{ "type": "bundle", "id": "bundle--5b3b7b62-5728-4980-937b-40240acd0835", "objects": [ { "type": "identity", "spec_version": "2.1", "id": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a", "created": "2018-07-03T13:39:23.000Z", "modified": "2018-07-03T13:39:23.000Z", "name": "Synovus Financial", "identity_class": "organization" }, { "type": "report", "spec_version": "2.1", "id": "report--5b3b7b62-5728-4980-937b-40240acd0835", "created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a", "created": "2018-07-03T13:39:23.000Z", "modified": "2018-07-03T13:39:23.000Z", "name": "Clipboard CryptoCoin Hijacker", "published": "2018-07-03T13:39:51Z", "object_refs": [ "indicator--5b3b7bda-702c-45b3-831a-024a0acd0835", "indicator--5b3b7bda-c67c-4e90-8a40-024a0acd0835", "indicator--5b3b7bda-6d70-4225-b6ad-024a0acd0835", "indicator--5b3b7bda-e698-4e7c-86fa-024a0acd0835", "indicator--5b3b7bda-cbb0-4075-9c70-024a0acd0835", "indicator--5b3b7bda-2b64-42b1-b364-024a0acd0835", "indicator--5b3b7bda-5fe0-459b-8a68-024a0acd0835", "indicator--5b3b7bda-fcec-4230-94ba-024a0acd0835", "indicator--5b3b7bda-d310-4dcb-be70-024a0acd0835", "indicator--5b3b7bda-cb08-43c7-a5aa-024a0acd0835", "indicator--5b3b7bdb-fe10-4c9d-af40-024a0acd0835", "observed-data--5b3b7bf5-c840-40dd-ac6d-28b70acd0835", "windows-registry-key--5b3b7bf5-c840-40dd-ac6d-28b70acd0835", "observed-data--5b3b7bf5-f378-43e3-b6f5-28b70acd0835", "windows-registry-key--5b3b7bf5-f378-43e3-b6f5-28b70acd0835", "observed-data--5b3b7bf5-0998-428e-b04f-28b70acd0835", "windows-registry-key--5b3b7bf5-0998-428e-b04f-28b70acd0835", "observed-data--5b3b7bf5-1978-4c09-995a-28b70acd0835", "windows-registry-key--5b3b7bf5-1978-4c09-995a-28b70acd0835", "observed-data--5b3b7bf5-2764-426d-998b-28b70acd0835", "windows-registry-key--5b3b7bf5-2764-426d-998b-28b70acd0835", "observed-data--5b3b7bf5-3294-4b11-92e1-28b70acd0835", "windows-registry-key--5b3b7bf5-3294-4b11-92e1-28b70acd0835", "observed-data--5b3b7bf5-4788-4c49-9e44-28b70acd0835", "windows-registry-key--5b3b7bf5-4788-4c49-9e44-28b70acd0835", "observed-data--5b3b7bf5-4ed0-48e1-98be-28b70acd0835", "windows-registry-key--5b3b7bf5-4ed0-48e1-98be-28b70acd0835", "observed-data--5b3b7bf5-5230-4d33-bb44-28b70acd0835", "windows-registry-key--5b3b7bf5-5230-4d33-bb44-28b70acd0835", "observed-data--5b3b7bf5-4e24-4424-bf77-28b70acd0835", "windows-registry-key--5b3b7bf5-4e24-4424-bf77-28b70acd0835", "observed-data--5b3b7bf5-5e68-475b-bb2f-28b70acd0835", "windows-registry-key--5b3b7bf5-5e68-475b-bb2f-28b70acd0835", "observed-data--5b3b7bf5-5ea8-4f33-8ddf-28b70acd0835", "windows-registry-key--5b3b7bf5-5ea8-4f33-8ddf-28b70acd0835", "observed-data--5b3b7bf5-7464-428d-bd37-28b70acd0835", "windows-registry-key--5b3b7bf5-7464-428d-bd37-28b70acd0835", "observed-data--5b3b7bf5-93e4-4134-8ab3-28b70acd0835", "windows-registry-key--5b3b7bf5-93e4-4134-8ab3-28b70acd0835", "observed-data--5b3b7bf5-a6e4-4316-a19e-28b70acd0835", "windows-registry-key--5b3b7bf5-a6e4-4316-a19e-28b70acd0835", "observed-data--5b3b7bf5-b5fc-41d6-b3a7-28b70acd0835", "windows-registry-key--5b3b7bf5-b5fc-41d6-b3a7-28b70acd0835", "observed-data--5b3b7bf5-b768-43cb-8995-28b70acd0835", "windows-registry-key--5b3b7bf5-b768-43cb-8995-28b70acd0835", "observed-data--5b3b7bf5-d9a4-40e4-b86f-28b70acd0835", "windows-registry-key--5b3b7bf5-d9a4-40e4-b86f-28b70acd0835", "observed-data--5b3b7bf5-fa50-44a7-b755-28b70acd0835", "windows-registry-key--5b3b7bf5-fa50-44a7-b755-28b70acd0835", "observed-data--5b3b7c72-4be0-49cf-94eb-28b50acd0835", "url--5b3b7c72-4be0-49cf-94eb-28b50acd0835" ], "labels": [ "Threat-Report", "misp:tool=\"MISP-STIX-Converter\"" ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5b3b7bda-702c-45b3-831a-024a0acd0835", "created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a", "created": "2018-07-03T13:36:26.000Z", "modified": "2018-07-03T13:36:26.000Z", "description": "Megasync.exe/allradio_4.27_portable.exe", "pattern": "[file:hashes.SHA256 = '9d891048dddda8a65de966c71f81464b20e402766aaee8a284da8d25c98270bd']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-07-03T13:36:26Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5b3b7bda-c67c-4e90-8a40-024a0acd0835", "created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a", "created": "2018-07-03T13:36:26.000Z", "modified": "2018-07-03T13:36:26.000Z", "description": "Clipboard CryptoCoin Hijacker, d3dx11_31.dll", "pattern": "[file:hashes.SHA256 = '48b66dd02a336eb049a784b3fd1beb5312fb8c078b3729d49e92e3e986c98e91']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-07-03T13:36:26Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5b3b7bda-6d70-4225-b6ad-024a0acd0835", "created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a", "created": "2018-07-03T13:36:26.000Z", "modified": "2018-07-03T13:36:26.000Z", "description": "Logger.exe", "pattern": "[file:hashes.SHA256 = '0cc32e6e6a407b2b69e1d89b3f005eecc54e238104725dcdcc8d3fc09c109bb4']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-07-03T13:36:26Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5b3b7bda-e698-4e7c-86fa-024a0acd0835", "created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a", "created": "2018-07-03T13:36:26.000Z", "modified": "2018-07-03T13:36:26.000Z", "description": "Injected miner", "pattern": "[file:hashes.SHA256 = 'cf8ef10678e63ffd02a5a35c84461d0195e0eed234bf9328eede52f3bef0e5f7']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-07-03T13:36:26Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5b3b7bda-cbb0-4075-9c70-024a0acd0835", "created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a", "created": "2018-07-03T13:36:26.000Z", "modified": "2018-07-03T13:36:26.000Z", "description": "Hidden Service", "pattern": "[file:hashes.SHA256 = '2e23ab52259e45eaced300811a6d6795db719b029d06b08ca7bac7d86cc289ad']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-07-03T13:36:26Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5b3b7bda-2b64-42b1-b364-024a0acd0835", "created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a", "created": "2018-07-03T13:36:26.000Z", "modified": "2018-07-03T13:36:26.000Z", "description": "Satamon.exe", "pattern": "[file:hashes.SHA256 = '2c3eae980a88e7bb6a91f2b466856f612f34b8a37fac46bbbb52c0af0e695488']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-07-03T13:36:26Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5b3b7bda-5fe0-459b-8a68-024a0acd0835", "created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a", "created": "2018-07-03T13:36:26.000Z", "modified": "2018-07-03T13:36:26.000Z", "pattern": "[file:hashes.SHA256 = 'ffdc286711557df5f0bfd6a96744e93633d13fe45c02c240d5d6cf7531b21847']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-07-03T13:36:26Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"", "Adware" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5b3b7bda-fcec-4230-94ba-024a0acd0835", "created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a", "created": "2018-07-03T13:36:26.000Z", "modified": "2018-07-03T13:36:26.000Z", "pattern": "[file:hashes.SHA256 = '20bdef6e68bbec5ddeb7b893a9b4f387adbf2ee304963e905d98116a57334a41']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-07-03T13:36:26Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"", "Adware" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5b3b7bda-d310-4dcb-be70-024a0acd0835", "created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a", "created": "2018-07-03T13:36:26.000Z", "modified": "2018-07-03T13:36:26.000Z", "description": "Temp downloader", "pattern": "[file:hashes.SHA256 = 'acf810c7bb3961fd42f5925fcd4417cb812eb6fdaad00c98830c522d54c7f6eb']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-07-03T13:36:26Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5b3b7bda-cb08-43c7-a5aa-024a0acd0835", "created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a", "created": "2018-07-03T13:36:26.000Z", "modified": "2018-07-03T13:36:26.000Z", "description": "Temp