adulau/misp-circl-feed
1
0
Fork 0
Code Issues 1 Pull requests Projects 1 Releases Packages Wiki Activity Actions
misp-circl-feed/feeds/circl/stix-2.1/63a9a6fa-f518-4591-9dbe-d0bb0f0ea588.json

598 lines
356 KiB
JSON
Raw Normal View History

chg: [misp-stix] STIX 2.1 export added
2023-04-21 14:44:17 +00:00
{
"type": "bundle",
"id": "bundle--63a9a6fa-f518-4591-9dbe-d0bb0f0ea588",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-06-01T07:36:14.000Z",
"modified": "2022-06-01T07:36:14.000Z",
"name": "CIRCL",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--63a9a6fa-f518-4591-9dbe-d0bb0f0ea588",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-06-01T07:36:14.000Z",
"modified": "2022-06-01T07:36:14.000Z",
"name": "OSINT - First Exploitation of Follina Seen in the Wild",
"published": "2022-06-01T07:36:23Z",
"object_refs": [
"x-misp-object--720e9bd3-147a-4de6-8f78-3cebf19df900",
"indicator--f02c6f09-7ff7-4ac1-a87c-d5c3ee629c67",
"indicator--cea43a63-c963-41d3-8dac-32db1eda6861",
"x-misp-object--637c4f30-117e-41ba-a877-a5c4e8c07198",
"x-misp-object--39168d95-f1fc-4c13-ac90-4ac6e39b3fc8",
"indicator--3e847331-3f8d-4bb4-9196-5454be6c274b",
"x-misp-object--03018ef9-6f30-4e0b-b7ec-315e4f471929",
"x-misp-object--70b7a5e1-3b48-4f49-ad9f-1a60606e5020",
"indicator--3f1d303a-8c58-42cd-899e-2c722f79d97d",
"indicator--7d7e3ed7-667f-4adf-8f35-e5ede8dd8924",
"indicator--54301995-d1c3-4473-a555-4c3b6b96a95c",
"x-misp-object--a6a4523b-bbc4-4ef1-9a20-79ccdfe72438",
"x-misp-object--b06c9bdf-72de-482c-b286-a5324007a390",
"x-misp-object--861a5640-fd98-4d32-a63d-ad22fa5d1bbf",
chg: [feeds] updated
2024-08-07 08:13:15 +00:00
"relationship--9a00cc75-e21a-4ec3-ac99-ab543120c228"
chg: [misp-stix] STIX 2.1 export added
2023-04-21 14:44:17 +00:00
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"type:OSINT",
"osint:lifetime=\"perpetual\""
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--720e9bd3-147a-4de6-8f78-3cebf19df900",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-06-01T07:18:31.000Z",
"modified": "2022-06-01T07:18:31.000Z",
"labels": [
"misp:name=\"report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "link",
"object_relation": "link",
"value": "https://isc.sans.edu/forums/diary/First+Exploitation+of+Follina+Seen+in+the+Wild/28698/",
"category": "External analysis",
"uuid": "150bbd51-422e-4cae-b403-ccee6a59e9ce"
},
{
"type": "text",
"object_relation": "summary",
"value": "For a few days, \"Follina\" is generating a lot of noise on the Internet, check our yesterday diary[1] about this new vulnerability if you need more details. It was time to hunt for some samples. For this purpose, I created a simple YARA rule on VT:",
"category": "Other",
"uuid": "99038964-fa61-49fd-b511-38cb23687a8b"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--f02c6f09-7ff7-4ac1-a87c-d5c3ee629c67",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-06-01T07:18:13.000Z",
"modified": "2022-06-01T07:18:13.000Z",
"name": "hunt_0day_msdt",
