misp-circl-feed/feeds/circl/stix-2.1/5b265497-b458-4c11-a57c-45db02de0b81.json

3566 lines
No EOL
152 KiB
JSON

{
"type": "bundle",
"id": "bundle--5b265497-b458-4c11-a57c-45db02de0b81",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-06-17T12:46:47.000Z",
"modified": "2018-06-17T12:46:47.000Z",
"name": "CIRCL",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--5b265497-b458-4c11-a57c-45db02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-06-17T12:46:47.000Z",
"modified": "2018-06-17T12:46:47.000Z",
"name": "Malware Analysis Report (AR18-165A) MAR-10135536-12 \u00e2\u20ac\u201c North Korean Trojan: TYPEFRAME",
"published": "2018-06-17T13:00:35Z",
"object_refs": [
"indicator--eb2fc06f-a0a1-4f4a-bea3-adab040d70ff",
"indicator--7c86a82b-ba54-4ff1-8705-e11f3f7141e7",
"indicator--7ee15758-a1b1-430e-9c0d-99de31050d3f",
"indicator--2735b91e-6dfa-4588-a0d6-28fb8d167d7e",
"indicator--0987500d-f42e-44f8-95fc-d18c1b1093af",
"indicator--7b0d562b-47d2-442d-b783-db5287da59ac",
"indicator--e4484d7e-0ce1-4aaf-860d-dbbdb89e6aca",
"observed-data--5b2655ca-0590-41e5-aeec-6a6d02de0b81",
"url--5b2655ca-0590-41e5-aeec-6a6d02de0b81",
"x-misp-attribute--5b26563a-5330-43de-aac3-6a6202de0b81",
"x-misp-attribute--5b26569b-4d24-4f80-bfbc-170302de0b81",
"observed-data--5b265834-3cb0-4d59-a792-6a6d02de0b81",
"url--5b265834-3cb0-4d59-a792-6a6d02de0b81",
"x-misp-object--967ce91b-c8b4-42df-9f74-9e1ac6affd08",
"x-misp-object--0dbb16a9-0269-4682-a179-1d6891ff30b1",
"x-misp-object--ff95cbea-219e-4242-9f7d-a2d16a013a7b",
"x-misp-object--fd483ddd-cdc3-4296-8a89-c467247ede98",
"x-misp-object--7f5198c2-fd93-4401-80fa-e24b6a99bb3c",
"x-misp-object--345a90a3-5de7-44a1-8a57-a1a8999a1af5",
"x-misp-object--b94caa3a-5603-431b-8822-cca2a4ffa678",
"x-misp-object--bfc7f514-369a-40a2-9462-95c6228df9a4",
"x-misp-object--d9231a73-1ae1-4e99-877c-e6080aef6fd5",
"x-misp-object--e60aa2a5-bc11-4df9-9241-defe23af60a1",
"x-misp-object--ba4427c1-fc81-40e9-a10b-d14a0a20711d",
"x-misp-object--ac98153a-ec7f-4c54-b563-7917339cee04",
"x-misp-object--4afa330b-5bde-4778-b833-ba0ccdf53b67",
"x-misp-object--98db396b-fa79-441a-9ac6-f5c4b8ce4709",
"x-misp-object--331a2fb4-3f10-45ca-89c9-60cf96c9205f",
"x-misp-object--2c6f9016-4377-447f-84df-ddc4c2d59f35",
"x-misp-object--bd2613b3-ef57-4c37-9e55-26e51493ba3a",
"x-misp-object--16c183f2-2c3f-4304-ad99-9e19c2323ee0",
"x-misp-object--8a65ff90-3aad-4da9-a4be-b8b4a08878d2",
"indicator--1dd9ce3a-5709-4b5b-9dd2-12d9bf32e1d0",
"indicator--c2593c36-69f5-4c43-9fcc-b335d606d569",
"indicator--35046b12-4171-4598-ab66-f6c536f03862",
"indicator--36c77c19-8523-4fc0-b1c7-a37fc417137f",
"indicator--137d6815-4196-433f-a8be-1fe04add3a5f",
"indicator--a84b8d9c-0175-411b-8b89-fc0ac709df56",
"indicator--f94d3e39-27ea-4214-bb44-c25505dc2326",
"indicator--d5b3a29b-484d-4619-b358-e8850a30e3a0",
"indicator--a13cfa83-8fb9-47f5-8bda-430bce2e0f7a",
"x-misp-object--8359531b-5e0a-4fdc-828d-d3901560fe58",
"x-misp-object--46e93d08-06fb-49ee-a465-b8680a4b04ae",
"x-misp-object--2543f106-3d8f-4855-a306-1f505ae9ee34",
"x-misp-object--8d81a602-68f0-470f-8eb3-3422ad8929fb",
"x-misp-object--1cc483ce-fc42-4c80-af86-6024c10f69f6",
"x-misp-object--0eb4a04f-9699-4e92-88a0-4a4dec688885",
"x-misp-object--5899141a-5be5-42de-90af-1e471b7b1d7c",
"x-misp-object--450c3377-2c9b-4b69-8381-f51dfe41f149",
"x-misp-object--3a9a5628-14e1-4f29-8722-93e142a93add",
"x-misp-object--f11af508-fb9e-49a3-a5ef-ed176fa9057b",
"x-misp-object--8b080900-6adf-4dd5-a3e3-470c719f6041",
"x-misp-object--0d3fcd9f-6a98-4566-b99c-941cf97a58c0",
"x-misp-object--15a888e0-c1b1-46cf-a341-32de4f623862",
"indicator--fc5663b5-c080-45b4-a405-147ca8570626",
"indicator--79461c6c-5900-4ecf-90f0-6157212636dd",
"indicator--206825c8-1f31-4ae3-be07-5cb1b63e98a1",
"indicator--0522e8ab-595b-46fd-b97c-bded45adfd05",
"indicator--cffd2eaa-1a45-40de-b9d1-aa6999601750",
"indicator--14dfc596-3c8f-4d1e-8194-56873bf809f0",
"indicator--c56a8843-6462-4e48-9354-ff3cea9b393c",
"x-misp-object--7dd632d5-39a8-491a-80cc-c163755c56db",
"x-misp-object--c22f54ef-0428-4b7e-aab1-c0ba1b6259ea",
"x-misp-object--be6d670d-923a-411a-97db-bf73901abf56",
"x-misp-object--b8e7aa5e-5681-4393-8581-a207f6651129",
"x-misp-object--2e3d47fa-ccc7-4549-8005-9d0b2481219a",
"x-misp-object--81c54539-acd4-4f39-981f-2c07d8e783df",
"x-misp-object--6a9e84ce-dc0b-48a5-a1b3-a70f871f6a08",
"x-misp-object--510ac6ad-b6d5-4be7-9a51-0ad210190eff",
"x-misp-object--f127c64b-bf6c-4448-a66f-b455d9f0a695",
"x-misp-object--72f0a63e-d53f-423b-b762-096a7f70ba1c",
"x-misp-object--33e578e5-10bc-4442-9737-ff332c9c2bbd",
"x-misp-object--d54ec2e8-330d-496a-bd90-c388db285a90",
"x-misp-object--cad943d1-b772-45d8-8cd1-7e3fde522cf7",
"x-misp-object--c07156a8-22b8-4496-9173-632a17da707a",
"x-misp-object--4d0aac8e-a228-4186-9626-37b23b6e06a3",
"x-misp-object--d25a50ab-2499-4d07-9ea8-d8db37a2a9ec",
"x-misp-object--43459484-03b7-4d3a-a023-d25e2950b7c6",
"x-misp-object--612783c6-7d6a-4f3b-999b-804d7dc94585",
"x-misp-object--017ac5c4-1f99-40ea-9b0e-845d1536894d",
"x-misp-object--938b67a4-6ddb-4390-8ba5-11137948a333",
"x-misp-object--2071bf37-4d11-4e1c-8a09-222cc01f3222",
"x-misp-object--5cea7400-2394-4125-a49b-64c020a3b2bf",
"x-misp-object--93c1fd93-dc41-40fa-8489-d2e820dcf54d",
"x-misp-object--fc5536a3-c1a4-4d19-aa3c-537ae72c0e37",
"x-misp-object--77a11458-9cba-4925-9e68-d34ffb6eb580",
"x-misp-object--d2bf0fa0-fd39-439c-ad04-c4b74103d928",
"x-misp-object--a68ac63a-c404-4f51-b5c3-a08c64b8c812",
"x-misp-object--9ed27605-49ae-4ddf-99b5-323110f08166",
"x-misp-object--c5188fa1-89e6-4034-b190-37d19d99693b",
"x-misp-object--bc1321a7-4ee5-4a27-8740-e98e3790543e",
"x-misp-object--6b9a35c8-f016-45f0-bc54-230462e36f3f",
"x-misp-object--368a60f3-4114-4f9e-ac30-8a6c4c3a15ec",
"x-misp-object--a615573c-e5d7-49d8-8f56-16b59a758b42",
"x-misp-object--e9f573b5-0f08-42d6-a8d2-c1078df73115",
"x-misp-object--3a947450-55ac-48b9-b46c-0b9e70a58cc0",
"x-misp-object--05aff0ac-857c-43b1-af37-a038cca8201b",
"x-misp-object--7a6e023e-973d-41da-ba8d-5817f5198428",
"x-misp-object--ff32b7ff-42ae-4b3d-acff-dcd99fb25eaf",
"x-misp-object--68f21999-9b07-41fc-9aac-8132f5dfb0c3",
"x-misp-object--a4f99cb3-f450-4b2e-8455-07dfe9e41cb0",
"x-misp-object--9acc8d38-4f15-4bf6-9c63-71613aaebbf7",
"x-misp-object--b6cd05be-e718-4b54-a890-ed1dd88697cb",
"x-misp-object--83c72de8-db0e-4c7d-8ea1-3236b485a86f",
"x-misp-object--014c32e7-b639-4a57-a5fb-18309fec2133",
"x-misp-object--b25804d1-5a0a-42f2-b5ad-0c01925ca1c7",
"x-misp-object--b31db49a-0a64-46f6-bf92-7d6d35eb8dfb",
"x-misp-object--2fbfd808-3ed1-4578-8a89-e0aa5d57a8b6",
"x-misp-object--9a97fc45-451c-4aee-8940-4a554ebf286f",
"x-misp-object--1d79df64-ad7a-4189-a107-1d2f27e8202c",
"x-misp-object--b4d6cf82-abf9-40ea-8adf-884cac0b7dca",
"x-misp-object--1b2178c0-7302-4bf6-a196-e7088086d1e7",
"x-misp-object--f6bf304a-cd3f-4bf4-8731-e4ad2e85c5c6",
"x-misp-object--245d12e0-fda7-41de-935c-5fc5208ea77a",