downloader", "pattern": "[file:hashes.SHA256 = '084d4811c47a5dc36df59bfaf477e1f0bf3a9b3901877de1d1548c3343d1e4d6']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-07-03T13:36:26Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5b3b7bdb-fe10-4c9d-af40-024a0acd0835", "created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a", "created": "2018-07-03T13:36:27.000Z", "modified": "2018-07-03T13:36:27.000Z", "description": "Temp downloader", "pattern": "[file:hashes.SHA256 = 'ea92702d5fe168a57ccf5abbe6b9f5eca25f039e111db4b010183aa6909c38d2']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-07-03T13:36:27Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5b3b7bf5-c840-40dd-ac6d-28b70acd0835", "created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a", "created": "2018-07-03T13:36:53.000Z", "modified": "2018-07-03T13:36:53.000Z", "first_observed": "2018-07-03T13:36:53Z", "last_observed": "2018-07-03T13:36:53Z", "number_observed": 1, "object_refs": [ "windows-registry-key--5b3b7bf5-c840-40dd-ac6d-28b70acd0835" ], "labels": [ "misp:type=\"regkey\"", "misp:category=\"Persistence mechanism\"" ] }, { "type": "windows-registry-key", "spec_version": "2.1", "id": "windows-registry-key--5b3b7bf5-c840-40dd-ac6d-28b70acd0835", "key": "HKCU\\Software\\All-Radio" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5b3b7bf5-f378-43e3-b6f5-28b70acd0835", "created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a", "created": "2018-07-03T13:36:53.000Z", "modified": "2018-07-03T13:36:53.000Z", "first_observed": "2018-07-03T13:36:53Z", "last_observed": "2018-07-03T13:36:53Z", "number_observed": 1, "object_refs": [ "windows-registry-key--5b3b7bf5-f378-43e3-b6f5-28b70acd0835" ], "labels": [ "misp:type=\"regkey\"", "misp:category=\"Persistence mechanism\"" ] }, { "type": "windows-registry-key", "spec_version": "2.1", "id": "windows-registry-key--5b3b7bf5-f378-43e3-b6f5-28b70acd0835", "key": "HKCU\\Software\\All-Radio\\Settings" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5b3b7bf5-0998-428e-b04f-28b70acd0835", "created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a", "created": "2018-07-03T13:36:53.000Z", "modified": "2018-07-03T13:36:53.000Z", "first_observed": "2018-07-03T13:36:53Z", "last_observed": "2018-07-03T13:36:53Z", "number_observed": 1, "object_refs": [ "windows-registry-key--5b3b7bf5-0998-428e-b04f-28b70acd0835" ], "labels": [ "misp:type=\"regkey\"", "misp:category=\"Persistence mechanism\"" ] }, { "type": "windows-registry-key", "spec_version": "2.1", "id": "windows-registry-key--5b3b7bf5-0998-428e-b04f-28b70acd0835", "key": "HKCU\\Software\\All-Radio\\Settings\\TimeStamp\t914BE45509E88CBE12C9C147B92F8928" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5b3b7bf5-1978-4c09-995a-28b70acd0835", "created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a", "created": "2018-07-03T13:36:53.000Z", "modified": "2018-07-03T13:36:53.000Z", "first_observed": "2018-07-03T13:36:53Z", "last_observed": "2018-07-03T13:36:53Z", "number_observed": 1, "object_refs": [ "windows-registry-key--5b3b7bf5-1978-4c09-995a-28b70acd0835" ], "labels": [ "misp:type=\"regkey\"", "misp:category=\"Persistence mechanism\"" ] }, { "type": "windows-registry-key", "spec_version": "2.1", "id": "windows-registry-key--5b3b7bf5-1978-4c09-995a-28b70acd0835", "key": "HKCU\\Software\\All-Radio\\Settings\\CurrentLanguage\tEnglish" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5b3b7bf5-2764-426d-998b-28b70acd0835", "created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a", "created": "2018-07-03T13:36:53.000Z", "modified": "2018-07-03T13:36:53.000Z", "first_observed": "2018-07-03T13:36:53Z", "last_observed": "2018-07-03T13:36:53Z", "number_observed": 