuUWfjf/a9jI2NUJdUkVozoSC9UHFK/IyKMAorwI9tdqiTWso7KU4NNn/qB/nFWctE6I5PtctouqBlGKqNzd8qWh82iWwygnF+SwhIvPaFqxI/tJTWOSma4pm5JAxvrp8ScrjNz6DxyvfGFyulPZF6YMIjBgqo8aHr9WH3YF7tN7swSvKRbbRZAfRsJ2g6lYpAb8DJcKnnoey9yCJ0jZ5Kjau63AuGfaziK+n74hX5AOMJS+Z5iaBLjq92mVdXaAwsGxe+165q5LRzmyDyLsTq6G+iXffY2rtpN0b/kQkPVlqUVQsXRrUKS+bkZWGXQ0wOUSvYBFgJW6Hk121+aqfY3qTPQoryxdEEZmRuGNGP4AanrDP+PzNFgrhnR+3iQZG+bA7QlCnmt0kG0H5qDsnHADYQAJL1F8D1OGakJTCicjjaf6dZga20IQ6RlJidJ9zVARjKyUT00Pc0Yr8yR3fKKup0KL9dCP0XprokU6Ujq9FkCQRsUJ0kQrlzWmuCmgt5Kj8Q8GtR5Qzvlrcl41QzHQ8LXVek3ldmGweZfoDvE8XfvSVWGyV7vKaYNiaOg6k/Invos9Qn7Cp2OuYl3p9TP+9b30nSRihn39kaIDqKaPOQDlqIwkz7WozLwpofzKeG85F6pPvLcECUFGllL5Pl17JZ4N1o2rcAhDw+8ZR2vtB8/SCB7GzjnJL8Pyh7QPWOooJSEdG5had6ExG7HjlNhT9vnRKLUdgivEIfgivDFT93IhDELhox4Lzo7oOG5NCDxLxMlitVVxYltw2WifM7w9Xta3Bof2hVjYw7dOyIIZta3BkGGSZsYl8iS3cEl2LtUsQ1NOtVqOKX0RMcSOZ+LwIArG7ikx0LqwQ1T/B1QiZItu+GX5p+RxEBBvKtlpO2XqVHj8hAVEAVNwais1l/jNaqfslrKCoNf/gxejD8tGaZVLKn3uJofoFRgBnOtXI9XfYjbM8TQebGyGqobL/4mqdBYLdad5OL06i3NvvO9dlAsA/Jr8P+PV87SU3wb0SvhG9vA/qHtUNiR16s7KwVf8P6gvFEuYrAvpYPcu3Oy9ACfRsWpbjb7fTQsgNou7Q6iZ2mqWG6dHe8sjI35iYvUP20k1F2JEdzzUH6O51exnBrZatEsjqgfQyQfxfxQQAOHqW2o
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-10-29T17:09:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--d2b2cfec-65d0-498d-b201-ed5065badc7e",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2020-10-29T17:11:30.000Z",
"modified": "2020-10-29T17:11:30.000Z",
"pattern": "[file:hashes.MD5 = '64e0ad30c95db4ecd8ef0c3f8c2a86a0' AND file:hashes.SHA1 = 'a6c8ce5f6db05cee6d144780a9c15822f86e9e76' AND file:hashes.SHA256 = '7226219330a9bb9da14b7f056be6cab2e42e37a4a19fab6dfa626094f6b57c55' AND file:hashes.SHA512 = '076035f2d2f2822adc7303fe5f89752b645745cb4bfab18ef1ed0fbb38d28ed7e008cdd52d1ca0fb178982cf1b1767faa2be0ba449c6cfc5079caa37cd615fda' AND file:hashes.SSDEEP = '6144:HRTFhPSF8Paki5jVsOmVhk1181pk4Me9dSqPUNPjHyOOTZtJbutWE2d7O5GwyqUd:xTFhayJhDDzPUYhbvAiwgf8Wf' AND file:name = '7226219330a9bb9da14b7f056be6cab2e42e37a4a19fab6dfa626094f6b57c55' AND file:size = '456704' AND (file:content_ref.payload_bin = 'UEsDBBQACQAIAG+JXVFyZEYBE8EFAAD4BgAgABwANjRlMGFkMzBjOTVkYjRlY2Q4ZWYwYzNmOGMyYTg2YTBVVAkAA8L3ml/C95pfdXgLAAEEIQAAAAQhAAAAbi/4GWziOFMXjiJiYWZPufm+kMCk0yiY736RrNmehInq1MWL0q7SZuZVlgDaPQyiIrVb0iKvTQWfAMSo+0WNKv5xx4Py1zAgnqK9qjMJWpRyDS2R6AE74s76JxibYpE9Bz3coYJOr7NZBCElXbndgHyzGfxNrcNIROp47AJE+g2efTJw8dxOrs8mBblQh5oT4/ERiTKyaGfoR4JbwCzwc3yyRtIEN6lfKcKTiPoMVxeUBiAIblNqK+CYJVXxK1Juvft2Bkaas9IIXovjhVxyBiMaaYKXNAo9LRWJiSKB4HAmQVdSKCHI6RAqmTcqlfPwg/mHMRgexNT9WnMZERyTGcnIZPgp1aWxK1rimFc/2Op1UGO/awZs0oKvidHSwNUvoq2X5jGnHEOZpqlCmkIsXMfZJOhDPYHINg3ZjyA84J3y3nHBw6hIbBQ7rMkyMkM3R6TQZCobfqU9AC3yLnW5P60yRjOscpiLTi3LQ38cfH2bjL+p+dPjmPJC92w5zkldw+sbi8RzprF0r5UNItX3EriRMJxkECHh/LPyv/RODNR90e5wKkLF6dWqPrLYgfpzYsShm4yOLja53+5ZGgUj9DN8//ldvIe6RY0VFB+yC9bErPU1AJ97x7GfM1i+2rJiG5QMgWmJepRZSt5qrkwpeUVQjLY836JMz3IqI51NcOPTLNE9MDtnDl2N7qpwPpt4y6NF9cdLJjlDKTZ6Tx27qRBpIngh6rIrUDQZgVDslF9uxyhtz6MRtjcAtUeUR9+oWiM1gT/LcvD5AgIpECy43joiELrepmoVKL/4Dq3dLK2UhBbkULA9lEqrIH43a+uDYaU7Ka8BoZqwyOF8nu4h0Kf+dQ+gVtiqzCmgKzjefOMpRcIIHeGKlPvAuz6OI8pCH0b5fdcdFnOdd/JEgWlyb9Xoblb6nQOfT7xE5FKBhzut5BLbv3y9DXT7imH+3rKGsN6LrjWuP3untoPfDpJ4u9J4OaI9lnNuMvRL5GEASsLmrSHDRNtDNvEyBzf59WnJNfID9d0HalcLgvpj00u67HR9fQo9dWQ6vcM8keEeIWs/PPL1dyzRGFDSv6nQXFXNm52adcTGQFHuZ0GMqJXgbe0CvIt835S2z0AdmMJyuBIphba8fe98osXGhcO4t8H1whcCLm6RWSdRu/Yf6ZoBTLCK7sR66zaZa1z9WnD8rAZtNXHz9l/9xBfnWFehMhsi6HuWtZxesipcSLJumZpjkm2qP+x2FikSXZv5nmoqwKTbQj6ehjXS37w1F0kbyJrwscg/DDMoLT2x9Q9SiHsZ2xpk/PmtTZrGQ9+IPvK9JaypHzU4CGw6RUeXKMAP6AoZeDuIV8QG/mvo63gzER+iBK/pW7qf63jWHvCzIhSpXkPlUKDvPpWfjik3EkrGW9E1hDfOczROiIyBkcQzTuuoajYGRgrNvGxlg7bsUL2FCDT9zBcCOkReQmlHISF46KXd2ndacsxv2TpiAZdVCp0wl0PTgs9lkcAu1+p4jt8MgHV/wOaANlSGu6PoqgHWUz4PBfhn7rUjz7/giEXj+H9HYHKW75pw+yqED9ztcw6CE34xUJzksiUFo+RBt/bPR4sX+QLdwn8m1xCb3Dtp2ZlFZrNVYMYFixd7WAV+Jpxc4ymOxhwTlU3TflMH4e+dK+zeBkxAI9Vjy68A2+5Mlns659ebIuMIf9WnE93EEuUOSj/9geBMqwus/+VaaKEri4hrsrc1PPYg9sni5WnMAow2sWJHWjw7rR71bv4PhZHY/YInQnnXXjFbu3oMnV31rRmDhXrmh/4V3qJjiWj4JGpkhgALMdhE0xiWju60YEVn+32UI2QY2Y0RwfyjPDJZ8rEzBXmHZdIhEB7yULwGMmjncTKkoh0SGTmZN4CXcWuWtOy7NWncxBwf4nqu9AbKTi/Wm0afLlw2a0PH6JFsp35gcPGWilKNE1xnIBcWZZFw7RYOO99WhxABnaYY0Osf/TiF1nkCW5Kg8cP6mNO8e9NskYxne5GQ3YeinFdO5+1uIg1ZHP0kspamBkJuXGTxSsretbNV1JKRe3bqOKgwlwDNof6DhfCJvk1XeckQMG6wdWlMXzNCOjB/AFOicxwHdklHczur1X6Bt4ZdeqoJtSYv2h428adZIhusIw7brRn/9zU6X7qKEeMnuUSsC0qlWraQnmLcDh6iBQYPfCFnFnYnlqkmZX27B+Dt9OFwIK1rCKRrEnx7GDhZ2sE+jDR+Xlpj72jUDcr8uSD3yKIeBt1UE7aqh/gxW1j99qeTHNY9A0OsDddGDoaDyrxHYQxe1u8EcQuIZejeJnMJen+MbTOBn9/KsBCCLkMPLquZ1kmgxcJJ7xRI7RFAJyi/7qCz9k/e6ooPIhFS0CbSx1WsnG4yuX1qwYI8CPn3nG5+DDFynyb2EKYGZpzk59bTbcoUieo51wnbrKxNCn1QaQacNShLP3P+waWIyH1biIc335rOuuyOMJxrTpusjv7GXIWjMTgisHNld6lGaUfudcAuP63EOL7oo9Rx/+ZqgL4JQKrhZJI0cf3JuS+D9sjECv3hov2HltkcIJTa24Zrp17545R7GmqU7zhD7HMnu8XntHzL5Y9bIle+ckWrnmear+yKENL0OibBawHjWcTE4B/zOz3SF/XfFzHRRmIZ5OiS6g0hWQPw9eoCaBHmdO22YOqT7Z9NnbuxUvacLu28foeWmH+lIKsg/OKhwxvMybRJI/WREXQwXAxiRo9N4I1aoRPgzA7ajsTsveOFvTAH/2vJXTELnUGznxqjP7hTV2elyDCJlLLA5os/FZfmlD7BnEKjv9yKEM8HKFO32OEr5h165MvpwH1h1UeaEYpUod6OXdq1UGg+nyC6TFNFLPmqMTlxJnJUUVQt6h/xNYxKjiN9RnAmSWM8/jMUFCMI4XD5dWcVn3UDaCGLseYkTZk2bBaHtJT5uvBlfG3rDNAfmoCiW3RUa5xscpuZq+BeCb89ibzUzSL1AUpnZ6nz3KclGKlb25WVt1p0LfrGraXOkidD3QRkv4WDYLORSKCUH/HK94AkwFjncTK1CiBLuU5UZRr/3aCgdY9ijntCb2j9d+kwlsMp+1mW73IlYhf2tmsOGxNgI/KOeG0jGTtw/w+sMPjrzzg1F+3Pxb1+nIvh5BNPvEJWkOtdOqZXUzf+bAmSLIwufAx94mg9B6oN0OE5Dtllp+Gd3y5KFFNN1oSY6WuE+GiKM8Mh4wH+rKfBP+qPAtKuUjcYQK5RJ0nAb3tim7m703clLNet65a9pIX91uW0MLORpYp4Jd9fKcfpy02VQdmnlu2P09DbGZ7
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-10-29T17:11:30Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--2dcdee70-2bf8-438e-a664-1c882d2984a0",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2020-10-29T17:11:32.000Z",
"modified": "2020-10-29T17:11:32.000Z",