"x-misp-object--a5bf7615-9482-49f6-9959-55010346971f",
"x-misp-object--e20e89de-dedb-4493-9f39-d19bca906c68",
"x-misp-object--a640c76e-6b15-4f46-bb4a-3c41a62700c5",
"x-misp-object--940a978d-4e70-4357-a7c1-2e1a9e80b784",
"x-misp-object--fe2d8b67-f422-4335-be73-542f40ee8559",
"x-misp-object--c11a828a-e1d5-4299-9329-7908ca5aeea8",
"x-misp-object--f5d96ec9-8867-4032-8088-5c539234665c",
"x-misp-object--90eb0a08-a0d8-49c6-8ec7-dccc20d06199",
"x-misp-object--073bfabc-0580-4fde-8659-c3854029937d",
"x-misp-object--e5f2a5b2-f9b6-4536-8068-1e610b0a5b17",
"x-misp-object--592953b3-0474-4ad1-8942-757124e30a99",
"x-misp-object--d4bf7b4c-7f49-46cd-94a6-c12dc5a471eb",
"x-misp-object--3a63168f-d604-46d2-80c0-d24afea4639b",
"x-misp-object--c8df1989-af8f-49db-838c-ef2f8bb96eb5",
"x-misp-object--81962a81-10c7-4f4d-ba8b-b9df3d5d741d",
"x-misp-object--0f3b61d8-1fdd-408b-9710-61e6e3a05220",
"x-misp-object--5690876b-7f5b-4032-bb10-3f690b1ce2cd",
"x-misp-object--05809cc2-e217-49db-a128-b8b63d1b5171",
"x-misp-object--58af18ac-7fad-4504-85de-90947ece0028",
"x-misp-object--75cd1bef-0d6e-4c7f-bc48-293403212159",
"x-misp-object--e1eb04f2-bccb-4dd0-9f93-a1f2ccb4e650",
"x-misp-object--5ddcf5da-400b-4bad-b4f3-9dd0708a6644",
"x-misp-object--52d6ebd2-4ad3-44c5-9029-ccbff450c8b7",
"x-misp-object--59e02386-d00c-417d-b9c1-7a1dce691aad",
"x-misp-object--dee24e7d-32ac-427d-a6be-952cf291e5f6",
"relationship--9f9e2094-5ce3-4181-bb65-4ec625516faf",
"relationship--4571ae32-c759-4b07-a8d7-6e6314e3e254",
"relationship--75b5a86a-bf7d-4c4e-9d3a-209b0a25814c",
"relationship--289328c5-25c2-413e-a454-570a890bd059",
"relationship--f8e4934e-1210-4fd6-8ab1-8f2facc167a3",
"relationship--31473915-bd20-47b1-bf59-0b348e5d678d",
"relationship--5042adca-c7d4-45b0-9e88-b5fe10021849",
"relationship--0b339351-2483-424d-ac85-64ab07064f2e",
"relationship--89f11649-c4ed-4847-8856-873c26b416d4",
"relationship--992eaa29-f029-4690-9214-45bdd0b7ce25",
"relationship--b08174a4-98d4-4e4e-923f-8c5ebd2fea27"
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"misp-galaxy:threat-actor=\"Lazarus Group\""
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--eb2fc06f-a0a1-4f4a-bea3-adab040d70ff",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-06-17T12:33:48.000Z",
"modified": "2018-06-17T12:33:48.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '181.119.19.56']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-06-17T12:33:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--7c86a82b-ba54-4ff1-8705-e11f3f7141e7",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-06-17T12:33:48.000Z",
"modified": "2018-06-17T12:33:48.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '98.101.211.162']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-06-17T12:33:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--7ee15758-a1b1-430e-9c0d-99de31050d3f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-06-17T12:33:48.000Z",
"modified": "2018-06-17T12:33:48.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '59.90.93.97']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-06-17T12:33:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--2735b91e-6dfa-4588-a0d6-28fb8d167d7e",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-06-17T12:33:48.000Z",
"modified": "2018-06-17T12:33:48.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '111.207.78.204']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-06-17T12:33:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--0987500d-f42e-44f8-95fc-d18c1b1093af",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-06-17T12:33:48.000Z",
"modified": "2018-06-17T12:33:48.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '80.91.118.45']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-06-17T12:33:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--7b0d562b-47d2-442d-b783-db5287da59ac",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-06-17T12:33:48.000Z",
"modified": "2018-06-17T12:33:48.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '81.0.213.173']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-06-17T12:33:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--e4484d7e-0ce1-4aaf-860d-dbbdb89e6aca",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-06-17T12:33:48.000Z",
"modified": "2018-06-17T12:33:48.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '184.107.209.2']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-06-17T12:33:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5b2655ca-0590-41e5-aeec-6a6d02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-06-17T12:36:26.000Z",
"modified": "2018-06-17T12:36:26.000Z",
"first_observed": "2018-06-17T12:36:26Z",
"last_observed": "2018-06-17T12:36:26Z",
"number_observed": 1,
"object_refs": [
"url--5b2655ca-0590-41e5-aeec-6a6d02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5b2655ca-0590-41e5-aeec-6a6d02de0b81",
"value": "https://www.us-cert.gov/ncas/analysis-reports/AR18-165A"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--5b26563a-5330-43de-aac3-6a6202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-06-17T12:38:18.000Z",
"modified": "2018-06-17T12:38:18.000Z",
"labels": [
"misp:type=\"text\"",
"misp:category=\"External analysis\""
],
"x_misp_category": "External analysis",
"x_misp_type": "text",
"x_misp_value": "This Malware Analysis Report (MAR) is the result of analytic efforts between the Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI). Working with U.S. Government partners, DHS and FBI identified Trojan malware variants used by the North Korean government. This malware variant is known as TYPEFRAME. The U.S. Government refers to malicious cyber activity by the North Korean government as HIDDEN COBRA. For more information on HIDDEN COBRA activity, visit https://www.us-cert.gov/hiddencobra.\r\n\r\nDHS and FBI are distributing this MAR to enable network defense and reduce exposure to North Korean government malicious cyber activity.\r\n\r\nThis MAR includes malware descriptions related to HIDDEN COBRA, suggested response actions and recommended mitigation techniques. Users and administrators should flag activity associated with the malware, report the activity to the DHS National Cybersecurity and Communications Integration Center (NCCIC) or the FBI Cyber Watch (CyWatch), and give the activity the highest priority for enhanced mitigation.\r\n\r\nThis malware report contains analysis of 11 malware samples consisting of 32-bit and 64-bit Windows executable files and a malicious Microsoft Word document that contains Visual Basic for Applications (VBA) macros. These files have the capability to download and install malware, install proxy and Remote Access Trojans (RATs), connect to command and control (C2) servers to receive additional instructions, and modify the victim's firewall to allow incoming connections."