1, "object_refs": [ "windows-registry-key--5b3b7bf5-2764-426d-998b-28b70acd0835" ], "labels": [ "misp:type=\"regkey\"", "misp:category=\"Persistence mechanism\"" ] }, { "type": "windows-registry-key", "spec_version": "2.1", "id": "windows-registry-key--5b3b7bf5-2764-426d-998b-28b70acd0835", "key": "HKCU\\Software\\All-Radio\\Settings\\skin name\tCold" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5b3b7bf5-3294-4b11-92e1-28b70acd0835", "created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a", "created": "2018-07-03T13:36:53.000Z", "modified": "2018-07-03T13:36:53.000Z", "first_observed": "2018-07-03T13:36:53Z", "last_observed": "2018-07-03T13:36:53Z", "number_observed": 1, "object_refs": [ "windows-registry-key--5b3b7bf5-3294-4b11-92e1-28b70acd0835" ], "labels": [ "misp:type=\"regkey\"", "misp:category=\"Persistence mechanism\"" ] }, { "type": "windows-registry-key", "spec_version": "2.1", "id": "windows-registry-key--5b3b7bf5-3294-4b11-92e1-28b70acd0835", "key": "HKCU\\Software\\All-Radio\\Settings\\color\t0" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5b3b7bf5-4788-4c49-9e44-28b70acd0835", "created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a", "created": "2018-07-03T13:36:53.000Z", "modified": "2018-07-03T13:36:53.000Z", "first_observed": "2018-07-03T13:36:53Z", "last_observed": "2018-07-03T13:36:53Z", "number_observed": 1, "object_refs": [ "windows-registry-key--5b3b7bf5-4788-4c49-9e44-28b70acd0835" ], "labels": [ "misp:type=\"regkey\"", "misp:category=\"Persistence mechanism\"" ] }, { "type": "windows-registry-key", "spec_version": "2.1", "id": "windows-registry-key--5b3b7bf5-4788-4c49-9e44-28b70acd0835", "key": "HKCU\\Software\\All-Radio\\Settings\\saturation\t0" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5b3b7bf5-4ed0-48e1-98be-28b70acd0835", "created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a", "created": "2018-07-03T13:36:53.000Z", "modified": "2018-07-03T13:36:53.000Z", "first_observed": "2018-07-03T13:36:53Z", "last_observed": "2018-07-03T13:36:53Z", "number_observed": 1, "object_refs": [ "windows-registry-key--5b3b7bf5-4ed0-48e1-98be-28b70acd0835" ], "labels": [ "misp:type=\"regkey\"", "misp:category=\"Persistence mechanism\"" ] }, { "type": "windows-registry-key", "spec_version": "2.1", "id": "windows-registry-key--5b3b7bf5-4ed0-48e1-98be-28b70acd0835", "key": "HKCU\\Software\\All-Radio\\Settings\\use skin\t1" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5b3b7bf5-5230-4d33-bb44-28b70acd0835", "created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a", "created": "2018-07-03T13:36:53.000Z", "modified": "2018-07-03T13:36:53.000Z", "first_observed": "2018-07-03T13:36:53Z", "last_observed": "2018-07-03T13:36:53Z", "number_observed": 1, "object_refs": [ "windows-registry-key--5b3b7bf5-5230-4d33-bb44-28b70acd0835" ], "labels": [ "misp:type=\"regkey\"", "misp:category=\"Persistence mechanism\"" ] }, { "type": "windows-registry-key", "spec_version": "2.1", "id": "windows-registry-key--5b3b7bf5-5230-4d33-bb44-28b70acd0835", "key": "HKCU\\Software\\All-Radio\\Settings\\CurrentServer\thttp://www.radioserver2.com/" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5b3b7bf5-4e24-4424-bf77-28b70acd0835", "created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a", "created": "2018-07-03T13:36:53.000Z", "modified": "2018-07-03T13:36:53.000Z", "first_observed": "2018-07-03T13:36:53Z", "last_observed": "2018-07-03T13:36:53Z", "number_observed": 1, "object_refs": [ "windows-registry-key--5b3b7bf5-4e24-4424-bf77-28b70acd0835" ], "labels": [ "misp:type=\"regkey\"", "misp:category=\"Persistence