"pattern": "[file:hashes.MD5 = '999f5046d3b65438ab0b46c51a04568c' AND file:hashes.SHA1 = '3cbb5953a299a95ef49fc0a0fb31e8fea63f3099' AND file:hashes.SHA256 = 'bd7bfae5915ee878f1f650324f07b5f567a297a3f8439834654e39d8268c5f0e' AND file:hashes.SHA512 = 'ccc9a45f617942eb7fd8db89cba571fdd359dab98435f8c989a45f4082bb5ed712a2775bb5bfa59f3b560f8d0cab15f45b375676aed84c85a79ddb662b2d7033' AND file:hashes.SSDEEP = '3072:jSff7ZHL6xD6Ww18AI7IKu3uK8HRvbMEaQlV4yOsjfC2dc6Id+usLKh84x2Y0pzF:WfzZHL6B9lXud8HVCu6y++nKn2t79ptB' AND file:name = 'bd7bfae5915ee878f1f650324f07b5f567a297a3f8439834654e39d8268c5f0e' AND file:size = '194048' AND (file:content_ref.payload_bin = 'UEsDBBQACQAIAHCJXVGlCLuampQBAAD2AgAgABwAOTk5ZjUwNDZkM2I2NTQzOGFiMGI0NmM1MWEwNDU2OGNVVAkAA8T3ml/E95pfdXgLAAEEIQAAAAQhAAAAHvvxfdOnSQ0vvSVN5fhVydyTZ6eYHfE3moR6JumNOldz6fsqK7N/L1gwcPUoU/cBw5DY9QOnJm81ElG1ImM1Ig9CFszAixTWlX16kXBYStz+QcPqGE5/qDlA0wwvOA7nSMvTZMURIUHuYscNinEn4bVc9uL5Rsq5jdpgoeJCYtS9ppVpxfLH0ef8JnOxYnx9IyYCHZNmCSZdp2D7NoxEIeDV06MC8YnyVgW3FPY/KoWhEgsmmcVRD8sQd9bJifc6xGdQJ/a3tbQhN8BUHzlCLsmjRtVITZbdYryeuSbVYU2zDk0JMxf2nltyDHyIsenLgiSeFPVqllebt3+0HDP9OmLqcgZQdSaLBuvE6pLMdlWnWL/b+Y9/C1ajyxwTOiiY+CQB4U+RFLgBnXk4wZZuGj7jf5rEeev5x9j/dGUNhRqlLi3NRkfoP4c8HH9mtUlVJZX30nP7d/idtm1dvUKud1rh/49vbQVjKZrlKCnUa/7cmT4WCE8gaSAZaK3F84W1mSnyzd24z951IIAzXxaG1cU42F6bG+1a7NoezUvVvWia++stFtK8psLqhRGYKbxVrlSZB5HIIcxEq070f9kzYRJZu1yjHbYwBvw/+jKYHW6m/ielosTTc00TVKcllPdhNUgMDhIvBr9R7k1H9eoGWfaevWRgSt535GkOUqXwiLfCAWe97WGy2P+7iXTboxEZJVgu07k2beOEhcEpHq8WWWRtgzUps4V+shccAj0XfZFEpgeV2FNj5pqFH+eV0tluo3R6hXFTU6+7Nk3g320U7S9Rvo9qWd5AvyJT3b71svadOKsFvF5GRso/s5eRdk6OPddrvz8bUixjQemlKdYT7vHuw7p2FI53xpDMA138GJSK+YKdGojBaXkZOxQkxoJVrOPQnGnvLR1JVpAS43AgZRFyZ3MkJAOZ+tArU7YgF/66rv+J/2051oMcri+pvmwI5/Usonst0evan4Id2DXk437ap4JQW1AraGj1JxnQ9/JV9i6linpSFhA0spTaX2IsrrbMM5KsnL7KySXUKBQpPfYxEJTTvi2tuo3ner1BSfYCr+RHpY5KwEMpPQ5xkwGrjSHQbVcb34d7s0D16q7L/6PPLH6VGEfQFcHNq+oLwgPC7FkPvVsyu2UXrRmbN1AQ1N6KlQVqG467GeE0zuwM7GAxjij/YPYY8ImnneYU+vWA/O8/T3ix9OuPhdbjaSGYaZkw61C+657uCTmBmqR0gpf37HsaSHwXVyA4kFKOku9KbyC52g1/tFianUi2NsiICFcCiiUVzdt/bk8zY5IhlkwtJD6SP3d3zMRWhDNOEiv12EWidl7XKLa8oFMc5rNiF1ngCA11+9FDPOAKEyUyw/wwHBTGf93djJW6xClgm5zJkWVZU5FaVfAi5r7/vZCKQwFc3fs5iJy3OdC73O1fe7nXuOQ3JsbRn2oOJ4uo1tGYdI4114GphcqvH1z81+I41xlGvXtTXPKywkSW/jBXvKLONtf2IMUS+Wqur92QFfLZ/7weI17cmGTq1Gu/6kAjMYK++unACwBaF6kQvUghouq0Fwgphti0Ajh2tcGtgtINlaV9hsA2lqTGcdNODWsEL3Zs088HLbEbk9D7PTgWQNAOjEFg8iVso6JEG58Gk5VpXTVUIauCw3wdw/EIKapMMkfixtclNzt5j51YRNPRQBniQkshBtZDYU/O8411IgSmY2xROuWJ04DpDhfiLkipDt3XPlBVzdpv0ypGsPzrxOod2BSG0qttM9IqVhsQgT4mZZKM5vmYQdk01ix6hZBhc0nPXAj1IbO9M4uOIpufv2kuHHk6HtK20y4Xh31sC927D6Y/TmrOIq3QRgjt6JBhJoEZcMmVVgVj6pT4OEfhICTyqoYVaKGqbVUmR6ksumoLLCu/S7XuDgSkc+uaQ0mxOMn177h/nrMlv7PP56LuLpruV3S2ywq9BsKShUmbwtpFbu7EKLO9lWvuEscOTv94w5MPYTkbmqz8USCCQ3aIRw67DXHRvK/tErRrGLs1bavSo6s2sx2UEZZmOEGIJCU0BOXdz4qX5TvHTLIvN9MGIV/nRRM04muKTvk1/Vk1T8OBQp9CXEjgo4a7u5SMbQVysQY81bCl+001inTLgrXWROVKDK6v/dlQxRDCsyY9g9oVvQpNbS/tVaLqEWq1+tivsx3qSbuun1SOZrwI9S66ESCKS3WSfpeyxe3joqJoL1NqwQtwtcFTtwDn3eltUio5pOHTDTWQB4bA8aiqRmdnzB0AaYv+BHTjLwf+RKn9db4f2AVAwmDVmpjGD2HKCt/XLfOpFs1FG06rSFNWYTlaSJS/SqQ/gBvefr/YU6ssQz/WefYQM2aMeXHSaRjcvXdueLb1dJPC76Dq33QHQlkl3+YqpdJSIJY4OSUPLu5dcCz5zRJ+fSiHtwQjrIsb+0JXE8t1jhixOzC0WfZwZmmiBLRQEHv7CswHpfvlwGFdr30zFpZtdaT7i0KT2nrgzpllpv5r6o+HlIwOFXD3shAFyWU028WV5+A82+35GHRLd4ruiDybIE+E+7fpm7WmYfjVjvXnIp+tOxniaHxbXrdq7LoZ2/5B5OQmowJHkRcRW7ak8X+P3ybCwqVtFzbhaQqVIoVcjw1Yx+pk86ZqsRtUejKk+x+lAXerdjCfQzQDwtv4MqO5/DzmEo/LlDWn+SOsABtrpOM55lRf9ChkvIXc/o+js92tnmZZiwpjmdkL7+P7ZDOGpOt2yu0/16em+EJdaZYzz6Ys5fiGwuQ7ov0Hs7qdOsTv/0rW6dwIZzt38d4FycZ7WOJDwDuAwdLI64WcAT8yZ1BfJVmtx8KSVopalIT1j/2i8rtccQYlhM1Vlvp1krjGv1njXh2U5XZqcwE5DXxK8o3rY3YHUudyiMACPM0zvmQkAnh4T7VRuNUq7fzE6HMUBm9+NLiwkCNmeW8uD+6BysCj/IAz148rsCeJSAtGP0mYKEtTdtD5EcTlXVeOt3a42G3D0H4foHHXvxJzBRCRHv11x0zsvnTJABdhH8lJI7JEqlawuB9qGve5F1y6D4a9q5ggTCpqn6i/gSvfySSVwcqDbhblBWNfXdb2Eg2xIwtcOIwCD3k+VW6S62Oz9e9d1MpA/Ig1e/wR5OiCbHeN6lY3bLa4l7YqzqUfnWkm5wuVn6J6rNfY7ji1DV7Op5jnk56G1/VBS3R/nZFg4ok8m0ZY6pc7TWGS/k3hgjpHfl34TvyDmSAoeqlWEOmH3EV7nreqUkTJMtHI5EPozdrzUv0HJP8aFOV+Agd86aGdpMJCl/PTqJdu1yuE9A6a
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-10-29T17:11:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--514a0357-fe50-4aff-ab00-30c627a5d58f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2020-10-29T17:09:32.000Z",
"modified": "2020-10-29T17:09:32.000Z",
"first_observed": "2020-10-29T17:09:32Z",
"last_observed": "2020-10-29T17:09:32Z",
"number_observed": 1,
"object_refs": [
"file--ce6530ed-14e6-5b7e-9713-cb3c0a18f0ba"
],
"labels": [
"misp:name=\"pe\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"False\""
]
},
{
"type": "file",
"spec_version": "2.1",
"id": "file--ce6530ed-14e6-5b7e-9713-cb3c0a18f0ba",
"name": "",
"extensions": {
"windows-pebinary-ext": {
"pe_type": "exe",
"number_of_sections": 8,
"optional_header": {
"address_of_entry_point": 4211218
},
"x_misp_compilation_timestamp": "2019-07-26T04:33:36+00:00"
}
}
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--41d3b2e1-81c2-4c49-ace8-98e8b040a5ab",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2020-10-29T17:11:30.000Z",
"modified": "2020-10-29T17:11:30.000Z",
"first_observed": "2020-10-29T17:11:30Z",
"last_observed": "2020-10-29T17:11:30Z",
"number_observed": 1,
"object_refs": [
"file--af2825da-40dc-5bc9-9e27-c8bfbe2ed99e"
],
"labels": [
"misp:name=\"pe\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"False\""
]
},
{
"type": "file",
"spec_version": "2.1",
"id": "file--af2825da-40dc-5bc9-9e27-c8bfbe2ed99e",
"name": "",
"extensions": {
"windows-pebinary-ext": {
"pe_type": "exe",
"number_of_sections": 6,
"optional_header": {
"address_of_entry_point": 5368723276
},
"x_misp_compilation_timestamp": "2020-10-20T14:37:52+00:00"
}
}
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--e1461615-ebab-47e2-ac5a-051652516fb7",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2020-10-29T17:11:32.000Z",
"modified": "2020-10-29T17:11:32.000Z",
"first_observed": "2020-10-29T17:11:32Z",
"last_observed": "2020-10-29T17:11:32Z",
"number_observed": 1,
"object_refs": [
"file--9c65557b-b248-5809-8354-23611300f1d8"
],
"labels": [
"misp:name=\"pe\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"False\""
]
},
{
"type": "file",
"spec_version": "2.1",
"id": "file--9c65557b-b248-5809-8354-23611300f1d8",
"name": "",
"extensions": {
"windows-pebinary-ext": {
"pe_type": "exe",
"number_of_sections": 5,
"optional_header": {