"pattern": "import \\\\\"vt\\\\\"\r\nrule hunt_0day_msdt\r\n{\r\n strings:\r\n $s1 = \\\\\"!\\\\\\\\\" TargetMode=\\\\\\\\\"External\\\\\\\\\"/>\\\\\" nocase wide ascii\r\n condition:\r\n new_file and all of ($s*) and vt.metadata.file_type == vt.FileType.DOCX\r\n}",
"pattern_type": "yara",
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"pattern_version": "2.1",
chg: [misp-stix] STIX 2.1 export added
2023-04-21 14:44:17 +00:00
"valid_from": "2022-06-01T07:18:13Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "misc"
}
],
"labels": [
"misp:name=\"yara\"",
"misp:meta-category=\"misc\"",
"misp:to_ids=\"True\""
],
"x_misp_context": "all"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--cea43a63-c963-41d3-8dac-32db1eda6861",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-06-01T07:20:48.000Z",
"modified": "2022-06-01T07:20:48.000Z",
"pattern": "[file:hashes.MD5 = 'ca322dd565f02d6d8c374e220cf8078e' AND file:hashes.SHA1 = 'e07a5ab133d0e22fbb0a434653bf50a851031001' AND file:hashes.SHA256 = '3206fe87e2874db37239d64779c1f504cfca528cef8f5c2214f8434b392aa25a' AND file:hashes.SHA512 = '758766ecedc738e0b5a4c2778691e8ea28911a93fd0dc79095119af00f94bc9fe6f14eeb9a39f1cc979b3054f408a562a9d262b93c52135aa22abb173ea18a4e' AND file:hashes.SSDEEP = '6144:XS1Y14+vsB/IaggtLnFNvM75DmPYvdP1BGIi2:XS1V1IRgtLnLqcwv1v' AND file:name = '3206fe87e2874db37239d64779c1f504cfca528cef8f5c2214f8434b392aa25a' AND file:size = '245248' AND (file:content_ref.payload_bin = 'UEsDBBQACQAIAJg6wVS5QjUU+agDAAC+AwAgABwAY2EzMjJkZDU2NWYwMmQ2ZDhjMzc0ZTIyMGNmODA3OGVVVAkAA1ATl2JQE5didXgLAAEEIQAAAAQhAAAAtaB5ovaUefVNDtO2AVSAwkY7KwjXtrhUJvoOIx6YhH7Lu8D/xYPtpdTo1ThsTimZom1HPyVHTyzoB69YqK1WHFTD+4OkFXGgSMZmKVoiGqxmuI7y+nfZsdNJYdkLn2CN77TC3iuzVCjp88KgZRUbmZymFIeRzJlVwiD1E6PwFHzTIXmaUElPLYQpAdjCYvNtNjD+XHnKFsh0QNWstptrSDAyq4azdXKrzVYXUi6NWWYZquSTKismNrcBLJRXJl6SC1S+eu20hzrc7oBDRjfvOMf4bhEiZxqL+9GdwKjbNLTnMPe0B1xpP3dKSpwMOk7GCMzVE0CeCwDffeR9x2KktjRmgvm1gBeDXlIyPOblbfCvzcJL6gXCwCz0IdAjm6kgXteXcJvshuiTwOHlqROrInoIkQRndnuv/X7HVEYnk6hgsGKQE41ue1ogkldUptTG7zEBaLNxpqCKOfF4ryzfb4JZXTBXKGYvzLUhAqCrSIeWatlt99iOlZ2I5/jA7wQ3zspgbPLSuHVXA8PZjt9MFRT05V44M3VYVdV4T2Ar4opqcIxtFOREY6DF4RW7omgxMCOLUmNZpUa5slvtHyefhzengaipkUyoN+ePUp9S7JZPf+s7NB7nGAgkMFem2oYyU3SRDuKbczGGGJMYKhymjG1F+hIL28L+8bm9qdt/nxH4CVNhxbXJXDr5D7pH+jkAc4tAGP2Fl9c59TTilnuKlw+vChmUR1qJG1ChSXGy6AeOOBkUJeze+yS6t9CgW1uX8zzhtsL2uecjBGdR6uftOc5QwNeRhsxN1gWTU+weH+VFjYyhdgwk7M9M5RzTo1XcL7CIR7+KpskJBDVkV+9Oj4AivBtrc+TzFHPGG9WIW4UIujEhGlAVtow+uxTQ55kqUYSVQCPf1qGW7h+3jYV5PMzWsI+4QTmBZ60qHwp7I5An+YFrtEVIJvx3Ms6U2FSIo+ktgSbWpjlyOJuNu3hP2wA1j5eNKls3DpAW95xWw1WNKUU1QDK1eDYamZHU4ccrtrA0Vtk1nL1f/KxuP7It/lceqBp19qfW7qE3cQgXBJlXX0bBevyQmM2cTVIWpTN2nIk2M6p/K0IhJDEzTXm6shMahlQRQAg+U8KK5YGIsZs76Wh4gNwl8gKaPYR8c5GBYLDl18Q1qie2XvcnXlYR150paX8bZqXkvsHxV7O6rXrIjqAjHuMC2dtSRcsdsjTvoQ/aJvG6D3ZXbDIaTzLpTwz9ivNI5NlXRW7MbSUdBScewL+r1r9sxDzgMdGv8bAb/7j9dGvdEFyvn2Mc5Bd5hhCcDdKG00iwLJyWqQiSR0K3UIgIzQ5I1JL1p28whAFXYk7S4XWWY0d63uuAYbfjhecNuo0weAO5C6MYJEwz6t3ekQD3TzHVEC9AjDSyx6/RxokYmrHyH