mechanism\"" ] }, { "type": "windows-registry-key", "spec_version": "2.1", "id": "windows-registry-key--5b3b7bf5-4e24-4424-bf77-28b70acd0835", "key": "HKCU\\Software\\All-Radio\\Settings\\ServersCount\t8" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5b3b7bf5-5e68-475b-bb2f-28b70acd0835", "created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a", "created": "2018-07-03T13:36:53.000Z", "modified": "2018-07-03T13:36:53.000Z", "first_observed": "2018-07-03T13:36:53Z", "last_observed": "2018-07-03T13:36:53Z", "number_observed": 1, "object_refs": [ "windows-registry-key--5b3b7bf5-5e68-475b-bb2f-28b70acd0835" ], "labels": [ "misp:type=\"regkey\"", "misp:category=\"Persistence mechanism\"" ] }, { "type": "windows-registry-key", "spec_version": "2.1", "id": "windows-registry-key--5b3b7bf5-5e68-475b-bb2f-28b70acd0835", "key": "HKCU\\Software\\All-Radio\\Settings\\resize\t1" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5b3b7bf5-5ea8-4f33-8ddf-28b70acd0835", "created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a", "created": "2018-07-03T13:36:53.000Z", "modified": "2018-07-03T13:36:53.000Z", "first_observed": "2018-07-03T13:36:53Z", "last_observed": "2018-07-03T13:36:53Z", "number_observed": 1, "object_refs": [ "windows-registry-key--5b3b7bf5-5ea8-4f33-8ddf-28b70acd0835" ], "labels": [ "misp:type=\"regkey\"", "misp:category=\"Persistence mechanism\"" ] }, { "type": "windows-registry-key", "spec_version": "2.1", "id": "windows-registry-key--5b3b7bf5-5ea8-4f33-8ddf-28b70acd0835", "key": "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Run\\agwpyjho\t\"%USERPROFILE%\\gidulfmf.exe\"" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5b3b7bf5-7464-428d-bd37-28b70acd0835", "created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a", "created": "2018-07-03T13:36:53.000Z", "modified": "2018-07-03T13:36:53.000Z", "first_observed": "2018-07-03T13:36:53Z", "last_observed": "2018-07-03T13:36:53Z", "number_observed": 1, "object_refs": [ "windows-registry-key--5b3b7bf5-7464-428d-bd37-28b70acd0835" ], "labels": [ "misp:type=\"regkey\"", "misp:category=\"Persistence mechanism\"" ] }, { "type": "windows-registry-key", "spec_version": "2.1", "id": "windows-registry-key--5b3b7bf5-7464-428d-bd37-28b70acd0835", "key": "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Run\\DirectX 11\trundll32 %Temp%\\d3dx11_31.dll,includes_func_runnded" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5b3b7bf5-93e4-4134-8ab3-28b70acd0835", "created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a", "created": "2018-07-03T13:36:53.000Z", "modified": "2018-07-03T13:36:53.000Z", "first_observed": "2018-07-03T13:36:53Z", "last_observed": "2018-07-03T13:36:53Z", "number_observed": 1, "object_refs": [ "windows-registry-key--5b3b7bf5-93e4-4134-8ab3-28b70acd0835" ], "labels": [ "misp:type=\"regkey\"", "misp:category=\"Persistence mechanism\"" ] }, { "type": "windows-registry-key", "spec_version": "2.1", "id": "windows-registry-key--5b3b7bf5-93e4-4134-8ab3-28b70acd0835", "key": "HKLM\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{E50B01A9-6717-4321-B6C1-3444E35D4419}" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5b3b7bf5-a6e4-4316-a19e-28b70acd0835", "created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a", "created": "2018-07-03T13:36:53.000Z", "modified": "2018-07-03T13:36:53.000Z", "first_observed": "2018-07-03T13:36:53Z", "last_observed": "2018-07-03T13:36:53Z", "number_observed": 1, "object_refs": [ "windows-registry-key--5b3b7bf5-a6e4-4316-a19e-28b70acd0835" ], "labels": [ "misp:type=\"regkey\"", "misp:category=\"Persistence mechanism\"" ] }, { "type": "windows-registry-key", "spec_version": "2.1", "id": "windows-registry-key--5b3b7bf5-a6e4-4316-a19e-28b70acd0835", "key": "HKLM\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{E50B01A9-6717-4321-B6C1-3444E35D4419}\\Path\t\\Opera scheduled Autoupdate 1427321617" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5b3b7bf5-b5fc-41d6-b3a7-28b70acd0835", "created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a", "created": "2018-07-03T13:36:53.000Z", "modified": "2018-07-03T13:36:53.000Z", "first_observed": "2018-07-03T13:36:53Z", "last_observed": "2018-07-03T13:36:53Z", "number_observed": 