"address_of_entry_point": 4271906
},
"x_misp_compilation_timestamp": "2020-10-19T12:12:22+00:00"
}
}
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--8e71181f-d0b5-4f70-8649-ca49186d6a73",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2020-10-29T17:09:31.000Z",
"modified": "2020-10-29T17:09:31.000Z",
"labels": [
"misp:name=\"pe-section\"",
"misp:meta-category=\"file\""
],
"x_misp_attributes": [
{
"type": "text",
"object_relation": "name",
"value": ".text",
"category": "Other",
"uuid": "97e0e022-f853-47f8-9e29-435701f0d3ca"
},
{
"type": "size-in-bytes",
"object_relation": "size-in-bytes",
"value": "86528",
"category": "Other",
"uuid": "9c621fb2-972a-4c29-803e-f48cbeeaad35"
},
{
"type": "float",
"object_relation": "entropy",
"value": "6.6439974526134",
"category": "Other",
"uuid": "233545c6-6ff8-4278-a7de-dc897a68c370"
},
{
"type": "md5",
"object_relation": "md5",
"value": "1a6156069388cca0317d6fa11eb7843d",
"category": "Payload delivery",
"to_ids": true,
"uuid": "a3723fcd-e7e7-42aa-be93-961f5bfa0e1d"
},
{
"type": "sha1",
"object_relation": "sha1",
"value": "65903d8afe5ecc31b2542ed69859ab09856aee00",
"category": "Payload delivery",
"to_ids": true,
"uuid": "e9968912-ad27-48db-8299-a1a895366e7d"
},
{
"type": "sha256",
"object_relation": "sha256",
"value": "e0939125fa698405fb2d990540aa374f6fda817ded22a3085fca750c373688a8",
"category": "Payload delivery",
"to_ids": true,
"uuid": "79d991e6-9b7c-451a-aaa6-fb24e9c6c7da"
},
{
"type": "sha512",
"object_relation": "sha512",
"value": "aee1add5f8b677d8618808fd8dedf692c6da4a9debc4c42136388a3559cda29844db33111f24b124e123f625be0902fbd5a76375059e89f03d9a65b0c0ad18e8",
"category": "Payload delivery",
"to_ids": true,
"uuid": "104865e1-0cee-4618-ab54-be118cdcecaa"
},
{
"type": "ssdeep",
"object_relation": "ssdeep",
"value": "1536:o72ygckp1A7zzVKurqjavQs0Axt7utz0zt8706LDKAxpamck:o72yxKFjavT08Mz0R8g6LDdqS",
"category": "Payload delivery",
"to_ids": true,
"uuid": "84956700-7fb2-4de1-9271-d4dfb9e61c51"
}
],
"x_misp_meta_category": "file",
"x_misp_name": "pe-section"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--f4d243fd-d0cc-4291-9f6c-23f7d9010f53",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2020-10-29T17:09:31.000Z",
"modified": "2020-10-29T17:09:31.000Z",
"labels": [
"misp:name=\"pe-section\"",
"misp:meta-category=\"file\""
],
"x_misp_attributes": [
{
"type": "text",
"object_relation": "name",
"value": ".burden",
"category": "Other",
"uuid": "c788ee05-f966-4dd2-80db-fdd787a5e1d6"
},
{
"type": "size-in-bytes",
"object_relation": "size-in-bytes",
"value": "312832",
"category": "Other",
"uuid": "11392549-0eeb-43dc-8d5d-cce4e19d17c6"
},
{
"type": "float",
"object_relation": "entropy",
"value": "6.428626197749",
"category": "Other",
"uuid": "8c645b38-ac22-4a28-ae2d-205a48abe17f"
},
{
"type": "md5",
"object_relation": "md5",
"value": "a3c8febccc2edd615ff98e78b8ebf6c2",
"category": "Payload delivery",
"to_ids": true,
"uuid": "5fb12833-8298-4183-832f-b592e5b0456f"
},
{
"type": "sha1",
"object_relation": "sha1",
"value": "071f15d61322c0480bb71690ed114f3736f7844c",
"category": "Payload delivery",
"to_ids": true,
"uuid": "05b2edfc-c725-4ec6-8f8f-7325cf6e27e6"
},
{
"type": "sha256",
"object_relation": "sha256",
"value": "c489a2b966c615504a618c46ab8dbbe94d5f11cec2219113c2d0b62e4bb497d2",
"category": "Payload delivery",
"to_ids": true,
"uuid": "22436322-e1a6-45d8-a1ac-a7597e6f9091"
},
{
"type": "sha512",
"object_relation": "sha512",
"value": "6c15e95112868969184d511f5cc35bddd868e8e2a4c61b4c12bff45383e62a0a90fe1fde4bd56fa0dca1523ebf90c05e8a5e08966d3b6f85517156fd5d38d28b",
"category": "Payload delivery",
"to_ids": true,
"uuid": "cf4acdee-a285-4b82-8b8e-6b589aa29dc6"
},
{
"type": "ssdeep",
"object_relation": "ssdeep",
"value": "6144:1TAstnaza+n4KNLJ5kqJnzW+2yNmBdD1fbjSVhqAiFePD:JA0naz9n4K75nxz6yNmBdD1zuVvOeP",
"category": "Payload delivery",
"to_ids": true,
"uuid": "d9841dd7-a0a2-470c-86cf-a1abf6f017c8"
}
],
"x_misp_meta_category": "file",
"x_misp_name": "pe-section"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--ec9e4c0b-dd07-4f4f-9a59-e29185e95015",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2020-10-29T17:09:31.000Z",
"modified": "2020-10-29T17:09:31.000Z",
"labels": [
"misp:name=\"pe-section\"",
"misp:meta-category=\"file\""
],
"x_misp_attributes": [
{
"type": "text",
"object_relation": "name",
"value": ".rdata",
"category": "Other",
"uuid": "ce9ace37-0b1e-44cd-b54c-25998e1129b2"
},
{
"type": "size-in-bytes",
"object_relation": "size-in-bytes",
"value": "29696",
"category": "Other",
"uuid": "e6e9eef1-b0e9-4958-8570-7dc7b86e3d5c"
},
{
"type": "float",
"object_relation": "entropy",
"value": "5.2358394051476",
"category": "Other",
"uuid": "c58b12b6-39c1-44ba-9664-66e628915b99"
},
{
"type": "md5",
"object_relation": "md5",
"value": "913c3b34e97d59ce175470ee9505c267",
"category": "Payload delivery",
"to_ids": true,
"uuid": "2354ed90-5ed4-4c20-8f13-ec609c01a23d"
},
{
"type": "sha1",
"object_relation": "sha1",
"value": "2c3902cde5e5aace5fee811860541bfd9781508f",
"category": "Payload delivery",
"to_ids": true,
"uuid": "270cfe3b-842c-47b3-aabb-263ecf40b550"
},
{
"type": "sha256",
"object_relation": "sha256",
"value": "a00b87cda9fe28b5d8980eeb74c1e01e0d5e75f7e7f5df01045695a2f1ef05b8",
"category": "Payload delivery",
"to_ids": true,
"uuid": "311d39eb-0cab-47bf-afd3-3531186940da"
},
{
"type": "sha512",
"object_relation": "sha512",
"value": "0749fd86bf367c472e4f4ae368ad22761218175e185ad9f9dfa3f9f5476be2b6e28592ed6c198652fd05cc29f873114b93560b2831f6ad5a2ebdd13feefb221b",
"category": "Payload delivery",
"to_ids": true,
"uuid": "8cf662e7-a811-42fb-b830-8ce4aec3fa37"
},
{
"type": "ssdeep",
"object_relation": "ssdeep",
"value": "768:ClWRQxRQUz8cIsWM/MWcdjD9vmq8LsmkABYV1:yhQU1IsWycd/qLsmkV1",
"category": "Payload delivery",
"to_ids": true,
"uuid": "7956f831-ce6a-4c43-9d34-7b4e2aa9c3ac"
}
],
"x_misp_meta_category": "file",
"x_misp_name": "pe-section"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--387d11bb-9594-4c6d-a113-32e869d193c4",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2020-10-29T17:09:31.000Z",
"modified": "2020-10-29T17:09:31.000Z",