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--5b26569b-4d24-4f80-bfbc-170302de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-06-17T12:39:55.000Z",
"modified": "2018-06-17T12:39:55.000Z",
"labels": [
"misp:type=\"text\"",
"misp:category=\"External analysis\""
],
"x_misp_category": "External analysis",
"x_misp_type": "text",
"x_misp_value": "(from CIRCL)\r\nSTIX import of https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-12_WHITE_stix.xml with additional expansions and information from the website (as the STIX original file is not including the meta-data)."
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5b265834-3cb0-4d59-a792-6a6d02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-06-17T12:46:44.000Z",
"modified": "2018-06-17T12:46:44.000Z",
"first_observed": "2018-06-17T12:46:44Z",
"last_observed": "2018-06-17T12:46:44Z",
"number_observed": 1,
"object_refs": [
"url--5b265834-3cb0-4d59-a792-6a6d02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5b265834-3cb0-4d59-a792-6a6d02de0b81",
"value": "https://www.us-cert.gov/sites/default/files/publications/MAR-10135536-12_WHITE_stix.xml"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--967ce91b-c8b4-42df-9f74-9e1ac6affd08",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-06-17T12:31:22.000Z",
"modified": "2018-06-17T12:31:22.000Z",
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\""
],
"x_misp_meta_category": "file",
"x_misp_name": "file"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--0dbb16a9-0269-4682-a179-1d6891ff30b1",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-06-17T12:31:24.000Z",
"modified": "2018-06-17T12:31:24.000Z",
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\""
],
"x_misp_meta_category": "file",
"x_misp_name": "file"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--ff95cbea-219e-4242-9f7d-a2d16a013a7b",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-06-17T12:31:25.000Z",
"modified": "2018-06-17T12:31:25.000Z",
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\""
],
"x_misp_meta_category": "file",
"x_misp_name": "file"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--fd483ddd-cdc3-4296-8a89-c467247ede98",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-06-17T12:31:26.000Z",
"modified": "2018-06-17T12:31:26.000Z",
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\""
],
"x_misp_meta_category": "file",
"x_misp_name": "file"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--7f5198c2-fd93-4401-80fa-e24b6a99bb3c",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-06-17T12:31:28.000Z",
"modified": "2018-06-17T12:31:28.000Z",
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\""
],
"x_misp_meta_category": "file",
"x_misp_name": "file"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--345a90a3-5de7-44a1-8a57-a1a8999a1af5",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-06-17T12:31:29.000Z",
"modified": "2018-06-17T12:31:29.000Z",
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\""
],
"x_misp_meta_category": "file",
"x_misp_name": "file"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--b94caa3a-5603-431b-8822-cca2a4ffa678",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-06-17T12:31:30.000Z",
"modified": "2018-06-17T12:31:30.000Z",
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\""
],
"x_misp_meta_category": "file",
"x_misp_name": "file"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--bfc7f514-369a-40a2-9462-95c6228df9a4",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-06-17T12:31:32.000Z",
"modified": "2018-06-17T12:31:32.000Z",
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\""
],
"x_misp_meta_category": "file",
"x_misp_name": "file"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--d9231a73-1ae1-4e99-877c-e6080aef6fd5",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-06-17T12:31:33.000Z",
"modified": "2018-06-17T12:31:33.000Z",
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\""
],
"x_misp_meta_category": "file",
"x_misp_name": "file"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--e60aa2a5-bc11-4df9-9241-defe23af60a1",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-06-17T12:31:35.000Z",
"modified": "2018-06-17T12:31:35.000Z",
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\""
],
"x_misp_meta_category": "file",
"x_misp_name": "file"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--ba4427c1-fc81-40e9-a10b-d14a0a20711d",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-06-17T12:31:36.000Z",
"modified": "2018-06-17T12:31:36.000Z",
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\""
],
"x_misp_meta_category": "file",
"x_misp_name": "file"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--ac98153a-ec7f-4c54-b563-7917339cee04",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-06-17T12:31:37.000Z",
"modified": "2018-06-17T12:31:37.000Z",
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\""
],
"x_misp_meta_category": "file",
"x_misp_name": "file"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--4afa330b-5bde-4778-b833-ba0ccdf53b67",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-06-17T12:31:39.000Z",
"modified": "2018-06-17T12:31:39.000Z",
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\""
],
"x_misp_meta_category": "file",
"x_misp_name": "file"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--98db396b-fa79-441a-9ac6-f5c4b8ce4709",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-06-17T12:31:41.000Z",
"modified": "2018-06-17T12:31:41.000Z",
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\""
],
"x_misp_meta_category": "file",
"x_misp_name": "file"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--331a2fb4-3f10-45ca-89c9-60cf96c9205f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-06-17T12:31:47.000Z",
"modified": "2018-06-17T12:31:47.000Z",
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\""
],
"x_misp_meta_category": "file",
"x_misp_name": "file"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--2c6f9016-4377-447f-84df-ddc4c2d59f35",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-06-17T12:31:53.000Z",
"modified": "2018-06-17T12:31:53.000Z",
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\""
],
"x_misp_meta_category": "file",
"x_misp_name": "file"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--bd2613b3-ef57-4c37-9e55-26e51493ba3a",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-06-17T12:31:58.000Z",
"modified": "2018-06-17T12:31:58.000Z",
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\""
],
"x_misp_meta_category": "file",
"x_misp_name": "file"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--16c183f2-2c3f-4304-ad99-9e19c2323ee0",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-06-17T12:32:04.000Z",
"modified": "2018-06-17T12:32:04.000Z",
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\""
],
"x_misp_meta_category": "file",
"x_misp_name": "file"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--8a65ff90-3aad-4da9-a4be-b8b4a08878d2",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-06-17T12:40:48.000Z",
"modified": "2018-06-17T12:40:48.000Z",
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\""
],
"x_misp_meta_category": "file",
"x_misp_name": "file"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--1dd9ce3a-5709-4b5b-9dd2-12d9bf32e1d0",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-06-17T12:32:17.000Z",
"modified": "2018-06-17T12:32:17.000Z",
"pattern": "[file:hashes.MD5 = 'bf474b8acd55380b1169bb949d60e9e4' AND file:hashes.SHA1 = 'c60c18fc0226a53be15637ee3ef0b73b0dabd854' AND file:hashes.SHA256 = 'd1d490866d4a4d29306f0d9300bffc1450c41bb8fd62371d29672bf9f747bf92' AND file:hashes.SHA512 = '46995cf3516c160d2f4fa5957c8c67df75f2768b24562b22de46a5d4ef7ba17fecaef2ad900bc6925e0c4284802864361423653154ad0622af18d049fb0419be' AND file:hashes.SSDEEP = '12288:G+3/oi/EpRsV97/8Olq3p8YNk5oYEeLxCStEowZVKmZag:Gmoi/EpRsV9S3prgomLE9oVmQg' AND file:name = 'BF474B8ACD55380B1169BB949D60E9E4' AND file:size = '466241' AND file:x_misp_mimetype = 'PE32 executable (GUI) Intel 80386, for MS Windows' AND file:x_misp_entropy = '7.760001']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-06-17T12:32:17Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--c2593c36-69f5-4c43-9fcc-b335d606d569",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-06-17T12:32:23.000Z",