87ofDoCkELJdTX4mkuTvmonndJ2l7wQ/kxUtndorbsx519JQPzZ7+/ic++VqtaWaQFhnjR99polTZDbODASaM0dmPtPFLv1EcLwo+IQK6EQvhA81PxXIlNNnxX4n9z0opfG9toYsOpVr46a5j9/8BbJK3jpjJHaTi9zCcDP7Ekb6DJexdjcuVyUZPiyhl1DUJdLHy99jjoyTPt4f/mf1qlUgXwuTgDeuBMAE+erTSlMKhSyCLKqp1Rbcyud0wAe3HW8ITxh9vY2D1P5JTSjgszdcqkTLtwbcua1te1RLMfuBcrWNbLvjQqbKx5Xpg0EZ4KrEtlBWinpuz13hMjujrGMbLEiIfds05ITts5NogzbTex/4H3YDGXKlz8gZaik4IVneAgf3aZeMWw1RFhq7wvPxBtkh/FNY/pwCM6RA2KRi6qGIdG6lR2EAevRwlyVew7Wq+C9R62LyFAiXN7aWlg1Z19spJ5K+yv8F7hCLjQ5ilU2pSDap0R06ubWZPx/qGPEBTbwyzZ6KY4uS73kCSGpTm8LgWtfWCTWj5ZsMk/11Y51OnZdENCtX9yet4wV6IuUCKlj+vNzpLN7/8wIToGA4XiLIIKO99L1ThEcqz3Y8sAei7+ZhrseQmjgBSAfkZeYMdyA3INQvsZ2z1UmrLHovpMSNwtThaOKgy/7TTIQ92kWiUhBDICZwiWaLNL8H3hUGkToHb2nZ4KN2Z7FLDjNeA2JPKovQzt5mJflKs6WFtPxyS2Ifn9XV2zyOWxhYYRYZmTz92NKhWPWu9NQ29FoQ+hapDkAD4/t90xi/X18LF5o6JmpuMuHfuNUALs+VmOc7C/T4x/7FoT6bJu4NF94gVbhULajHSsIsxQTdOWzYE45NelH9ARKdexXHxeXOwwQCjDd8kJbJRwNwdgX+Eg7fTaAJg+mTfjFK1tr5so6M36gwxtgtKsnNrPm9xlFqVRJwXIyT0cQ+uZq7TdvsL0FMaB/er5eBxVh1kCiwpQlKoWsA/p0AaJEYOK8kQtiPthAqEHvmNtu3AjqxzXLRKd6pPl4bY/ERAxzYCtjweVfh/WaGhHI5DTsyKj/9jBYHljQHECvItLAoaCVYkxJDk9jpe4bJFDfdCLeZiw69KGapXSdWRxJ/ehXiKhSdSQviMbWZYcD4EUG4qm+WHso9BVRY+KZZmKkh71K20tmeyPw9ai0vCgf03rzxgcfeEcZe7V5Vex9us2VKYRImxti4VMeK9+fhSiRK/VmCmbQch5Hqz+YkP9C61HmLsiQNP0n4WHyUCmGZA+njghFdHkj8d8CT/PZJ7UOIAvupl1b4fBlqJnxuQ24CJj1QXXkeD+Zz+eDZJ8RyEhfLM0ZVdN1N5M1kq3D4gbmWpMjFU79LHJxfMbPXcjT/7kg0G8iipgz/G4LE/prLeP+HgJAbHjf3+8yBQj/aF8fdeTO7B3h5DAf35uieUc0j5dn14fHto1F6nYtb1z/jeLHQNp4ZN+dY1iHuNCSQU+iY6rxZYw4mSMCbXWMSsHZXwkAFJw5JrhSNBqQgs2VsW2kZQyThkO2benQR3TmaTzC+UfaPgERnENkVagnpx/AM4m4GeHilv5sNgV3SmzigS33InkAXrU2ogiuL37kXzEt/wEHZ++sPSZCYhmSAtYuCplR9J9cgWLPgrTXm4irQcDDy39Eo3FA/mR9IjloU93y2iAMxz7f0dAvzzathlggTHGVgs5SdMZRwDFETlhC4lFjHAUUqZGTA7goVBWlI9gbuNYZqraCjQxucB0u8EI1znd4aaB/UN8YsMmkEfgouPWoQ6JIsno5kG01Ypnw7RHG0ZPTzs+uMAWNL48I6uGcz3/sjFdkorwx2yuaqcocRuhZE3zYyrLoUIic4m9PhmGWsTpfa2Y+WDfoJVL5sOvGnnWDp58xIDDFzlLod8ashF1lq
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-06-01T07:20:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--637c4f30-117e-41ba-a877-a5c4e8c07198",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-06-01T07:21:17.000Z",
"modified": "2022-06-01T07:21:17.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/gui/file/3206fe87e2874db37239d64779c1f504cfca528cef8f5c2214f8434b392aa25a",
"category": "External analysis",
"comment": "e07a5ab133d0e22fbb0a434653bf50a851031001: Enriched via the virustotal module",
"uuid": "6b759205-b220-44bc-9f7c-1c9c1aa1a7a9"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "37/69",
"category": "Other",
"comment": "e07a5ab133d0e22fbb0a434653bf50a851031001: Enriched via the virustotal module",
"uuid": "62a92f71-6d70-4b7e-a18a-6dc2aafef36d"
}
],
"x_misp_comment": "e07a5ab133d0e22fbb0a434653bf50a851031001: Enriched via the virustotal module",
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--39168d95-f1fc-4c13-ac90-4ac6e39b3fc8",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-06-01T07:21:17.000Z",