"labels": [
"misp:name=\"pe-section\"",
"misp:meta-category=\"file\""
],
"x_misp_attributes": [
{
"type": "text",
"object_relation": "name",
"value": ".data",
"category": "Other",
"uuid": "64813e57-7de8-49ec-b9c9-b406b734e5df"
},
{
"type": "size-in-bytes",
"object_relation": "size-in-bytes",
"value": "2560",
"category": "Other",
"uuid": "88379f73-686b-4fa8-a5d1-6e94bf47918e"
},
{
"type": "float",
"object_relation": "entropy",
"value": "2.3240790910852",
"category": "Other",
"uuid": "970ac15b-fe53-41e5-879c-bb8c2c544a12"
},
{
"type": "md5",
"object_relation": "md5",
"value": "745d3bc689a30f4cb1ca7b563751b8b3",
"category": "Payload delivery",
"to_ids": true,
"uuid": "87bb9b02-f7d0-4d5e-b04f-abfdceb545c2"
},
{
"type": "sha1",
"object_relation": "sha1",
"value": "9d0ce5f872a3695ca92e74514841b0e7f9093ea8",
"category": "Payload delivery",
"to_ids": true,
"uuid": "db2a6225-bca9-4a0c-92a9-094d6413c2cc"
},
{
"type": "sha256",
"object_relation": "sha256",
"value": "876f6078e4cf21dfb3f605533fb1dbc6e75ebdc67b72b6fa84328fbc7b06bcc5",
"category": "Payload delivery",
"to_ids": true,
"uuid": "f835730a-cceb-4979-a981-686aaea853f6"
},
{
"type": "sha512",
"object_relation": "sha512",
"value": "3969ae5746a8940d97aa43fd7b142afc0332e93f9ab337136966a1cb9d49de284672ce1f5807d7ff17302e2547130ed8989039652f229a3aa5c7f790402db23b",
"category": "Payload delivery",
"to_ids": true,
"uuid": "c61ef760-1aed-4ace-a913-d10fb0007780"
},
{
"type": "ssdeep",
"object_relation": "ssdeep",
"value": "24:3lUhBSqe6uSkeKH6uSkeKn8888888jMuLcPmw:1IkjTk4TkhMu4Z",
"category": "Payload delivery",
"to_ids": true,
"uuid": "0a9b1fef-9761-42f5-a3b7-1d361d198678"
}
],
"x_misp_meta_category": "file",
"x_misp_name": "pe-section"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--080646bb-ad2d-49d0-af0b-8b45e1a669d9",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2020-10-29T17:09:31.000Z",
"modified": "2020-10-29T17:09:31.000Z",
"labels": [
"misp:name=\"pe-section\"",
"misp:meta-category=\"file\""
],
"x_misp_attributes": [
{
"type": "text",
"object_relation": "name",
"value": ".gfids",
"category": "Other",
"uuid": "23d96e74-534e-43c2-9ae9-4e940cedd733"
},
{
"type": "size-in-bytes",
"object_relation": "size-in-bytes",
"value": "512",
"category": "Other",
"uuid": "82cf5215-3b94-4647-a91a-fbd0e8be46ca"
},
{
"type": "float",
"object_relation": "entropy",
"value": "3.3163272910731",
"category": "Other",
"uuid": "41f4fd74-f40e-498c-a2aa-5bd95c3ce9eb"
},
{
"type": "md5",
"object_relation": "md5",
"value": "18ce9dc21832eebc20c75a15c97067dd",
"category": "Payload delivery",
"to_ids": true,
"uuid": "f7e29e7b-2794-4c76-981e-06d0bedf93fd"
},
{
"type": "sha1",
"object_relation": "sha1",
"value": "715f4b5127b0636939445631f846b13d51143559",
"category": "Payload delivery",
"to_ids": true,
"uuid": "3505c5b7-ff31-40c8-8814-3ee2c7294e46"
},
{
"type": "sha256",
"object_relation": "sha256",
"value": "c86128ee4d0f408fe829b30926f178285b283618cf6a1d0bcc0d26253b905bfb",
"category": "Payload delivery",
"to_ids": true,
"uuid": "c4d98f89-a8ef-428c-b830-4c56fde6dfd8"
},
{
"type": "sha512",
"object_relation": "sha512",
"value": "65aa354d80721111af432d0f1426cfea8adec9e7683008f733210b1d05b9bdf5dde731ac20882db0121080779bf2091f4e2080ad3e20a3ce9eabeafb6fd267cb",
"category": "Payload delivery",
"to_ids": true,
"uuid": "8caf8a48-7001-480a-a962-b99d484699e8"
},
{
"type": "ssdeep",
"object_relation": "ssdeep",
"value": "6:keAb7Joim/SlGWH/qlrQjkPalHoliWCyoXQ40+1P/n:kJWSlBHylqF4iWC5XQ40Snn",
"category": "Payload delivery",
"to_ids": true,
"uuid": "8fe156ae-b385-42e7-bcc3-72c383f6880c"
}
],
"x_misp_meta_category": "file",
"x_misp_name": "pe-section"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--22818e90-f9a9-4acc-8d3a-892a49138fb1",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2020-10-29T17:09:31.000Z",
"modified": "2020-10-29T17:09:31.000Z",
"labels": [
"misp:name=\"pe-section\"",
"misp:meta-category=\"file\""
],
"x_misp_attributes": [
{
"type": "text",
"object_relation": "name",
"value": ".tls",
"category": "Other",
"uuid": "519793fb-57f9-436a-9efe-b0565e6353d3"
},
{
"type": "size-in-bytes",
"object_relation": "size-in-bytes",
"value": "512",
"category": "Other",
"uuid": "81017b21-ef2c-4552-8903-748aa7204b4c"
},
{
"type": "float",
"object_relation": "entropy",
"value": "0.50325833477565",
"category": "Other",
"uuid": "4bb935a4-786c-44cf-acaa-4f9368213ce3"
},
{
"type": "md5",
"object_relation": "md5",
"value": "6bb7020411c567d010022987d099c31e",
"category": "Payload delivery",
"to_ids": true,
"uuid": "a6b8c355-89e6-4b1f-aabd-1d73b9c78ae9"
},
{
"type": "sha1",
"object_relation": "sha1",
"value": "2243e258f4527b44096ada9ea0bde07d8da965f1",
"category": "Payload delivery",
"to_ids": true,
"uuid": "c5c1c81b-c60b-49fa-8db8-bc759f04280a"
},
{
"type": "sha256",
"object_relation": "sha256",
"value": "b7e16632b656ff8dfe82039d030275d178e4e012a2205b596925814aa7df0874",
"category": "Payload delivery",
"to_ids": true,
"uuid": "4daf4024-a30a-4adf-992e-b90f7792ea7b"
},
{
"type": "sha512",
"object_relation": "sha512",
"value": "e948499a2269f607787d8617007bf1dc6af8acb495f324e951786752ad1e4c4adf5b986dcfd3142decaa18f26433a06404a21c749f1df0294d714feaf5feed70",
"category": "Payload delivery",
"to_ids": true,
"uuid": "0edd5eb1-e5db-4e76-9289-04b0bfb47cd7"
},
{
"type": "ssdeep",
"object_relation": "ssdeep",
"value": "3:F:F",
"category": "Payload delivery",
"to_ids": true,
"uuid": "499e9810-3674-4dac-8c63-e99b04ccc297"
}
],
"x_misp_meta_category": "file",
"x_misp_name": "pe-section"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--4eaa6d85-7fd1-41a2-ae7e-6e35356e62b5",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2020-10-29T17:09:32.000Z",
"modified": "2020-10-29T17:09:32.000Z",
"labels": [
"misp:name=\"pe-section\"",
"misp:meta-category=\"file\""
],
"x_misp_attributes": [
{
"type": "text",
"object_relation": "name",
"value": ".rsrc",
"category": "Other",
"uuid": "feec3851-74c8-4be4-aa7b-bfe5f03eb027"
},
{
"type": "size-in-bytes",
"object_relation": "size-in-bytes",
"value": "512",
"category": "Other",
"uuid": "f8316991-5bd3-44a0-986a-559f1471418c"
},
{
"type": "md5",