"modified": "2018-06-17T12:32:23.000Z",
"pattern": "[file:hashes.MD5 = 'ca67f84d5a4ac1459934128442c53b03' AND file:hashes.SHA1 = 'f4eb6a50c60320edafb3e48c612c6a55560d0684' AND file:hashes.SHA256 = '40ef57ca2a617f5d24ac624339ba2027b6cf301c28684bf8b2075fc7a2e95116' AND file:hashes.SHA512 = '4695cf69e2ae52fc94eab31cbc3bb846022a3e1516d9bc293118f674ea1eb86468cff0a4c0dee8dff8a2d545df153116e8d86669513426e1b32a205041339e45' AND file:hashes.SSDEEP = '12288:drrF4D0d2QKPIyWE8QPnWnGHiS2VcL2ZotSNfpV532/dlZ:x6IGnWntQ2ZvfpvmdlZ' AND file:name = 'CA67F84D5A4AC1459934128442C53B03' AND file:size = '778240' AND file:x_misp_mimetype = 'PE32 executable (DLL) (GUI) Intel 80386, for MS Windows' AND file:x_misp_entropy = '6.710797']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-06-17T12:32:23Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--35046b12-4171-4598-ab66-f6c536f03862",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-06-17T12:32:30.000Z",
"modified": "2018-06-17T12:32:30.000Z",
"pattern": "[file:hashes.MD5 = '6ab301fc3296e1ceb140bf5d294894c5' AND file:hashes.SHA1 = '8d62498656db928f987b47bdbcfab5d6032be48a' AND file:hashes.SHA256 = '546dbd370a40c8e46f9b599a414f25000eec5ae6b3e046a035fe6e6cd5d874e1' AND file:hashes.SHA512 = '3abd7a690d821ace78d8f5e2394f0922308963c7ba8ee63661e9cdb2e36fe8353904346b4b0457c6ace3071505533187d62a41d47473a6a9680cab7fca209ceb' AND file:hashes.SSDEEP = '3072:JdHh7xVwMPRTxXX0bqkmvA7XKmJLiSi3Ix1DKXrlTNEsuFFCeojbmUkGVcNP+:17xVrxxn0PrWiv8hLnS+' AND file:name = '6AB301FC3296E1CEB140BF5D294894C5' AND file:size = '259584' AND file:x_misp_mimetype = 'PE32+ executable (DLL) (GUI) x86-64, for MS Windows' AND file:x_misp_entropy = '5.918488']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-06-17T12:32:30Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--36c77c19-8523-4fc0-b1c7-a37fc417137f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-06-17T12:40:48.000Z",
"modified": "2018-06-17T12:40:48.000Z",
"pattern": "[file:hashes.MD5 = '77b50bb476a85a7aa30c962a389838aa' AND file:hashes.SHA1 = 'df466a1f473c7c5eba5f22d90822fd1430b6a244' AND file:hashes.SHA256 = '3c809a10106990ba93ec0ed3b63ec8558414c6680f6187066b1aacd4d8c58210' AND file:hashes.SHA512 = '33b78e0bc8832958b79292bfebffe32c03b59b92044bb95331ee384f7061f6724c7d10bcf17ee1395dbd437b225c0813ba4bc5de6ef44f4bdd9ee58e446ad143' AND file:hashes.SSDEEP = '3072:sPhrkoI8QYJRMs4y5pe+/a5sN5t4+PXP:Mi/lqpe+/0sa' AND file:name = 'java.exe' AND file:size = '118784' AND file:x_misp_mimetype = 'PE32 executable (GUI) Intel 80386, for MS Windows' AND file:x_misp_entropy = '5.880053']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-06-17T12:40:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--137d6815-4196-433f-a8be-1fe04add3a5f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-06-17T12:32:35.000Z",
"modified": "2018-06-17T12:32:35.000Z",
"pattern": "[file:hashes.MD5 = '3229a6cea658b1b3ca5ca9ad7b40d8d4' AND file:hashes.SHA1 = '70730e608e2fcc68ce468ed148e965c5bacfb51c' AND file:hashes.SHA256 = '4bd7d801d7ce3fe9c2928dbc834b296e934473f5bbcc9a1fd18af5ebd43192cd' AND file:hashes.SHA512 = 'ff385a9446415412950562cca832eab1d17de56932f3633a86202dea829e8bd25e56864306f2e6c8bb7ff7d2cfe2785acc4261410e38348946baf72d4a0696de' AND file:hashes.SSDEEP = '12288:sh+81FiNloAzjMXJ1NPeZ3eMNZtF7fHRRAug0EX7:W1FiNWEYxeV3NfHDe' AND file:name = '3229A6CEA658B1B3CA5CA9AD7B40D8D4' AND file:size = '712192' AND file:x_misp_mimetype = 'Composite Document File V2 Document, Little Endian, O\\\\%WINDIR\\\\%\\\\ Version 6.2, Code page: 949, Author: ISkyISea, Template: Normal, Last Saved By: ISkyISea, Revision Number: 2, Name of Creating Application: Microsoft Office Word, Total Editing Time: 17:00, Create Time/Date: Mon Apr 3 18:36:00 2017, Last Saved Time/Date: Thu Apr 6 00:34:00 2017, Number of Pages: 1, Number of Words: 0, Number of Characters: 1, Security: 0' AND file:x_misp_entropy = '5.446016']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-06-17T12:32:35Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--a84b8d9c-0175-411b-8b89-fc0ac709df56",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-06-17T12:32:44.000Z",
"modified": "2018-06-17T12:32:44.000Z",
"pattern": "[file:hashes.MD5 = 'bfb41bc0c3856aa0a81a5256b7b8da51' AND file:hashes.SHA1 = 'cb96e29332fe94d1a70309837f73daf7bec81284' AND file:hashes.SHA256 = 'c9e3b83d77ce93cc1d70b22e967f049b13515c88572aa78e0a838103e5478777' AND file:hashes.SHA512 = '37223163a329ffa7b77a9190aab1da5fbf38c6d76139591d592d695e5caa81b56f6d3769540e2781c87a29de3d39e5e9c8ee70bd9ed6a0bee040917f530bc11a' AND file:hashes.SSDEEP = '12288:jxn1kOPTkEjkHsnCrYHM46QyFgHj+u1XC1GbA/UXAfAGZI3PWM+:jxn1kOLkEQHsYYDdD+u1HbA/Uw47/L+' AND file:name = 'BFB41BC0C3856AA0A81A5256B7B8DA51' AND file:size = '578174' AND file:x_misp_mimetype = 'PE32+ executable (GUI) x86-64, for MS Windows' AND file:x_misp_entropy = '7.848313']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-06-17T12:32:44Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--f94d3e39-27ea-4214-bb44-c25505dc2326",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-06-17T12:32:46.000Z",
"modified": "2018-06-17T12:32:46.000Z",
"pattern": "[file:hashes.MD5 = '9722bc9e0efb4214116066d1ff14094c' AND file:hashes.SHA1 = '41a938499048a6ad8034d09e2fbb893da8f13ca9' AND file:hashes.SHA256 = 'e088c3a0b0f466df5329d9a66ff618de3d468d8a5981715303babb1452631eef' AND file:hashes.SHA512 = '8470c240868441093314ebe263028ceef61d900b41aaeed77fd934edf81b9a75f6c96d0fccc0ac87364c8e23e0b8eb19ec8bcd47daf1d50c1182be999475fc4c' AND file:hashes.SSDEEP = '12288:nqU713B5hV7rJIBBAVbyjRbjSbdSYJ3raxt7o6qRBpDwQmnQ2bqPjD+PmCNVGsPf:nRxJIB7hSZSG37jo/GsPepCdOwy' AND file:name = 'dwnhost.dll' AND file:size = '1030144' AND file:x_misp_mimetype = 'PE32+ executable (DLL) (GUI) x86-64, for MS Windows' AND file:x_misp_entropy = '6.424883']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-06-17T12:32:46Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--d5b3a29b-484d-4619-b358-e8850a30e3a0",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-06-17T12:32:52.000Z",
"modified": "2018-06-17T12:32:52.000Z",
"pattern": "[file:hashes.MD5 = 'ef9db20ab0eebf0b7c55af4ec0b7bced' AND file:hashes.SHA1 = '0202942d11c994cece943bb873f3af156d820f59' AND file:hashes.SHA256 = '20abb95114de946da7595438e9edf0bf39c85ba8512709db7d5532d37d73bd64' AND file:hashes.SHA512 = '85fa80079c59da83e3b2471eab0d2981c92b6c589cbe5052bf438831ae464e6499040ead68d6bc9929edd9f6c08ecc6abf2a0173e31bd361a24fad89ff1f7064' AND file:hashes.SSDEEP = '3072:qocqUTuIzXblpGxqSDBiiBmLEEjdTIf3TIb9Qw/uAZyerrPabYlQ:qJqUnXKxqSAiBJyTC3TIb9QRL0lQ' AND file:name = 'EF9DB20AB0EEBF0B7C55AF4EC0B7BCED' AND file:size = '152064' AND file:x_misp_mimetype = 'PE32+ executable (GUI) x86-64, for MS Windows' AND file:x_misp_entropy = '6.269643']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-06-17T12:32:52Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--a13cfa83-8fb9-47f5-8bda-430bce2e0f7a",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-06-17T12:33:01.000Z",
"modified": "2018-06-17T12:33:01.000Z",
"pattern": "[file:hashes.MD5 = '1c53e7269fe9d84c6df0a25ba59b822c' AND file:hashes.SHA1 = 'b775d753671133cbc4919764d2fac0d298166b07' AND file:hashes.SHA256 = '201c7cd10a2bd50dde0948d14c3c7a0732955c908a3392aee3d08b94470c9d33' AND file:hashes.SHA512 = '3d3883b9b29e264d023b7034d980b7c206c9fc82010bf7f5f1dc454fdbd316830fe69e90579406a74afc1fca8e266d10c1b46784bd661dcb2815e370a68acd32' AND file:hashes.SSDEEP = '1536:EaMa/KVyD4hv6LLETuA1x+sh2iE1s44tz4qoWYUwnZ7hUOC2:G8YPZ6LLqQFX4tz4quxY' AND file:name = '1C53E7269FE9D84C6DF0A25BA59B822C' AND file:size = '126976' AND file:x_misp_mimetype = 'PE32 executable (DLL) (GUI) Intel 80386, for MS Windows' AND file:x_misp_entropy = '6.024087']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-06-17T12:33:01Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--8359531b-5e0a-4fdc-828d-d3901560fe58",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-06-17T12:33:01.000Z",