"modified": "2022-06-01T07:21:17.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/gui/url/01230a4cfe6238655e83d3185a7837282020336d2a35f58c664f094cfdf8fd55",
"category": "External analysis",
"comment": "e07a5ab133d0e22fbb0a434653bf50a851031001: Enriched via the virustotal module",
"uuid": "53e13c68-a552-4c6d-ac14-1b43c7ca2e1b"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "10/94",
"category": "Other",
"comment": "e07a5ab133d0e22fbb0a434653bf50a851031001: Enriched via the virustotal module",
"uuid": "894db7ab-ff00-43ce-a09c-2af414ebd6a2"
}
],
"x_misp_comment": "e07a5ab133d0e22fbb0a434653bf50a851031001: Enriched via the virustotal module",
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--3e847331-3f8d-4bb4-9196-5454be6c274b",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-06-01T07:21:17.000Z",
"modified": "2022-06-01T07:21:17.000Z",
"description": "e07a5ab133d0e22fbb0a434653bf50a851031001: Enriched via the virustotal module",
"pattern": "[url:value = 'http://coolrat.xyz/Client.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-06-01T07:21:17Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"url\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--03018ef9-6f30-4e0b-b7ec-315e4f471929",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-06-01T07:21:17.000Z",
"modified": "2022-06-01T07:21:17.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/gui/ip_address/20.62.24.77",
"category": "External analysis",
"comment": "e07a5ab133d0e22fbb0a434653bf50a851031001: Enriched via the virustotal module",
"uuid": "8678c2a5-54a0-4fa3-a6ce-05aa133f7247"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "0/91",
"category": "Other",
"comment": "e07a5ab133d0e22fbb0a434653bf50a851031001: Enriched via the virustotal module",
"uuid": "48a0da86-7e46-403b-893a-959bdd2a580d"
}
],
"x_misp_comment": "e07a5ab133d0e22fbb0a434653bf50a851031001: Enriched via the virustotal module",
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--70b7a5e1-3b48-4f49-ad9f-1a60606e5020",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-06-01T07:22:05.000Z",
"modified": "2022-06-01T07:22:05.000Z",
"labels": [
"misp:name=\"domain-ip\"",
"misp:meta-category=\"network\""
],
"x_misp_attributes": [
{
"type": "ip-dst",
"object_relation": "ip",
"value": "20.62.24.77",
"category": "Network activity",
"comment": "e07a5ab133d0e22fbb0a434653bf50a851031001: Enriched via the virustotal module",
"uuid": "4646e8b5-325c-49f9-b7f3-787341b30184"
}
],
"x_misp_comment": "e07a5ab133d0e22fbb0a434653bf50a851031001: Enriched via the virustotal module",
"x_misp_meta_category": "network",
"x_misp_name": "domain-ip"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--3f1d303a-8c58-42cd-899e-2c722f79d97d",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-06-01T07:31:17.000Z",
"modified": "2022-06-01T07:31:17.000Z",