"object_relation": "md5",
"value": "4ae71336e44bf9bf79d2752e234818a5",
"category": "Payload delivery",
"to_ids": true,
"uuid": "bbe67d40-e90d-454e-9f63-befb4ffe235c"
},
{
"type": "sha1",
"object_relation": "sha1",
"value": "e129f27c5103bc5cc44bcdf0a15e160d445066ff",
"category": "Payload delivery",
"to_ids": true,
"uuid": "54594228-6c0c-43a7-b5e4-6624e66275f2"
},
{
"type": "sha256",
"object_relation": "sha256",
"value": "374708fff7719dd5979ec875d56cd2286f6d3cf7ec317a3b25632aab28ec37bb",
"category": "Payload delivery",
"to_ids": true,
"uuid": "19e38adc-943c-4b0f-9976-0e184661646f"
},
{
"type": "sha512",
"object_relation": "sha512",
"value": "0b6cbac838dfe7f47ea1bd0df00ec282fdf45510c92161072ccfb84035390c4da743d9c3b954eaa1b0f86fc9861b23cc6c8667ab232c11c686432ebb5c8c3f27",
"category": "Payload delivery",
"to_ids": true,
"uuid": "36961dcc-8d45-4ad9-a461-f693ea084f0b"
},
{
"type": "ssdeep",
"object_relation": "ssdeep",
"value": "3::",
"category": "Payload delivery",
"to_ids": true,
"uuid": "d016e8d2-e20e-43ac-b875-03b543b6e97b"
}
],
"x_misp_meta_category": "file",
"x_misp_name": "pe-section"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--1a683a48-3a2b-4e23-9bf3-ff147f81c7c7",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2020-10-29T17:09:32.000Z",
"modified": "2020-10-29T17:09:32.000Z",
"labels": [
"misp:name=\"pe-section\"",
"misp:meta-category=\"file\""
],
"x_misp_attributes": [
{
"type": "text",
"object_relation": "name",
"value": ".reloc",
"category": "Other",
"uuid": "0f05c263-4f17-4efb-9984-1ecf0fc9f8fa"
},
{
"type": "size-in-bytes",
"object_relation": "size-in-bytes",
"value": "5120",
"category": "Other",
"uuid": "235b1e45-1c05-4653-b647-cbe18c868d5b"
},
{
"type": "float",
"object_relation": "entropy",
"value": "6.5792252046316",
"category": "Other",
"uuid": "f9102e80-aa12-4cf3-ba3c-f2cd0754a83d"
},
{
"type": "md5",
"object_relation": "md5",
"value": "e15d79b564ee2b18a3a5abc9bfde36aa",
"category": "Payload delivery",
"to_ids": true,
"uuid": "91bd1339-2c9e-473e-9983-87d76065cb92"
},
{
"type": "sha1",
"object_relation": "sha1",
"value": "3b6f1f23b058d48e7ad34d881735f41cc6151b48",
"category": "Payload delivery",
"to_ids": true,
"uuid": "13a6a54c-a274-441d-af00-bfe1a3aeccdc"
},
{
"type": "sha256",
"object_relation": "sha256",
"value": "0803b7bc445f44d22788d9adbcdcedc71ba3ceffe5ad4fccfac39ba65002c1dd",
"category": "Payload delivery",
"to_ids": true,
"uuid": "08220978-2b3d-46c7-9106-6da0301ed6f9"
},
{
"type": "sha512",
"object_relation": "sha512",
"value": "b9c9c21587935b9ee013b8b8643c95bed56a9a5a076af537db132d71acda4ac0d02c34b9e0044149083a69a4085e115f2311eabb3d71b080fd593dd247464c82",
"category": "Payload delivery",
"to_ids": true,
"uuid": "bfd11d45-0a79-44a9-888f-7e0129648a47"
},
{
"type": "ssdeep",
"object_relation": "ssdeep",
"value": "96:TsB2U8zf3WznEUqv0NwgGDW53WHJHIrnHIDHH7HHPnnndnnn307wG:TsB4Qu0NtGDWwpqWnbvndnk0G",
"category": "Payload delivery",
"to_ids": true,
"uuid": "db909ab6-1a40-47bc-abbb-46af062cfa4f"
}
],
"x_misp_meta_category": "file",
"x_misp_name": "pe-section"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--5c1b581d-6404-4eaa-96c6-f3e0075bcbad",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2020-10-29T17:11:29.000Z",
"modified": "2020-10-29T17:11:29.000Z",
"labels": [
"misp:name=\"pe-section\"",
"misp:meta-category=\"file\""
],
"x_misp_attributes": [
{
"type": "text",
"object_relation": "name",
"value": ".text",
"category": "Other",
"uuid": "aa607192-4626-499c-9771-86233b4d5cbe"
},
{
"type": "size-in-bytes",
"object_relation": "size-in-bytes",
"value": "94208",
"category": "Other",
"uuid": "19b8d675-43cf-425d-8ce9-1c36217098b9"
},
{
"type": "float",
"object_relation": "entropy",
"value": "6.4101642781078",
"category": "Other",
"uuid": "3fe4037f-1935-4250-a0d9-c333199f5f9f"
},
{
"type": "md5",
"object_relation": "md5",
"value": "8628b0cf097fba619bd38b63a00f765e",
"category": "Payload delivery",
"to_ids": true,
"uuid": "b0ff8ce3-fa33-4fc5-9c7a-b57c8ce9b233"
},
{
"type": "sha1",
"object_relation": "sha1",
"value": "012e64cce9c109fa4cceda31b367cbc612d90217",
"category": "Payload delivery",
"to_ids": true,
"uuid": "704b6bcd-751e-4475-9c7e-7232cdd747c0"
},
{
"type": "sha256",
"object_relation": "sha256",
"value": "3a1db7508223187b2eb61c4833632690bfd94f02f9964885f2123c077ad3bf9e",
"category": "Payload delivery",
"to_ids": true,
"uuid": "1db2bede-16ee-4d71-a543-d7b40d751206"
},
{
"type": "sha512",
"object_relation": "sha512",
"value": "5c8c8416d4c2409d676f90b5f2acd34059a1fae146dff985409adea43803db08958efd28d438c7d0d5b42e6df573ffdfed3205cfcd56f9fc881c47c4673399ba",
"category": "Payload delivery",
"to_ids": true,
"uuid": "7b32ff45-6cb9-4549-86a1-0f7e38a30c01"
},
{
"type": "ssdeep",
"object_relation": "ssdeep",
"value": "1536:zRT2Q7d77gCfSveAhyXe9Me7FlVm4PerQkin5jEbM1JIqaNFZnEqo3l:zRT2QhnPSveAhyXAoNQki5j0M9l",
"category": "Payload delivery",
"to_ids": true,
"uuid": "91ace5e7-cba8-496b-9d3e-46c44d4d84fc"
}
],
"x_misp_meta_category": "file",
"x_misp_name": "pe-section"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--762b0e45-f3a3-4166-8b15-3a709565b2c1",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2020-10-29T17:11:29.000Z",
"modified": "2020-10-29T17:11:29.000Z",
"labels": [
"misp:name=\"pe-section\"",
"misp:meta-category=\"file\""
],
"x_misp_attributes": [
{
"type": "text",
"object_relation": "name",
"value": ".rdata",
"category": "Other",
"uuid": "514d8054-7224-4e6e-9fa8-af4760ba342d"
},
{
"type": "size-in-bytes",
"object_relation": "size-in-bytes",
"value": "27136",
"category": "Other",
"uuid": "c772b70d-0b56-4e66-bf19-72c924110458"
},
{
"type": "float",
"object_relation": "entropy",
"value": "4.9129159222507",
"category": "Other",
"uuid": "a29f97d5-72d0-4ea2-a1b4-55e1f3961554"
},
{
"type": "md5",
"object_relation": "md5",
"value": "e22999a9929769d75082d70844d7c7a0",
"category": "Payload delivery",
"to_ids": true,
"uuid": "7ca1304f-af54-48b1-931f-f1f15f85a6e4"
},
{
"type": "sha1",
"object_relation": "sha1",
"value": "18894f7ce836606b19174184eb76948233766a8a",
"category": "Payload delivery",
"to_ids": true,
"uuid": "ceb217f9-c513-429d-9dcc-3e518cf6bf79"