"modified": "2018-06-17T12:33:01.000Z",
"labels": [
"misp:name=\"whois\"",
"misp:meta-category=\"network\""
],
"x_misp_meta_category": "network",
"x_misp_name": "whois"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--46e93d08-06fb-49ee-a465-b8680a4b04ae",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-06-17T12:33:01.000Z",
"modified": "2018-06-17T12:33:01.000Z",
"labels": [
"misp:name=\"whois\"",
"misp:meta-category=\"network\""
],
"x_misp_meta_category": "network",
"x_misp_name": "whois"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--2543f106-3d8f-4855-a306-1f505ae9ee34",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-06-17T12:33:01.000Z",
"modified": "2018-06-17T12:33:01.000Z",
"labels": [
"misp:name=\"whois\"",
"misp:meta-category=\"network\""
],
"x_misp_meta_category": "network",
"x_misp_name": "whois"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--8d81a602-68f0-470f-8eb3-3422ad8929fb",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-06-17T12:33:01.000Z",
"modified": "2018-06-17T12:33:01.000Z",
"labels": [
"misp:name=\"whois\"",
"misp:meta-category=\"network\""
],
"x_misp_meta_category": "network",
"x_misp_name": "whois"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--1cc483ce-fc42-4c80-af86-6024c10f69f6",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-06-17T12:33:01.000Z",
"modified": "2018-06-17T12:33:01.000Z",
"labels": [
"misp:name=\"whois\"",
"misp:meta-category=\"network\""
],
"x_misp_meta_category": "network",
"x_misp_name": "whois"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--0eb4a04f-9699-4e92-88a0-4a4dec688885",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-06-17T12:33:01.000Z",
"modified": "2018-06-17T12:33:01.000Z",
"labels": [
"misp:name=\"whois\"",
"misp:meta-category=\"network\""
],
"x_misp_meta_category": "network",
"x_misp_name": "whois"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--5899141a-5be5-42de-90af-1e471b7b1d7c",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-06-17T12:33:01.000Z",
"modified": "2018-06-17T12:33:01.000Z",
"labels": [
"misp:name=\"whois\"",
"misp:meta-category=\"network\""
],
"x_misp_meta_category": "network",
"x_misp_name": "whois"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--450c3377-2c9b-4b69-8381-f51dfe41f149",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-06-17T12:40:47.000Z",
"modified": "2018-06-17T12:40:47.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--3a9a5628-14e1-4f29-8722-93e142a93add",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-06-17T12:31:47.000Z",
"modified": "2018-06-17T12:31:47.000Z",
"labels": [
"misp:name=\"pe\"",
"misp:meta-category=\"file\""
],
"x_misp_meta_category": "file",
"x_misp_name": "pe"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--f11af508-fb9e-49a3-a5ef-ed176fa9057b",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-06-17T12:31:53.000Z",
"modified": "2018-06-17T12:31:53.000Z",
"labels": [
"misp:name=\"pe\"",
"misp:meta-category=\"file\""
],
"x_misp_meta_category": "file",
"x_misp_name": "pe"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--8b080900-6adf-4dd5-a3e3-470c719f6041",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-06-17T12:31:57.000Z",
"modified": "2018-06-17T12:31:57.000Z",
"labels": [
"misp:name=\"pe\"",
"misp:meta-category=\"file\""
],
"x_misp_meta_category": "file",
"x_misp_name": "pe"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--0d3fcd9f-6a98-4566-b99c-941cf97a58c0",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-06-17T12:32:03.000Z",
"modified": "2018-06-17T12:32:03.000Z",
"labels": [
"misp:name=\"pe\"",
"misp:meta-category=\"file\""
],
"x_misp_meta_category": "file",
"x_misp_name": "pe"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--15a888e0-c1b1-46cf-a341-32de4f623862",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-06-17T12:32:12.000Z",
"modified": "2018-06-17T12:32:12.000Z",
"labels": [
"misp:name=\"pe\"",
"misp:meta-category=\"file\""
],
"x_misp_meta_category": "file",
"x_misp_name": "pe"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--fc5663b5-c080-45b4-a405-147ca8570626",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-06-17T12:32:17.000Z",
"modified": "2018-06-17T12:32:17.000Z",
"pattern": "[file:extensions.'windows-pebinary-ext'.number_of_sections = '4' AND file:extensions.'windows-pebinary-ext'.x_misp_internal_filename = 'BF474B8ACD55380B1169BB949D60E9E4' AND file:extensions.'windows-pebinary-ext'.x_misp_original_filename = 'BF474B8ACD55380B1169BB949D60E9E4']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-06-17T12:32:17Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"pe\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--79461c6c-5900-4ecf-90f0-6157212636dd",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-06-17T12:32:23.000Z",
"modified": "2018-06-17T12:32:23.000Z",
"pattern": "[file:extensions.'windows-pebinary-ext'.number_of_sections = '6' AND file:extensions.'windows-pebinary-ext'.x_misp_internal_filename = 'CA67F84D5A4AC1459934128442C53B03' AND file:extensions.'windows-pebinary-ext'.x_misp_original_filename = 'CA67F84D5A4AC1459934128442C53B03']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-06-17T12:32:23Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"pe\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--206825c8-1f31-4ae3-be07-5cb1b63e98a1",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-06-17T12:32:30.000Z",
"modified": "2018-06-17T12:32:30.000Z",
"pattern": "[file:extensions.'windows-pebinary-ext'.number_of_sections = '7' AND file:extensions.'windows-pebinary-ext'.x_misp_internal_filename = '6AB301FC3296E1CEB140BF5D294894C5' AND file:extensions.'windows-pebinary-ext'.x_misp_original_filename = '6AB301FC3296E1CEB140BF5D294894C5']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-06-17T12:32:30Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"pe\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--0522e8ab-595b-46fd-b97c-bded45adfd05",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-06-17T12:32:35.000Z",
"modified": "2018-06-17T12:32:35.000Z",
"pattern": "[file:extensions.'windows-pebinary-ext'.number_of_sections = '5' AND file:extensions.'windows-pebinary-ext'.x_misp_internal_filename = 'java.exe' AND file:extensions.'windows-pebinary-ext'.x_misp_original_filename = 'java.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-06-17T12:32:35Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"pe\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--cffd2eaa-1a45-40de-b9d1-aa6999601750",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-06-17T12:32:43.000Z",
"modified": "2018-06-17T12:32:43.000Z",
"pattern": "[file:extensions.'windows-pebinary-ext'.number_of_sections = '7' AND file:extensions.'windows-pebinary-ext'.x_misp_internal_filename = 'BFB41BC0C3856AA0A81A5256B7B8DA51' AND file:extensions.'windows-pebinary-ext'.x_misp_original_filename = 'BFB41BC0C3856AA0A81A5256B7B8DA51']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-06-17T12:32:43Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"pe\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--14dfc596-3c8f-4d1e-8194-56873bf809f0",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-06-17T12:32:52.000Z",
"modified": "2018-06-17T12:32:52.000Z",
"pattern": "[file:extensions.'windows-pebinary-ext'.number_of_sections = '7' AND file:extensions.'windows-pebinary-ext'.x_misp_internal_filename = 'EF9DB20AB0EEBF0B7C55AF4EC0B7BCED' AND file:extensions.'windows-pebinary-ext'.x_misp_original_filename = 'EF9DB20AB0EEBF0B7C55AF4EC0B7BCED']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-06-17T12:32:52Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"pe\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--c56a8843-6462-4e48-9354-ff3cea9b393c",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-06-17T12:33:01.000Z",
"modified": "2018-06-17T12:33:01.000Z",