"pattern": "[domain-name:value = 'coolrat.xyz']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-06-01T07:31:17Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"domain-ip\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--7d7e3ed7-667f-4adf-8f35-e5ede8dd8924",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-06-01T07:32:36.000Z",
"modified": "2022-06-01T07:32:36.000Z",
"pattern": "[file:hashes.MD5 = '14aff46aaffbad783974ba819dba6e41' AND file:hashes.SHA1 = '56951a72b332163d916046dd9c38e402f0ccd470' AND file:hashes.SHA256 = 'fc6a9b001b8b07437b221d70343259d51a6ec580c625be1648e3f6acf09146fc' AND file:hashes.SHA512 = '09edc30dbd5b21890ede1cfc7884a89a926635fcd11a4bda1a4823c3b26dc007d64506cbf8519f7cfdf49fdbaf801d88c95a77c01bf90b486992bb7051281cf0' AND file:hashes.SSDEEP = '192:om8jmiDKgJrYd6aZzAY+ptQoMMMMMMMMMMMMMMMMMMMMMMMo0BM0lkbt3YBMgupR:H89D/VS3+Pf4PKb8wy+C1S3hcXSbX' AND file:name = 'fc6a9b001b8b07437b221d70343259d51a6ec580c625be1648e3f6acf09146fc' AND file:size = '15218' AND (file:content_ref.payload_bin = 'UEsDBBQACQAIABI8wVT8K67GMCsAAHI7AAAgABwAMTRhZmY0NmFhZmZiYWQ3ODM5NzRiYTgxOWRiYTZlNDFVVAkAAxQWl2IUFpdidXgLAAEEIQAAAAQhAAAAvr78b/a7vz07jvd6NaQfuYkll0aF9PqgJ3NFgGzoos3TkSF8ItgusEDofB+VwfRBkzKxPSntLOYwIh7YFmR34ONhwn2sey6xd8RbDB25ycmIyV1CVNkWHw/2OGFdo0qNLKcHNc6GUj8jtyITlt2aEgYFogFW1pdpTWMQJ8nbyIJ2/sUx/L5j2G3CfreMCMfdnNqn7fPQvZWHFZAfU1QrczYKgGImVBo3ZA7hlRNRp40EQCHQvFyozy6/LYKtdhLe2RfUCAAEug0Avjj5Qc+JoC4oLd7aN5yLsaxwFhwoasRc32vf1YGY5xyIZcYLGLpd41nm4TmyO8EgmRhOvygsmwq9SrJE2EnYsw6gLL9OWRv745KXmukDCzLW0MH7VlfhIgflOSuIZoA8SEecqdhGP+5GGZmHH5bpbl6/Y4IjmCUelyFSc6zblRr81GNXoWxz3umUdNNmx/RIMC06kVu7P6G3BcakjzvUDH5FpdCvbQ4V6VZcaSNRcP1Nkzlw4MmhlHpN7Hr+djEVXTEATF9w9lLCeeZfpVtfmLlilNhjltKVvqSWborJQ8+9/MGPeL0USOk2PDigdVrhgj7cR6A8bc3XDfOrvfsGApz+f+qUVIz5das0Raz9jme2roc9V0hBXzdp1Cb5gsVEU/h0J+N3N9bj+Cz8upqhuVqmB+MfFOrqG8lQ1lgdCieNOnY6/L9M9yCVMCX1MxUOMp2EU5BcjyxTwgbLsgJqBHh7qtfieRmDoNhh2uyDciRfSGsIpJ92b5hf5pFKcXxL1lpbdg7W7Rb08WOCgktWPbLoxT2CAuNN92BGR2eIwZDjPU9D4Y7ptLr5WiTJNIBmH44NVUr3RK33AOSINjSXV3Pi/VIuyha34RL9+pRrjH0sc52hO8sUWFdQmWPxLE/Jem7u2TC5yB5dm9OAD2y2AL9HW/ks76yYes/f4PkacWy8POROke21Umu4jy0x07bVgqKCA8iriIcNseZe3dN5Q3EFt+qZvz280YKWqOS9LWTVgcOgdcoyhO/xxdVHoWhLTs4ilejcm7YOttc06VMtKxCZyQ1aVcVBG2CLlae6WWNxNqrv8ljZQdsQDHNVEfLNFqjhgCbm+cfXOKGkmc1gL+qg7e2RRigRPNOlhL2ZXDTmGgMN0TbM7H8cgvrcxcd9rQv9AvEVAC6KlCx/L/mQWHAaLD8cAKt1Oc+mcatpUseVP+kl7U9VKLaNg/vdiosLt3MwfzcFDSvbZXt4jf8QABp3sT8v2DOS2mEVPd1NIBKTKlGdK0e9Of+ifD8P2RsSA/ossOC+JDOasmz1r2rIZ5WV8cI0lE/I5lQc6hW1gnWKbweW9mKWg1LwkjgPLbxADBo9UwnB2UV2Y2QLgjzCmuNhBP/JaBvUggAZ08Qf9WolqQiR7PS63sWVE26otpo7YOx2xMinBGtOuZ/31qao77zB250P2EasItuZSisA5Gf3RJY1Et33WvkBHyHPChtUJSy30KmpJs7ADwjvHNIGndaM2/rbnX47t62mDzsOYx1bUvn5Ey3z/IgbcwtE/CRM1upY9YEovW5ajxooPeZgQHX6Qmf7K1lWkNDPxdTrVtMEGQsWFRkSyIZR7QzIPh/pW8299oO9P/16ETQYkeGjksz9sVB1e7LIrhvkpAlF0n7lb1iYf2Wn/aJWm51vxUVtmftZrYlaeKYt2tM826Rqv1bs8NmTK54MIZaXZL1N02fpwhq3GNXGmlknwd141+NI/NAbox1CkfbDV2axs9S8BB+xxV2KZ5EIMt0OyRvvM40KJgeA/kiy+y8ECMutcRaTvJ8b8YBoXDyN/Gz+fITrqcjzUUcFBj0jja0dYSyqP371z6wkc8praD0cNHKmh4VQ6n/C+XcPhp1CxcGzmGZEUFdQWe6MdoVQGXdZhqHlmf6iY+1D1kKxVoLVLEALK7y0eBxb/0mpL1s0QTJ+0VZRzzLpyK+EWGW63FZcEvqtpjYLW3Nuh0xeKSapD18+fgjxAFye3jBIwNKG+EPFmDPMU5fQ3bvAMHeoDfLbKGK5B2THbLtSlKnqcsHkpibuoUd/J5+MRjaNusNvSG2NOBonnLM8X0H/bTSR3CAOwOoxAo86YIHFQpT0PHW7FbzM8CoiYHsoHqyX3Ev9qGsiGiuMbSooYjuUpgcvvKDs754bXCbA9sg3PM63tgD2nmzGyUPYqCtT89u9NJ6fQBgPlH+7jxSh0mmj+Um4CtiRsEZ72ts1KSpmAAgfe2Un7qs+jUqr1pfdy/zHYDqFJNQjYiS8K+lEN5hjDeupl7lEKPe++Nc3tkDQ531xFbX6KFHAL63CR/y1MNqwG0CI01e2qwNYEbSCORdoPQpfkpiiaQxzGTECQBwtSOW8SlVl/4wH09ac27k5mU0qDb5YBrn/qEClmUT7ZC9YLpsZSFURcS8sJs+pMRoZPIjRwOjSu3yputQp7+BaJmUi/rCpbZItHyfoP2Dchh0sKesT5vElI2+OFStl/6OaodtNbrx7C6qWbHIIwc/xqWvaKZIVkzWfLqeP9fV4x2hIWuATpkE9ls7K0m5AADXISKbRDLGHz1jBFqY7Y1NI7enacbkXHI/mQZluZQwOamx3DV7g5i/VxEyBiLkius869ZAwTKvr6Uk0SNviNPtIqd2SAZGRxJZcV/4egyoZEwEzLhZmkjHR8I1Dsy7Lhs1ydeI/Q8otffsdeEvZiHkdXoWmqqro4MIqS7Cp4waMMYs0sAw5MNblfRacAkAHjU9AKCunRp64rHTxnFxnDTBMQwEWtK0pyeTb8d73Mw/aHe6VQV9NAAMwEJV0nuE5caWhABilb7XHJ7pwgJyOyThfGkJJ+eHrVJZHOCjCgbefx2KIxgd8Bw2Kvg4IDq52rUGJKcL+kmN26XT+qbXT3C7RZomo5CQeIrCLpxt9ZE7WyGsINlxFIOG2Q/Q/3dH8a2zcCgYhIaRz8z7yeo5ME9nQRxF7UW4TrXvbVGUczJ41KGl3nApmv97u+/MGxsRiGvAO1d69kStnoHKFNvHD3cWhu2IrDPh93g2i5PgBCeHtUDQX4slURP0i7nuAJJbXD9iURsmlAanJEy4LBu5z3ShG0MflCQQ7/gJU/1mihgl2Nx2Z3poGzrghUBFySu3ks4bXcY/4eg2ksFvsqiq+ET/SxnGVW9ZLhL2Q1KZmXHQ/uVFfqP5eI44ic8yjdw5vEWWkKx8kvoThWiZzgpOOOQV7l6rTfbQEXq9LKqBXbgXhdz3gyEbEDDEUwb4lvsYfdkhF4qrwxe6KxhMMNp/9I1DbhsUptk2p3j5Q0nJ/LgWIsSDZMlmdYvSE7
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-06-01T07:32:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--54301995-d1c3-4473-a555-4c3b6b96a95c",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-06-01T07:20:48.000Z",
"modified": "2022-06-01T07:20:48.000Z",
"pattern": "[file:extensions.'windows-pebinary-ext'.number_of_sections = '3' AND file:extensions.'windows-pebinary-ext'.pe_type = 'exe' AND file:extensions.'windows-pebinary-ext'.optional_header.address_of_entry_point = '4212166' AND file:extensions.'windows-pebinary-ext'.x_misp_compilation_timestamp = '2062-12-15T16:16:38+00:00' AND file:extensions.'windows-pebinary-ext'.x_misp_original_filename = 'ssapyb.exe' AND file:extensions.'windows-pebinary-ext'.x_misp_internal_filename = 'ssapyb.exe' AND file:extensions.'windows-pebinary-ext'.x_misp_file_description = 'ssapyb' AND file:extensions.'windows-pebinary-ext'.x_misp_file_version = '1.0.0.0' AND file:extensions.'windows-pebinary-ext'.x_misp_lang_id = '000004b0' AND file:extensions.'windows-pebinary-ext'.x_misp_product_name = 'ssapyb' AND file:extensions.'windows-pebinary-ext'.x_misp_product_version = '1.0.0.0' AND file:extensions.'windows-pebinary-ext'.x_misp_legal_copyright = 'Copyright \u00a9 2022']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2022-06-01T07:20:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"pe\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--a6a4523b-bbc4-4ef1-9a20-79ccdfe72438",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-06-01T07:20:48.000Z",
"modified": "2022-06-01T07:20:48.000Z",
"labels": [
"misp:name=\"pe-section\"",
"misp:meta-category=\"file\""
],
"x_misp_attributes": [