1, "object_refs": [ "windows-registry-key--5b3b7bf5-b5fc-41d6-b3a7-28b70acd0835" ], "labels": [ "misp:type=\"regkey\"", "misp:category=\"Persistence mechanism\"" ] }, { "type": "windows-registry-key", "spec_version": "2.1", "id": "windows-registry-key--5b3b7bf5-b5fc-41d6-b3a7-28b70acd0835", "key": "HKLM\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{E50B01A9-6717-4321-B6C1-3444E35D4419}\\Hash\tBINARY SIZE=32 MD5=5520F781167B06815EF8BD54DD186F9C" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5b3b7bf5-b768-43cb-8995-28b70acd0835", "created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a", "created": "2018-07-03T13:36:53.000Z", "modified": "2018-07-03T13:36:53.000Z", "first_observed": "2018-07-03T13:36:53Z", "last_observed": "2018-07-03T13:36:53Z", "number_observed": 1, "object_refs": [ "windows-registry-key--5b3b7bf5-b768-43cb-8995-28b70acd0835" ], "labels": [ "misp:type=\"regkey\"", "misp:category=\"Persistence mechanism\"" ] }, { "type": "windows-registry-key", "spec_version": "2.1", "id": "windows-registry-key--5b3b7bf5-b768-43cb-8995-28b70acd0835", "key": "HKLM\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{E50B01A9-6717-4321-B6C1-3444E35D4419}\\Triggers\tBINARY SIZE=352 MD5=83356B89B15EAB067435487A7B92FDBE" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5b3b7bf5-d9a4-40e4-b86f-28b70acd0835", "created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a", "created": "2018-07-03T13:36:53.000Z", "modified": "2018-07-03T13:36:53.000Z", "first_observed": "2018-07-03T13:36:53Z", "last_observed": "2018-07-03T13:36:53Z", "number_observed": 1, "object_refs": [ "windows-registry-key--5b3b7bf5-d9a4-40e4-b86f-28b70acd0835" ], "labels": [ "misp:type=\"regkey\"", "misp:category=\"Persistence mechanism\"" ] }, { "type": "windows-registry-key", "spec_version": "2.1", "id": "windows-registry-key--5b3b7bf5-d9a4-40e4-b86f-28b70acd0835", "key": "HKLM\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{E50B01A9-6717-4321-B6C1-3444E35D4419}\\DynamicInfo\tBINARY SIZE=28 MD5=3068A03846DFF3649992C32FBA75E688" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5b3b7bf5-fa50-44a7-b755-28b70acd0835", "created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a", "created": "2018-07-03T13:36:53.000Z", "modified": "2018-07-03T13:36:53.000Z", "first_observed": "2018-07-03T13:36:53Z", "last_observed": "2018-07-03T13:36:53Z", "number_observed": 1, "object_refs": [ "windows-registry-key--5b3b7bf5-fa50-44a7-b755-28b70acd0835" ], "labels": [ "misp:type=\"regkey\"", "misp:category=\"Persistence mechanism\"" ] }, { "type": "windows-registry-key", "spec_version": "2.1", "id": "windows-registry-key--5b3b7bf5-fa50-44a7-b755-28b70acd0835", "key": "HKLM\\SOFTWARE\\Microsoft\\Windows Defender\\Exclusions\\Paths\\%WINDIR%\\SysWOW64\\kqgzitry\t0" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5b3b7c72-4be0-49cf-94eb-28b50acd0835", "created_by_ref": "identity--5a68c02d-959c-4c8a-a571-0dcac0a8060a", "created": "2018-07-03T13:39:06.000Z", "modified": "2018-07-03T13:39:06.000Z", "first_observed": "2018-07-03T13:39:06Z", "last_observed": "2018-07-03T13:39:06Z", "number_observed": 1, "object_refs": [ "url--5b3b7c72-4be0-49cf-94eb-28b50acd0835" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"", "osint:source-type=\"blog-post\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--5b3b7c72-4be0-49cf-94eb-28b50acd0835", "value": "https://www.bleepingcomputer.com/news/security/all-radio-427-portable-cant-be-removed-then-your-pc-is-severely-infected/" }, { "type": "marking-definition", "spec_version": "2.1", "id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9", "created": "2017-01-20T00:00:00.000Z", "definition_type": "tlp", "name": "TLP:WHITE", "definition": { "tlp": "white" } } ] }