"pattern": "[file:extensions.'windows-pebinary-ext'.number_of_sections = '12' AND file:extensions.'windows-pebinary-ext'.x_misp_internal_filename = '1C53E7269FE9D84C6DF0A25BA59B822C' AND file:extensions.'windows-pebinary-ext'.x_misp_original_filename = '1C53E7269FE9D84C6DF0A25BA59B822C']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-06-17T12:33:01Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"pe\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--7dd632d5-39a8-491a-80cc-c163755c56db",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-06-17T12:31:42.000Z",
"modified": "2018-06-17T12:31:42.000Z",
"labels": [
"misp:name=\"pe-section\"",
"misp:meta-category=\"file\""
],
"x_misp_meta_category": "file",
"x_misp_name": "pe-section"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--c22f54ef-0428-4b7e-aab1-c0ba1b6259ea",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-06-17T12:31:42.000Z",
"modified": "2018-06-17T12:31:42.000Z",
"labels": [
"misp:name=\"pe-section\"",
"misp:meta-category=\"file\""
],
"x_misp_meta_category": "file",
"x_misp_name": "pe-section"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--be6d670d-923a-411a-97db-bf73901abf56",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-06-17T12:31:43.000Z",
"modified": "2018-06-17T12:31:43.000Z",
"labels": [
"misp:name=\"pe-section\"",
"misp:meta-category=\"file\""
],
"x_misp_meta_category": "file",
"x_misp_name": "pe-section"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--b8e7aa5e-5681-4393-8581-a207f6651129",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-06-17T12:31:43.000Z",
"modified": "2018-06-17T12:31:43.000Z",
"labels": [
"misp:name=\"pe-section\"",
"misp:meta-category=\"file\""
],
"x_misp_meta_category": "file",
"x_misp_name": "pe-section"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--2e3d47fa-ccc7-4549-8005-9d0b2481219a",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-06-17T12:31:46.000Z",
"modified": "2018-06-17T12:31:46.000Z",
"labels": [
"misp:name=\"pe-section\"",
"misp:meta-category=\"file\""
],
"x_misp_meta_category": "file",
"x_misp_name": "pe-section"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--81c54539-acd4-4f39-981f-2c07d8e783df",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-06-17T12:31:47.000Z",
"modified": "2018-06-17T12:31:47.000Z",
"labels": [
"misp:name=\"pe-section\"",
"misp:meta-category=\"file\""
],
"x_misp_meta_category": "file",
"x_misp_name": "pe-section"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--6a9e84ce-dc0b-48a5-a1b3-a70f871f6a08",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-06-17T12:31:47.000Z",
"modified": "2018-06-17T12:31:47.000Z",
"labels": [
"misp:name=\"pe-section\"",
"misp:meta-category=\"file\""
],
"x_misp_meta_category": "file",
"x_misp_name": "pe-section"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--510ac6ad-b6d5-4be7-9a51-0ad210190eff",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-06-17T12:31:48.000Z",
"modified": "2018-06-17T12:31:48.000Z",
"labels": [
"misp:name=\"pe-section\"",
"misp:meta-category=\"file\""
],
"x_misp_meta_category": "file",
"x_misp_name": "pe-section"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--f127c64b-bf6c-4448-a66f-b455d9f0a695",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-06-17T12:31:49.000Z",
"modified": "2018-06-17T12:31:49.000Z",
"labels": [
"misp:name=\"pe-section\"",
"misp:meta-category=\"file\""
],
"x_misp_meta_category": "file",
"x_misp_name": "pe-section"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--72f0a63e-d53f-423b-b762-096a7f70ba1c",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-06-17T12:31:49.000Z",
"modified": "2018-06-17T12:31:49.000Z",
"labels": [
"misp:name=\"pe-section\"",
"misp:meta-category=\"file\""
],
"x_misp_meta_category": "file",
"x_misp_name": "pe-section"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--33e578e5-10bc-4442-9737-ff332c9c2bbd",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-06-17T12:31:52.000Z",
"modified": "2018-06-17T12:31:52.000Z",
"labels": [
"misp:name=\"pe-section\"",
"misp:meta-category=\"file\""
],
"x_misp_meta_category": "file",
"x_misp_name": "pe-section"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--d54ec2e8-330d-496a-bd90-c388db285a90",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-06-17T12:31:53.000Z",
"modified": "2018-06-17T12:31:53.000Z",
"labels": [
"misp:name=\"pe-section\"",
"misp:meta-category=\"file\""
],
"x_misp_meta_category": "file",
"x_misp_name": "pe-section"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--cad943d1-b772-45d8-8cd1-7e3fde522cf7",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-06-17T12:31:53.000Z",
"modified": "2018-06-17T12:31:53.000Z",
"labels": [
"misp:name=\"pe-section\"",
"misp:meta-category=\"file\""
],
"x_misp_meta_category": "file",
"x_misp_name": "pe-section"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--c07156a8-22b8-4496-9173-632a17da707a",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-06-17T12:31:54.000Z",
"modified": "2018-06-17T12:31:54.000Z",
"labels": [
"misp:name=\"pe-section\"",
"misp:meta-category=\"file\""
],
"x_misp_meta_category": "file",
"x_misp_name": "pe-section"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--4d0aac8e-a228-4186-9626-37b23b6e06a3",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-06-17T12:31:57.000Z",
"modified": "2018-06-17T12:31:57.000Z",
"labels": [
"misp:name=\"pe-section\"",
"misp:meta-category=\"file\""
],
"x_misp_meta_category": "file",
"x_misp_name": "pe-section"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--d25a50ab-2499-4d07-9ea8-d8db37a2a9ec",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-06-17T12:31:57.000Z",
"modified": "2018-06-17T12:31:57.000Z",
"labels": [
"misp:name=\"pe-section\"",
"misp:meta-category=\"file\""
],
"x_misp_meta_category": "file",
"x_misp_name": "pe-section"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--43459484-03b7-4d3a-a023-d25e2950b7c6",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-06-17T12:31:58.000Z",
"modified": "2018-06-17T12:31:58.000Z",
"labels": [
"misp:name=\"pe-section\"",
"misp:meta-category=\"file\""
],
"x_misp_meta_category": "file",
"x_misp_name": "pe-section"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--612783c6-7d6a-4f3b-999b-804d7dc94585",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-06-17T12:31:59.000Z",
"modified": "2018-06-17T12:31:59.000Z",
"labels": [
"misp:name=\"pe-section\"",
"misp:meta-category=\"file\""
],
"x_misp_meta_category": "file",
"x_misp_name": "pe-section"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--017ac5c4-1f99-40ea-9b0e-845d1536894d",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-06-17T12:31:59.000Z",
"modified": "2018-06-17T12:31:59.000Z",
"labels": [
"misp:name=\"pe-section\"",
"misp:meta-category=\"file\""
],
"x_misp_meta_category": "file",
"x_misp_name": "pe-section"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--938b67a4-6ddb-4390-8ba5-11137948a333",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-06-17T12:32:00.000Z",
"modified": "2018-06-17T12:32:00.000Z",
"labels": [
"misp:name=\"pe-section\"",
"misp:meta-category=\"file\""
],
"x_misp_meta_category": "file",
"x_misp_name": "pe-section"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--2071bf37-4d11-4e1c-8a09-222cc01f3222",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-06-17T12:32:03.000Z",
"modified": "2018-06-17T12:32:03.000Z",
"labels": [
"misp:name=\"pe-section\"",
"misp:meta-category=\"file\""
],
"x_misp_meta_category": "file",
"x_misp_name": "pe-section"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--5cea7400-2394-4125-a49b-64c020a3b2bf",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-06-17T12:32:04.000Z",
"modified": "2018-06-17T12:32:04.000Z",
"labels": [
"misp:name=\"pe-section\"",
"misp:meta-category=\"file\""
],
"x_misp_meta_category": "file",
"x_misp_name": "pe-section"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--93c1fd93-dc41-40fa-8489-d2e820dcf54d",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-06-17T12:32:04.000Z",
"modified": "2018-06-17T12:32:04.000Z",
"labels": [
"misp:name=\"pe-section\"",
"misp:meta-category=\"file\""
],
"x_misp_meta_category": "file",