{
"type": "text",
"object_relation": "name",
"value": ".text",
"category": "Other",
"uuid": "3354703e-1b68-4e69-b23b-b0f5fd24ab1e"
},
{
"type": "size-in-bytes",
"object_relation": "size-in-bytes",
"value": "242688",
"category": "Other",
"uuid": "47061638-cfb5-48d1-af10-b3cab39ccf40"
},
{
"type": "float",
"object_relation": "entropy",
"value": "7.986983162408",
"category": "Other",
"uuid": "e6861033-625c-4206-b251-86af6e752cfe"
},
{
"type": "md5",
"object_relation": "md5",
"value": "748d499d87e7ad7fa3ed3b009047819e",
"category": "Payload delivery",
"to_ids": true,
"uuid": "eb8773ff-d849-4c4e-81a9-afc42d4ae5aa"
},
{
"type": "sha1",
"object_relation": "sha1",
"value": "6d9480e53cd193a4fb367bb4c8c5488f6ae23e49",
"category": "Payload delivery",
"to_ids": true,
"uuid": "47263e16-ba87-4f86-af47-f6abe08d2faf"
},
{
"type": "sha256",
"object_relation": "sha256",
"value": "c0983e2f5fb8af3705f3d15ca5088851268b45f19d8b3af233074577fecd05f2",
"category": "Payload delivery",
"to_ids": true,
"uuid": "11aea04e-ba3e-4cc6-8e5c-597f22a4b4cd"
},
{
"type": "sha512",
"object_relation": "sha512",
"value": "ab376927339bccceafb2319943488eafdbeabe5d7fadce124cd533fb800fc35e968541ee748ff3d5c00dbfadd13cf6bf4bf324179cb66487751183d8bb89dc60",
"category": "Payload delivery",
"to_ids": true,
"uuid": "4bdac1ac-ba7c-4a51-861a-be39feeb5b4f"
},
{
"type": "ssdeep",
"object_relation": "ssdeep",
"value": "6144:oS1Y14+vsB/IaggtLnFNvM75DmPYvdP1BGIi20:oS1V1IRgtLnLqcwv1v0",
"category": "Payload delivery",
"to_ids": true,
"uuid": "b75a1e0c-c396-4174-803c-06641e730e28"
}
],
"x_misp_meta_category": "file",
"x_misp_name": "pe-section"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--b06c9bdf-72de-482c-b286-a5324007a390",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-06-01T07:20:48.000Z",
"modified": "2022-06-01T07:20:48.000Z",
"labels": [
"misp:name=\"pe-section\"",
"misp:meta-category=\"file\""
],
"x_misp_attributes": [
{
"type": "text",
"object_relation": "name",
"value": ".rsrc",
"category": "Other",
"uuid": "97587851-4f4f-4ac8-b11b-7acae7bb3380"
},
{
"type": "size-in-bytes",
"object_relation": "size-in-bytes",
"value": "1536",
"category": "Other",
"uuid": "b1bfb102-44ab-4700-9749-618ea1ca7642"
},
{
"type": "float",
"object_relation": "entropy",
"value": "4.2376045113149",
"category": "Other",
"uuid": "5e539db7-3265-4524-aae9-fb77de740b91"
},
{
"type": "md5",
"object_relation": "md5",
"value": "addbcfbd8863440f69633bc4d4174cc9",
"category": "Payload delivery",
"to_ids": true,
"uuid": "227afaec-8a65-4097-9595-afcc6e4969f7"
},
{
"type": "sha1",
"object_relation": "sha1",
"value": "e228889c7d51e9c460ec7105076384374c8d111e",
"category": "Payload delivery",
"to_ids": true,
"uuid": "fa2eaa25-49a8-4297-97ef-54d44aaf1c78"
},
{
"type": "sha256",
"object_relation": "sha256",
"value": "1d5012ef474c7c47eaa5a32c2742914774858a0ca1e1a2cace8267c599f9d3ab",
"category": "Payload delivery",
"to_ids": true,
"uuid": "6d50239a-eba0-4e8c-9490-29ed7f5a3ea5"
},
{
"type": "sha512",