},
{
"type": "sha256",
"object_relation": "sha256",
"value": "9cce729e84759dd88a8c0300d76442d2867e4df619d0ce4b8a7dc720bebd63d9",
"category": "Payload delivery",
"to_ids": true,
"uuid": "9cc4dfe5-4090-40af-b6e2-84843b6ba86c"
},
{
"type": "sha512",
"object_relation": "sha512",
"value": "25e2877febfe05947b39ae0c41f68caa45f18d59131d376555ede109adb5b4839d366439de41a98245896a01a5764548d1b7c2582c45eedc4f6aa1263dd67ec9",
"category": "Payload delivery",
"to_ids": true,
"uuid": "20c3a877-f552-4844-89db-db92d8ca29e5"
},
{
"type": "ssdeep",
"object_relation": "ssdeep",
"value": "384:CN2LWdqX4kO17qCwC1fdzaFflxuZ1uDC8SRN2AExwzvy5P:CSQcYeF98/fb65P",
"category": "Payload delivery",
"to_ids": true,
"uuid": "a042d966-2144-45df-8892-c2f6fd7e86c1"
}
],
"x_misp_meta_category": "file",
"x_misp_name": "pe-section"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--ba247d9b-6233-460b-a4a2-b8e5e33db725",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2020-10-29T17:11:29.000Z",
"modified": "2020-10-29T17:11:29.000Z",
"labels": [
"misp:name=\"pe-section\"",
"misp:meta-category=\"file\""
],
"x_misp_attributes": [
{
"type": "text",
"object_relation": "name",
"value": ".data",
"category": "Other",
"uuid": "46f7a66b-f0c4-4b6e-b0ca-bf7eb8a02ed9"
},
{
"type": "size-in-bytes",
"object_relation": "size-in-bytes",
"value": "8704",
"category": "Other",
"uuid": "5d4b3675-029b-41cd-836c-3071e2d1bf67"
},
{
"type": "float",
"object_relation": "entropy",
"value": "3.2256052928237",
"category": "Other",
"uuid": "23dc3dd4-7e53-4927-8bd8-375754c96ac3"
},
{
"type": "md5",
"object_relation": "md5",
"value": "2816ac35c958df0c0df066d1e4264f4f",
"category": "Payload delivery",
"to_ids": true,
"uuid": "8f612f36-f7d7-4e96-9701-d042b9cb16f1"
},
{
"type": "sha1",
"object_relation": "sha1",
"value": "45619f6852bad9f448f208c2746b31c95fd8291e",
"category": "Payload delivery",
"to_ids": true,
"uuid": "3fd935e5-261e-49a0-848d-6f17acd78225"
},
{
"type": "sha256",
"object_relation": "sha256",
"value": "065168dfc2127cd19931a0e1d2c73b4d271b9b1717d4ab867106743ef6d8ef49",
"category": "Payload delivery",
"to_ids": true,
"uuid": "dce8098a-5f6e-41cc-8226-6c18fa9237f7"
},
{
"type": "sha512",
"object_relation": "sha512",
"value": "6a16d31e84c3bc4dd1362435a3c7099fb171b17c8f1bfc4e41435e044f0f64b346f6525a333a21d7cad9a7a40e5e4b107077eff99b388f66c98aa13a822a54e0",
"category": "Payload delivery",
"to_ids": true,
"uuid": "a093f877-8b44-4972-8fe0-531d67cac19d"
},
{
"type": "ssdeep",
"object_relation": "ssdeep",
"value": "96:j3FuiBgtodYRBEmkVr+jHUhoSkb/heMlhiQL:7Fl51Zs0Ib/heMlhiI",
"category": "Payload delivery",
"to_ids": true,
"uuid": "bdbf6612-c62a-4fb7-b6fd-e9a539781646"
}
],
"x_misp_meta_category": "file",
"x_misp_name": "pe-section"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--d06622bc-83da-486f-a8ec-d13a099f9594",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2020-10-29T17:11:29.000Z",
"modified": "2020-10-29T17:11:29.000Z",
"labels": [
"misp:name=\"pe-section\"",
"misp:meta-category=\"file\""
],
"x_misp_attributes": [
{
"type": "text",
"object_relation": "name",
"value": ".pdata",
"category": "Other",
"uuid": "af43e7f4-019f-4be2-8a4b-762ff67c6cab"
},
{
"type": "size-in-bytes",
"object_relation": "size-in-bytes",
"value": "5632",
"category": "Other",
"uuid": "809a2bb7-a18e-4afc-8f0f-00f71b09ce59"
},
{
"type": "float",
"object_relation": "entropy",
"value": "5.1217357737132",
"category": "Other",
"uuid": "2aa6f58f-a509-4db5-97b1-f891eb3ab117"
},
{
"type": "md5",
"object_relation": "md5",
"value": "dac77eefc8154688c07f61f79acb6d43",
"category": "Payload delivery",
"to_ids": true,
"uuid": "1f9dde5f-567c-40d4-9f27-8a39d1e8faa4"
},
{
"type": "sha1",
"object_relation": "sha1",
"value": "8c9bdad92f57312b18f9554d2a6f37f9af15f0b5",
"category": "Payload delivery",
"to_ids": true,
"uuid": "1a142b6e-5bd2-4b8c-8244-36e5dadf4781"
},
{
"type": "sha256",
"object_relation": "sha256",
"value": "c34f816065ede3f5f70e851d85b8676710705b94674e1b4feaf210848c4a3d55",
"category": "Payload delivery",
"to_ids": true,
"uuid": "ef8d823f-ba19-4a12-9aa5-a2e05a371ea4"
},
{
"type": "sha512",
"object_relation": "sha512",
"value": "4c73d0cb21d888bb50b7383bbd7c43e4ca634882d6e57646ed8769c0f9ded1134dda1ba178bb9881866a023e9cca8e3f97dfd0b3ebf8410984046d15e835ce29",
"category": "Payload delivery",
"to_ids": true,
"uuid": "926fca81-0829-4e33-94dd-ca3612585679"
},
{
"type": "ssdeep",
"object_relation": "ssdeep",
"value": "96:MEWeeoTZYyOirrNRGCA5c78SHZyAoIXx75ui5LCCR++JUXhkfZT6sO1UkfCGhZ8C:tZYRVx5otHcDgqi5LCP+JUhcJ6V1ffC8",
"category": "Payload delivery",
"to_ids": true,
"uuid": "3bba77f1-6765-4bca-af7a-8bc58b4e3cac"
}
],
"x_misp_meta_category": "file",
"x_misp_name": "pe-section"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--1baf4488-d4a7-4697-96f5-adaab26fd82c",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2020-10-29T17:11:29.000Z",
"modified": "2020-10-29T17:11:29.000Z",
"labels": [
"misp:name=\"pe-section\"",
"misp:meta-category=\"file\""
],
"x_misp_attributes": [
{
"type": "text",
"object_relation": "name",
"value": ".rsrc",
"category": "Other",
"uuid": "802c4d4b-88af-4796-a92f-eca7b65f5162"
},
{
"type": "size-in-bytes",
"object_relation": "size-in-bytes",
"value": "317440",
"category": "Other",
"uuid": "abb50d3b-3969-47f4-a408-4810b461c017"
},
{
"type": "float",
"object_relation": "entropy",
"value": "7.9697842957611",
"category": "Other",
"uuid": "729c7a90-e30d-4ef8-8928-547b708c20ba"
},
{
"type": "md5",
"object_relation": "md5",
"value": "da4a462a980ab048aaccd45ffe13f085",
"category": "Payload delivery",
"to_ids": true,
"uuid": "1b6254f7-a5ff-4615-83ac-59ca0da90857"
},
{
"type": "sha1",
"object_relation": "sha1",
"value": "c0829122a4b089010035bb7b9c3de2bf32f95f15",
"category": "Payload delivery",
"to_ids": true,
"uuid": "da14dd5f-c397-4a4a-9ade-ceea95fc3da0"
},
{
"type": "sha256",
"object_relation": "sha256",
"value": "c8cc02782a3ff32f45bbdf392b1bc1f2b519aa41ea953b02f8afb890857b613d",
"category": "Payload delivery",
"to_ids": true,
"uuid": "1f889040-e82f-4d07-8c48-3680c42b8c1b"
},
{
"type": "sha512",
"object_relation": "sha512",