"x_misp_name": "pe-section"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--fc5536a3-c1a4-4d19-aa3c-537ae72c0e37",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-06-17T12:32:05.000Z",
"modified": "2018-06-17T12:32:05.000Z",
"labels": [
"misp:name=\"pe-section\"",
"misp:meta-category=\"file\""
],
"x_misp_meta_category": "file",
"x_misp_name": "pe-section"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--77a11458-9cba-4925-9e68-d34ffb6eb580",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-06-17T12:32:05.000Z",
"modified": "2018-06-17T12:32:05.000Z",
"labels": [
"misp:name=\"pe-section\"",
"misp:meta-category=\"file\""
],
"x_misp_meta_category": "file",
"x_misp_name": "pe-section"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--d2bf0fa0-fd39-439c-ad04-c4b74103d928",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-06-17T12:32:06.000Z",
"modified": "2018-06-17T12:32:06.000Z",
"labels": [
"misp:name=\"pe-section\"",
"misp:meta-category=\"file\""
],
"x_misp_meta_category": "file",
"x_misp_name": "pe-section"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--a68ac63a-c404-4f51-b5c3-a08c64b8c812",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-06-17T12:32:07.000Z",
"modified": "2018-06-17T12:32:07.000Z",
"labels": [
"misp:name=\"pe-section\"",
"misp:meta-category=\"file\""
],
"x_misp_meta_category": "file",
"x_misp_name": "pe-section"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--9ed27605-49ae-4ddf-99b5-323110f08166",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-06-17T12:32:07.000Z",
"modified": "2018-06-17T12:32:07.000Z",
"labels": [
"misp:name=\"pe-section\"",
"misp:meta-category=\"file\""
],
"x_misp_meta_category": "file",
"x_misp_name": "pe-section"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--c5188fa1-89e6-4034-b190-37d19d99693b",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-06-17T12:32:08.000Z",
"modified": "2018-06-17T12:32:08.000Z",
"labels": [
"misp:name=\"pe-section\"",
"misp:meta-category=\"file\""
],
"x_misp_meta_category": "file",
"x_misp_name": "pe-section"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--bc1321a7-4ee5-4a27-8740-e98e3790543e",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-06-17T12:32:08.000Z",
"modified": "2018-06-17T12:32:08.000Z",
"labels": [
"misp:name=\"pe-section\"",
"misp:meta-category=\"file\""
],
"x_misp_meta_category": "file",
"x_misp_name": "pe-section"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--6b9a35c8-f016-45f0-bc54-230462e36f3f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-06-17T12:32:09.000Z",
"modified": "2018-06-17T12:32:09.000Z",
"labels": [
"misp:name=\"pe-section\"",
"misp:meta-category=\"file\""
],
"x_misp_meta_category": "file",
"x_misp_name": "pe-section"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--368a60f3-4114-4f9e-ac30-8a6c4c3a15ec",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-06-17T12:32:12.000Z",
"modified": "2018-06-17T12:32:12.000Z",
"labels": [
"misp:name=\"pe-section\"",
"misp:meta-category=\"file\""
],
"x_misp_meta_category": "file",
"x_misp_name": "pe-section"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--a615573c-e5d7-49d8-8f56-16b59a758b42",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-06-17T12:32:13.000Z",
"modified": "2018-06-17T12:32:13.000Z",
"labels": [
"misp:name=\"pe-section\"",
"misp:meta-category=\"file\""
],
"x_misp_meta_category": "file",
"x_misp_name": "pe-section"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--e9f573b5-0f08-42d6-a8d2-c1078df73115",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-06-17T12:32:13.000Z",
"modified": "2018-06-17T12:32:13.000Z",
"labels": [
"misp:name=\"pe-section\"",
"misp:meta-category=\"file\""
],
"x_misp_meta_category": "file",
"x_misp_name": "pe-section"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--3a947450-55ac-48b9-b46c-0b9e70a58cc0",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-06-17T12:32:14.000Z",
"modified": "2018-06-17T12:32:14.000Z",
"labels": [
"misp:name=\"pe-section\"",
"misp:meta-category=\"file\""
],
"x_misp_meta_category": "file",
"x_misp_name": "pe-section"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--05aff0ac-857c-43b1-af37-a038cca8201b",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-06-17T12:32:17.000Z",
"modified": "2018-06-17T12:32:17.000Z",
"labels": [
"misp:name=\"pe-section\"",
"misp:meta-category=\"file\""
],
"x_misp_attributes": [
{
"type": "float",
"object_relation": "entropy",
"value": "0.769911",
"category": "Other",
"uuid": "0c04251f-92e7-4fad-aba4-1f917b2c5a41"
},
{
"type": "md5",
"object_relation": "md5",
"value": "5b1f93f0412e9f1c7a7ad42d729b292b",
"category": "Payload delivery",
"to_ids": true,
"uuid": "327c22ac-f353-45b7-ba68-f526a9114218"
},
{
"type": "size-in-bytes",
"object_relation": "size-in-bytes",
"value": "4096",
"category": "Other",
"uuid": "bba942be-afa9-4b4d-b77a-ad3ca5a40a6f"
}
],
"x_misp_meta_category": "file",
"x_misp_name": "pe-section"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--7a6e023e-973d-41da-ba8d-5817f5198428",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-06-17T12:32:17.000Z",
"modified": "2018-06-17T12:32:17.000Z",
"labels": [
"misp:name=\"pe-section\"",
"misp:meta-category=\"file\""
],
"x_misp_attributes": [
{
"type": "md5",
"object_relation": "md5",
"value": "e6ea312f762f4df521b229a77f186664",
"category": "Payload delivery",
"to_ids": true,
"uuid": "af79506f-a8b6-4a12-8c44-795328d08ae5"
},
{
"type": "float",
"object_relation": "entropy",
"value": "6.629464",
"category": "Other",
"uuid": "507c7d3d-1c65-4d6f-bfa5-85713a2e3c37"
},
{
"type": "text",
"object_relation": "name",
"value": ".text",
"category": "Other",
"uuid": "336d1eba-29d1-49dd-adfd-110df231cc6a"
},
{
"type": "size-in-bytes",
"object_relation": "size-in-bytes",
"value": "475136",
"category": "Other",
"uuid": "b711961d-3eb4-497a-a287-bbe5840057fe"
}
],
"x_misp_meta_category": "file",
"x_misp_name": "pe-section"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--ff32b7ff-42ae-4b3d-acff-dcd99fb25eaf",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-06-17T12:32:18.000Z",
"modified": "2018-06-17T12:32:18.000Z",
"labels": [
"misp:name=\"pe-section\"",
"misp:meta-category=\"file\""
],
"x_misp_attributes": [
{
"type": "md5",
"object_relation": "md5",
"value": "b6fa7b267ea19010d44f056ec3cca39d",
"category": "Payload delivery",
"to_ids": true,
"uuid": "ceeab57a-d8c4-4941-b004-7993466cf5d2"
},
{
"type": "float",
"object_relation": "entropy",
"value": "5.920344",
"category": "Other",
"uuid": "91cf4983-ad20-4646-ad1b-a3ea701dc677"
},
{
"type": "text",
"object_relation": "name",
"value": ".rdata",
"category": "Other",
"uuid": "eb4b62bb-4d86-4f6f-84f8-4059883a520f"
},
{
"type": "size-in-bytes",
"object_relation": "size-in-bytes",
"value": "147456",
"category": "Other",
"uuid": "3f816338-d8c0-4f7f-a75a-93597a01605f"
}
],
"x_misp_meta_category": "file",
"x_misp_name": "pe-section"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--68f21999-9b07-41fc-9aac-8132f5dfb0c3",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-06-17T12:32:19.000Z",
"modified": "2018-06-17T12:32:19.000Z",
"labels": [
"misp:name=\"pe-section\"",
"misp:meta-category=\"file\""
],
"x_misp_attributes": [
{
"type": "md5",
"object_relation": "md5",
"value": "1076ec3948d21da8d6c5036548880c63",
"category": "Payload delivery",
"to_ids": true,
"uuid": "3adf678e-7dbc-417e-89ff-556dfd83242b"
},
{
"type": "float",
"object_relation": "entropy",
"value": "4.972282",
"category": "Other",
"uuid": "00295843-7193-4c2f-b0b4-7b289611ad5a"
},
{
"type": "text",
"object_relation": "name",
"value": ".data",
"category": "Other",
"uuid": "c27c2424-2ffa-4e04-9114-70e0a7b43583"
},
{
"type": "size-in-bytes",
"object_relation": "size-in-bytes",
"value": "77824",
"category": "Other",
"uuid": "8bad0807-50b0-4f57-90bb-7f9768e5a8fa"
}
],
"x_misp_meta_category": "file",
"x_misp_name": "pe-section"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--a4f99cb3-f450-4b2e-8455-07dfe9e41cb0",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-06-17T12:32:19.000Z",
"modified": "2018-06-17T12:32:19.000Z",
"labels": [
"misp:name=\"pe-section\"",
"misp:meta-category=\"file\""
],
"x_misp_attributes": [