"object_relation": "sha512",
"value": "fa4d75afd981d76a68327bcce8e91b6aac7f8bab4af1724c8dfc3754d5ab56ff7b2b3fdcc69a23cb7af0b58a2c36b00f1ee3a9a815d484689345f45b47da6791",
"category": "Payload delivery",
"to_ids": true,
"uuid": "214583fa-da7d-496d-a9de-e33874192a78"
},
{
"type": "ssdeep",
"object_relation": "ssdeep",
"value": "24:1RXs10ytDM4ZhNLAXCzh3f3EPN8q79pdtj+lEbNFjMyi06:1ZsFto4lLzh3vEF7FpfbNtmD",
"category": "Payload delivery",
"to_ids": true,
"uuid": "0778abde-4334-4b02-8f3a-93aae4b883f3"
}
],
"x_misp_meta_category": "file",
"x_misp_name": "pe-section"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--861a5640-fd98-4d32-a63d-ad22fa5d1bbf",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2022-06-01T07:20:48.000Z",
"modified": "2022-06-01T07:20:48.000Z",
"labels": [
"misp:name=\"pe-section\"",
"misp:meta-category=\"file\""
],
"x_misp_attributes": [
{
"type": "text",
"object_relation": "name",
"value": ".reloc",
"category": "Other",
"uuid": "90ca6422-327c-4fbe-b56f-9d097c09c9b7"
},
{
"type": "size-in-bytes",
"object_relation": "size-in-bytes",
"value": "512",
"category": "Other",
"uuid": "386f289b-ce6e-4fbd-9d18-cb41f3c4ee4d"
},
{
"type": "float",
"object_relation": "entropy",
"value": "1.5849625007212",
"category": "Other",
"uuid": "222edd98-6550-4f94-9a15-eede00fcdabd"
},
{
"type": "md5",
"object_relation": "md5",
"value": "941e632f8bdd05b1ce847314e9665e5e",
"category": "Payload delivery",
"to_ids": true,
"uuid": "2b018411-ebd5-441e-bf7f-161962ce4f6b"
},
{
"type": "sha1",
"object_relation": "sha1",
"value": "b04baf4c43bf9e82a7973578d0a6fe2923274fb4",
"category": "Payload delivery",
"to_ids": true,
"uuid": "9c4ef189-d4f9-4686-8cf0-437e66389f34"
},
{
"type": "sha256",
"object_relation": "sha256",
"value": "2dc1777a724b8e416807779ab80c3fd747ecf0b53f1335e2d74a8c30337b69f0",
"category": "Payload delivery",
"to_ids": true,
"uuid": "9986d7d9-7f4d-4f87-ac41-83ac6212460e"
},
{
"type": "sha512",
"object_relation": "sha512",
"value": "b934d6b5ab72156d37c4e1a461de4f21fb7bd21f1cc06ae0396e4272b99b10fc179caeb864a5346829ffee322bddcf8b57071b8f1401f1a1a8bea5d651268370",
"category": "Payload delivery",
"to_ids": true,
"uuid": "039f5eb0-c022-45cf-8e7a-b7a569353152"
},
{
"type": "ssdeep",
"object_relation": "ssdeep",
"value": "3:7llGl:Sl",
"category": "Payload delivery",
"to_ids": true,
"uuid": "9e6b26bc-38ce-4215-9f55-c759d14d713c"
}
],
"x_misp_meta_category": "file",
"x_misp_name": "pe-section"
},
{
"type": "relationship",
"spec_version": "2.1",
chg: [feeds] updated
2024-08-07 08:13:15 +00:00
"id": "relationship--9a00cc75-e21a-4ec3-ac99-ab543120c228",
chg: [misp-stix] STIX 2.1 export added
2023-04-21 14:44:17 +00:00
"created": "2022-06-01T07:18:31.000Z",
"modified": "2022-06-01T07:18:31.000Z",
"relationship_type": "references",
"source_ref": "x-misp-object--720e9bd3-147a-4de6-8f78-3cebf19df900",
"target_ref": "indicator--f02c6f09-7ff7-4ac1-a87c-d5c3ee629c67"
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
]
}
Reference in a new issue Copy permalink