"value": "8a1769a1c442e00dfce0aed7520f6f5089c93f35231a7468ec75f6792e5897f313960bcb43454849908ed1a92b46e8e797f2b77060ac273e69feebe7aacf1de6",
"category": "Payload delivery",
"to_ids": true,
"uuid": "a1ea9187-a3f5-48b0-a882-d48a37a05647"
},
{
"type": "ssdeep",
"object_relation": "ssdeep",
"value": "6144:uk1181pk4Me9dSqPUNPjHyOOTZtJbutWE2d7O5GwyqUAP/Rgcfe7M9/OylWjJ:uDDzPUYhbvAiwgf8WfF",
"category": "Payload delivery",
"to_ids": true,
"uuid": "86fa1dc7-6a65-4923-9ea3-6a5286718f98"
}
],
"x_misp_meta_category": "file",
"x_misp_name": "pe-section"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--670e5a03-ff66-4e61-8bb6-6a054d9095c9",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2020-10-29T17:11:29.000Z",
"modified": "2020-10-29T17:11:29.000Z",
"labels": [
"misp:name=\"pe-section\"",
"misp:meta-category=\"file\""
],
"x_misp_attributes": [
{
"type": "text",
"object_relation": "name",
"value": ".reloc",
"category": "Other",
"uuid": "4a1ebada-5451-4ec1-9cd7-0df352120e9b"
},
{
"type": "size-in-bytes",
"object_relation": "size-in-bytes",
"value": "2560",
"category": "Other",
"uuid": "007fb2a7-8c60-410d-9072-f5a40e1d7da6"
},
{
"type": "float",
"object_relation": "entropy",
"value": "3.3939335771088",
"category": "Other",
"uuid": "eba2df00-d162-4bbc-bb17-a3d2abd71f3f"
},
{
"type": "md5",
"object_relation": "md5",
"value": "66c57a5b73ec1b0dc9e561accc7cd1d5",
"category": "Payload delivery",
"to_ids": true,
"uuid": "801e8c8b-d438-4469-920b-3277f12b3367"
},
{
"type": "sha1",
"object_relation": "sha1",
"value": "1acda3cdc3d026eed2f3492885fe56d0d69a4d40",
"category": "Payload delivery",
"to_ids": true,
"uuid": "c27c9c02-0301-4218-ae5d-928aa92635b1"
},
{
"type": "sha256",
"object_relation": "sha256",
"value": "b8247eed26046f4101e3eaf3480b35b562b34a54d89fb6a6d7223b7fe16d3efd",
"category": "Payload delivery",
"to_ids": true,
"uuid": "7e2532a9-fab3-49c5-ba4b-5df6e2c5090f"
},
{
"type": "sha512",
"object_relation": "sha512",
"value": "8cf040b10ec18aad20a7fbcb79bbbee0cf8cf7e9092eeb9ec82059b99d239693815241cef6fef59439d5fe82f97b4a405ac11b2d5d65a05233f0abd12d10cc1c",
"category": "Payload delivery",
"to_ids": true,
"uuid": "98f0719a-0b3b-47dd-b69c-07394326a330"
},
{
"type": "ssdeep",
"object_relation": "ssdeep",
"value": "12:EDEmlHoAIgok4nnJdEM3EMUH83/2v0vvGI1YIPPZkcnXFY/rH//A/Q3wMoXAXogp:EDEhEM3EMUH8ev0vvpnXSwMp",
"category": "Payload delivery",
"to_ids": true,
"uuid": "a081d600-5ef2-414b-9dfe-1562a381d789"
}
],
"x_misp_meta_category": "file",
"x_misp_name": "pe-section"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--050c7b9c-4024-4168-85b1-f97902fe2936",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2020-10-29T17:11:30.000Z",
"modified": "2020-10-29T17:11:30.000Z",
"labels": [
"misp:name=\"pe-section\"",
"misp:meta-category=\"file\""
],
"x_misp_attributes": [
{
"type": "text",
"object_relation": "name",
"value": ".text",
"category": "Other",
"uuid": "ebcd6dcb-a7e3-44b0-a4b0-a22b427e04c7"
},
{
"type": "size-in-bytes",
"object_relation": "size-in-bytes",
"value": "152064",
"category": "Other",
"uuid": "22a350f0-ca47-49aa-b02a-1ae2bd3ae9de"
},
{
"type": "float",
"object_relation": "entropy",
"value": "6.6052856838404",
"category": "Other",
"uuid": "7d28fde3-5b8c-4ee4-aa2b-5b990b5ff867"
},
{
"type": "md5",
"object_relation": "md5",
"value": "edee007de593e1861ea16ccc7896b994",
"category": "Payload delivery",
"to_ids": true,
"uuid": "90b7909d-1d22-419c-a8c5-797f7070b4a4"
},
{
"type": "sha1",
"object_relation": "sha1",
"value": "ba15d5b14529d48e69b792c75a5e2805c022f581",
"category": "Payload delivery",
"to_ids": true,
"uuid": "3b94ee8b-f3a5-45de-bae7-983dd6c5cacd"
},
{
"type": "sha256",
"object_relation": "sha256",
"value": "be905ad9e082e89616e7f463cce7e095de736f1137123217fa17a92a65fd879e",
"category": "Payload delivery",
"to_ids": true,
"uuid": "979c1b1e-2001-46f0-973d-2d0d6e0c5e64"
},
{
"type": "sha512",
"object_relation": "sha512",
"value": "644ef58d45fa41690aa304ce17755317315cb6a5f68e978d3ef799916d20a841268d8a243e21000f15f25f23ad75f4cffc8b7dd605b133116efa82a03f937fbe",
"category": "Payload delivery",
"to_ids": true,
"uuid": "6b408218-4ea2-4186-a91e-f24ce9dc436c"
},
{
"type": "ssdeep",
"object_relation": "ssdeep",
"value": "3072:9Sff7ZHL6xD6Ww18AI7IKu3uK8HRvbMEaQlV4yOsjfC2dc6Id+usLKh84xf:ofzZHL6B9lXud8HVCu6y++nKnf",
"category": "Payload delivery",
"to_ids": true,
"uuid": "36dd5358-a933-4575-9f65-e9b10375141f"
}
],
"x_misp_meta_category": "file",
"x_misp_name": "pe-section"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--954fee15-e83f-4f4d-9f5c-a2f8ccb3a875",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2020-10-29T17:11:31.000Z",
"modified": "2020-10-29T17:11:31.000Z",
"labels": [
"misp:name=\"pe-section\"",
"misp:meta-category=\"file\""
],
"x_misp_attributes": [
{
"type": "text",
"object_relation": "name",
"value": ".rdata",
"category": "Other",
"uuid": "7f195744-59a8-4292-8e57-bcaa1cd684b6"
},
{
"type": "size-in-bytes",
"object_relation": "size-in-bytes",
"value": "31744",
"category": "Other",
"uuid": "776fd6c2-30b1-46e2-b44e-2609b49aab3f"
},
{
"type": "float",
"object_relation": "entropy",
"value": "5.4091697426739",
"category": "Other",
"uuid": "da6d0644-7f97-493e-a643-64e6a6ea3b15"
},
{
"type": "md5",
"object_relation": "md5",
"value": "90c85145d202c19869bd1a5ac80b374d",
"category": "Payload delivery",
"to_ids": true,
"uuid": "17651591-9ead-432b-80c9-2e4338cbc271"
},
{
"type": "sha1",
"object_relation": "sha1",
"value": "4cb6f10702eb9978e83fdc5abf59c96d3a9471dc",
"category": "Payload delivery",
"to_ids": true,
"uuid": "6856f538-e625-4bf4-92da-4995e03e2b48"
},
{
"type": "sha256",
"object_relation": "sha256",
"value": "84adacf982f9376f59cce36f7b9fa9bf121c025c2d1d96c356e805ef1f367df6",
"category": "Payload delivery",
"to_ids": true,
"uuid": "b361d1c3-f56a-4480-bc1a-3d4887f13938"
},
{
"type": "sha512",
"object_relation": "sha512",
"value": "1fd581de5f096583d3cb05e268b8dc12caddfa640fa92b8c0c7f6ff88ae98e569cb24d7de74749cc1fd6dd94eed4399099dfd3e91c82f65449ef2a6c03754715",
"category": "Payload delivery",
"to_ids": true,
"uuid": "7a83feee-17cf-4e96-9202-aa4acb355807"
},
{
"type": "ssdeep",
"object_relation": "ssdeep",
"value": "768:8zS7WGQxRupzKhasWsQcdrD9vmMcESgG0utxx:8Y0upehasWfcdHHZox",
"category": "Payload delivery",
"to_ids": true,
"uuid": "2f07e0a3-8951-4261-aa78-c1e206377683"
}
],
"x_misp_meta_category": "file",
"x_misp_name": "pe-section"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--0f22fabc-a2d0-4eef-84f4-660448755f0d",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2020-10-29T17:11:31.000Z",
"modified": "2020-10-29T17:11:31.000Z",
"labels": [
"misp:name=\"pe-section\"",
"misp:meta-category=\"file\""
],
"x_misp_attributes": [
{
"type": "text",
"object_relation": "name",
"value": ".data",
"category": "Other",
"uuid": "a82eaa6a-c9fe-44b6-8d4d-f599abee622e"
},
{
"type": "size-in-bytes",
"object_relation": "size-in-bytes",
"value": "2560",
"category": "Other",
"uuid": "72d77f88-a4f2-44fc-aa77-dea98331ba1f"
},
{
"type": "float",
"object_relation": "entropy",
"value": "2.2540053613635",
"category": "Other",
"uuid": "90d0fd64-d9bb-4294-92a8-aa255d51d979"
},
{
"type": "md5",
"object_relation": "md5",
"value": "2457774d56190d412f14388f33ec8d96",
"category": "Payload delivery",
"to_ids": true,
"uuid": "a990fbac-2db6-4efd-822d-613229eb7e06"
},
{
"type": "sha1",
"object_relation": "sha1",
"value": "a719f436f5a6800255ebc58c102daf5df595ae8a",
"category": "Payload delivery",
"to_ids": true,
"uuid": "032bb116-08e2-4c3f-bd72-6c6b85b5c8df"
},
{
"type": "sha256",
"object_relation": "sha256",
"value": "95087c98db9b51b386f0f84238a3fb6ecc4866446dda14a24e2cea9e0f7ec94f",
"category": "Payload delivery",
"to_ids": true,
"uuid": "b532e9d4-f4b5-4ceb-a025-db7dd3f4c295"
},
{
"type": "sha512",
"object_relation": "sha512",
"value": "bb37e6c93c4869f086cfafeccc10d6f311420e2e9edf9ba69660fd162fdbc60f90af7caf414428f8195b88c3498b3b7ffc9e90aad02aa7137c7d9b26e713035d",
"category": "Payload delivery",
"to_ids": true,
"uuid": "6b6e90e3-ada9-4ada-87ab-5fbcb6e05cd6"
},
{
"type": "ssdeep",
"object_relation": "ssdeep",
"value": "24:QUakj6uSkeKv6uSkeK8hBSqlhhhhhhIlaqADiLau:QbkjTk4TkvkShhhhhhIlX5Lau",
"category": "Payload delivery",
"to_ids": true,
"uuid": "83ce75ae-f8d0-419e-a6f3-fc6d2a5cf793"
}
],
"x_misp_meta_category": "file",
"x_misp_name": "pe-section"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--970305b9-a8e2-4c41-b13e-baedc1fcb2d2",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2020-10-29T17:11:31.000Z",
"modified": "2020-10-29T17:11:31.000Z",
"labels": [
"misp:name=\"pe-section\"",
"misp:meta-category=\"file\""
],
"x_misp_attributes": [
{
"type": "text",
"object_relation": "name",
"value": ".rsrc",
"category": "Other",
"uuid": "216f30bb-7f67-4ace-8475-684ca4aa1680"
},
{
"type": "size-in-bytes",
"object_relation": "size-in-bytes",
"value": "512",
"category": "Other",
"uuid": "4ab7eb2a-42a9-4c78-9b74-f1806f6da191"
},
{
"type": "float",
"object_relation": "entropy",
"value": "4.8758109283269",
"category": "Other",
"uuid": "a67dde5c-fa8b-4ad9-b509-d9b43735719f"
},
{
"type": "md5",
"object_relation": "md5",
"value": "f3e6202957c64cde0b282dd98e1540a9",
"category": "Payload delivery",
"to_ids": true,
"uuid": "3bc5f1aa-12d4-46ad-9cd9-43a1e164dfcd"
},
{
"type": "sha1",
"object_relation": "sha1",
"value": "2ba824e365c566f035a8d8beb848a24f53b1c042",
"category": "Payload delivery",
"to_ids": true,
"uuid": "941f27b2-b305-4871-b9cd-3511b97589d0"
},
{
"type": "sha256",
"object_relation": "sha256",
"value": "71331d65af96c12f7fbe7a0accfd16eee2a8a51c6cc64988c90f73c60ec0ac0b",
"category": "Payload delivery",
"to_ids": true,
"uuid": "49ccf64b-e650-4c21-b916-c11b736fd0f7"
},
{
"type": "sha512",
"object_relation": "sha512",
"value": "b6640410dfd80eb0a3164034150f782ee61099101ee33649b2bd825fea9889c47950e2dc4a2a26ac363e907f8b6e12be7efcc2e4d8aa69d546547800a5d07e96",
"category": "Payload delivery",
"to_ids": true,
"uuid": "2c69e8d3-1bbf-4d2c-99ed-4ee821d8b145"
},
{
"type": "ssdeep",
"object_relation": "ssdeep",
"value": "6:Mf7wtxM3iSnjUglRu9TbX+A1WBRu9TNNSTfUTdNciW7N2x8RTdN9TIHC:Mf7wtxM3iSnRuV1aMN2U5Nci62xA5NEC",
"category": "Payload delivery",
"to_ids": true,
"uuid": "fd3d9517-915e-4cc3-a486-b21b4f1453d9"
}
],
"x_misp_meta_category": "file",
"x_misp_name": "pe-section"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--dabfb04d-bde6-45e7-ac84-2682f064aabd",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2020-10-29T17:11:31.000Z",
"modified": "2020-10-29T17:11:31.000Z",
"labels": [
"misp:name=\"pe-section\"",
"misp:meta-category=\"file\""
],
"x_misp_attributes": [
{
"type": "text",
"object_relation": "name",
"value": ".reloc",
"category": "Other",
"uuid": "8d1a3a66-0ff9-46a2-ad91-030a1c1b0053"
},
{
"type": "size-in-bytes",
"object_relation": "size-in-bytes",
"value": "6144",
"category": "Other",
"uuid": "4b11a043-d6df-4fe5-b83d-e864cbb12b22"
},
{
"type": "float",
"object_relation": "entropy",
"value": "6.6473789608356",
"category": "Other",
"uuid": "906b2fb5-a171-4337-9f22-758c17aac2bb"
},
{
"type": "md5",
"object_relation": "md5",
"value": "bf78a1b65ef4e25cffa0cbd72af0e3b7",
"category": "Payload delivery",
"to_ids": true,
"uuid": "8dcc1a2a-6b53-4b90-b407-4bb1bacb43e5"
},
{
"type": "sha1",
"object_relation": "sha1",
"value": "cafee546a66223bbc32bb9e1883ac477512e4b07",
"category": "Payload delivery",
"to_ids": true,
"uuid": "b41567fe-e332-4c58-8ccb-011474d923f9"
},
{
"type": "sha256",
"object_relation": "sha256",
"value": "d70774a79851ac7ce413ed5dc4f5c9ca86b6eea09983540abc62ccabfc3e094f",
"category": "Payload delivery",
"to_ids": true,
"uuid": "48c625b2-af6a-427c-8dd8-ea0a58d43ee3"
},
{
"type": "sha512",
"object_relation": "sha512",
"value": "0a676dfebc7d14de83e38bbb0b7dded5c525e1f4056cddad4b1a81ccbb8d00954aa43f07bd830834f39bab1336a298f33589c9e55675bbfd14a3479fd97f0c57",
"category": "Payload delivery",
"to_ids": true,
"uuid": "4770e563-a7a2-42e5-9458-d5784ce5d6d7"
},
{
"type": "ssdeep",
"object_relation": "ssdeep",
"value": "96:5VyDjQLs2CXEu+vhyYEN59aOCHyFSyee6cz8idTXKsYMbXpZ3pjPH7HH2nnndnnJ:6DMgRIhyYENbaOCSF1J8C3XTVvbWndnJ",
"category": "Payload delivery",
"to_ids": true,
"uuid": "bcc83d0b-7121-4dcf-abff-c09ad635b3d0"
}
],
"x_misp_meta_category": "file",
"x_misp_name": "pe-section"
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
]
}