{
"type": "md5",
"object_relation": "md5",
"value": "77c814f5856057e7a7f6237bbba51a76",
"category": "Payload delivery",
"to_ids": true,
"uuid": "accf6116-8373-4ebc-8661-807d85cbac79"
},
{
"type": "float",
"object_relation": "entropy",
"value": "7.100017",
"category": "Other",
"uuid": "2ac4db88-5b9b-4133-8908-d00335e8343d"
},
{
"type": "text",
"object_relation": "name",
"value": ".rsrc",
"category": "Other",
"uuid": "065e3253-badf-404e-b7b5-933b0bac6264"
},
{
"type": "size-in-bytes",
"object_relation": "size-in-bytes",
"value": "32768",
"category": "Other",
"uuid": "a12e28e9-69bb-4650-b533-3057a2e66004"
}
],
"x_misp_meta_category": "file",
"x_misp_name": "pe-section"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--9acc8d38-4f15-4bf6-9c63-71613aaebbf7",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-06-17T12:32:20.000Z",
"modified": "2018-06-17T12:32:20.000Z",
"labels": [
"misp:name=\"pe-section\"",
"misp:meta-category=\"file\""
],
"x_misp_attributes": [
{
"type": "md5",
"object_relation": "md5",
"value": "3184d0afb653bf0723cadccc14d92071",
"category": "Payload delivery",
"to_ids": true,
"uuid": "1df50229-64fc-4e6f-abe3-8d8e86233a23"
},
{
"type": "float",
"object_relation": "entropy",
"value": "5.752155",
"category": "Other",
"uuid": "fcca6bfe-3cf2-42ed-aca4-f339d10970b6"
},
{
"type": "text",
"object_relation": "name",
"value": ".reloc",
"category": "Other",
"uuid": "20bb5900-3e62-4064-bbab-304766550092"
},
{
"type": "size-in-bytes",
"object_relation": "size-in-bytes",
"value": "40960",
"category": "Other",
"uuid": "84062378-d0f4-4d54-8ddc-ceca715580cf"
}
],
"x_misp_meta_category": "file",
"x_misp_name": "pe-section"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--b6cd05be-e718-4b54-a890-ed1dd88697cb",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-06-17T12:32:23.000Z",
"modified": "2018-06-17T12:32:23.000Z",
"labels": [
"misp:name=\"pe-section\"",
"misp:meta-category=\"file\""
],
"x_misp_attributes": [
{
"type": "float",
"object_relation": "entropy",
"value": "2.821047",
"category": "Other",
"uuid": "cab440f5-5b76-4fcd-99e1-a4a96ec614e1"
},
{
"type": "md5",
"object_relation": "md5",
"value": "24baa03194bc78f0184ea606128bc80f",
"category": "Payload delivery",
"to_ids": true,
"uuid": "346cccc4-2114-4c16-8089-271a5e2e6e5a"
},
{
"type": "size-in-bytes",
"object_relation": "size-in-bytes",
"value": "1024",
"category": "Other",
"uuid": "3e562b0c-d7ce-4a70-9447-5f65a1fba640"
}
],
"x_misp_meta_category": "file",
"x_misp_name": "pe-section"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--83c72de8-db0e-4c7d-8ea1-3236b485a86f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-06-17T12:32:24.000Z",
"modified": "2018-06-17T12:32:24.000Z",
"labels": [
"misp:name=\"pe-section\"",
"misp:meta-category=\"file\""
],
"x_misp_attributes": [
{
"type": "md5",
"object_relation": "md5",
"value": "170ce86f9a7ffcd242f3903fafe1f302",
"category": "Payload delivery",
"to_ids": true,
"uuid": "4d4455d3-fff7-4faa-a28f-3e1ac431e365"
},
{
"type": "float",
"object_relation": "entropy",
"value": "6.433615",
"category": "Other",
"uuid": "60bb821b-a3da-4be5-8c23-1c094f4a51e2"
},
{
"type": "text",
"object_relation": "name",
"value": ".text",
"category": "Other",
"uuid": "a8db3e4f-e864-4379-8286-8c775519f5eb"
},
{
"type": "size-in-bytes",
"object_relation": "size-in-bytes",
"value": "57856",
"category": "Other",
"uuid": "8cb59a2e-6282-4723-a82b-83abab0443b3"
}
],
"x_misp_meta_category": "file",
"x_misp_name": "pe-section"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--014c32e7-b639-4a57-a5fb-18309fec2133",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-06-17T12:32:24.000Z",
"modified": "2018-06-17T12:32:24.000Z",
"labels": [
"misp:name=\"pe-section\"",
"misp:meta-category=\"file\""
],
"x_misp_attributes": [
{
"type": "md5",
"object_relation": "md5",
"value": "33b066692952c4534ebf0a56ca293085",
"category": "Payload delivery",
"to_ids": true,
"uuid": "991a8ecd-cbc5-4263-85e5-df75954ac8ea"
},
{
"type": "float",
"object_relation": "entropy",
"value": "5.09521",
"category": "Other",
"uuid": "5b93c1ad-3305-404c-a78e-9f8710982bb7"
},
{
"type": "text",
"object_relation": "name",
"value": ".rdata",
"category": "Other",
"uuid": "d3bc8e77-9d1c-46a3-9842-27e9f6a5e750"
},
{
"type": "size-in-bytes",
"object_relation": "size-in-bytes",
"value": "37888",
"category": "Other",
"uuid": "ddc25d67-c2e0-42ea-ad82-27bcba32aad5"
}
],
"x_misp_meta_category": "file",
"x_misp_name": "pe-section"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--b25804d1-5a0a-42f2-b5ad-0c01925ca1c7",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-06-17T12:32:25.000Z",
"modified": "2018-06-17T12:32:25.000Z",
"labels": [
"misp:name=\"pe-section\"",
"misp:meta-category=\"file\""
],
"x_misp_attributes": [
{
"type": "md5",
"object_relation": "md5",
"value": "b4eed5366c4254a3c7f6c2f021c29efe",
"category": "Payload delivery",
"to_ids": true,
"uuid": "30b303bd-0864-4f31-9ba4-00d3a3a5bf45"
},
{
"type": "float",
"object_relation": "entropy",
"value": "4.916035",
"category": "Other",
"uuid": "8efc483e-7488-4dd0-9ad5-f8ad4434e6e5"
},
{
"type": "text",
"object_relation": "name",
"value": ".data",
"category": "Other",
"uuid": "b1bd7dcf-9be7-4127-b059-558a181b6431"
},
{
"type": "size-in-bytes",
"object_relation": "size-in-bytes",
"value": "156160",
"category": "Other",
"uuid": "85b3c918-f450-456b-9df8-92a8133524c0"
}
],
"x_misp_meta_category": "file",
"x_misp_name": "pe-section"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--b31db49a-0a64-46f6-bf92-7d6d35eb8dfb",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-06-17T12:32:25.000Z",
"modified": "2018-06-17T12:32:25.000Z",
"labels": [
"misp:name=\"pe-section\"",
"misp:meta-category=\"file\""
],
"x_misp_attributes": [
{
"type": "md5",
"object_relation": "md5",
"value": "3ad7431aaa87a1e6b6400ca9b273d98a",
"category": "Payload delivery",
"to_ids": true,
"uuid": "b87f4901-64e2-46ca-8cf1-6dc07af84bff"
},
{
"type": "float",
"object_relation": "entropy",
"value": "4.579212",
"category": "Other",
"uuid": "6b0528a6-dc12-4d23-9523-441232dd81e6"
},
{
"type": "text",
"object_relation": "name",
"value": ".pdata",
"category": "Other",
"uuid": "cfd48a77-00cf-4ac1-8c25-7cf9b151d62b"
},
{
"type": "size-in-bytes",
"object_relation": "size-in-bytes",
"value": "4096",
"category": "Other",
"uuid": "df3f5ac6-9f80-4dc4-802f-6b0c25ee2d3b"
}
],
"x_misp_meta_category": "file",
"x_misp_name": "pe-section"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--2fbfd808-3ed1-4578-8a89-e0aa5d57a8b6",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-06-17T12:32:26.000Z",
"modified": "2018-06-17T12:32:26.000Z",
"labels": [
"misp:name=\"pe-section\"",
"misp:meta-category=\"file\""
],
"x_misp_attributes": [
{
"type": "md5",
"object_relation": "md5",
"value": "c23d2715b42b072fcf86b2aa58807b56",
"category": "Payload delivery",
"to_ids": true,
"uuid": "d43773fe-6170-4988-a5ab-e0089a29ef6e"
},
{
"type": "float",
"object_relation": "entropy",
"value": "4.714485",
"category": "Other",
"uuid": "80e3e91c-1b9d-4b82-88eb-881911fcb876"
},
{
"type": "text",
"object_relation": "name",
"value": ".rsrc",
"category": "Other",
"uuid": "9143f7c7-cd51-494a-9310-ec97904e65f0"
},
{
"type": "size-in-bytes",
"object_relation": "size-in-bytes",
"value": "512",
"category": "Other",
"uuid": "73b708ac-40ff-4625-bc96-0c88f1e79986"
}
],
"x_misp_meta_category": "file",
"x_misp_name": "pe-section"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--9a97fc45-451c-4aee-8940-4a554ebf286f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-06-17T12:32:26.000Z",
"modified": "2018-06-17T12:32:26.000Z",
"labels": [
"misp:name=\"pe-section\"",
"misp:meta-category=\"file\""
],
"x_misp_attributes": [
{
"type": "md5",
"object_relation": "md5",
"value": "ad711ec082866631d620286bb36fdb72",
"category": "Payload delivery",
"to_ids": true,
"uuid": "385f884a-25f5-4950-88c4-f52210c34aba"
},
{
"type": "float",
"object_relation": "entropy",
"value": "4.752156",
"category": "Other",
"uuid": "4a70cc12-33d8-4cc4-98d4-28046dd05380"
},
{
"type": "text",
"object_relation": "name",
"value": ".reloc",
"category": "Other",
"uuid": "83aa42d4-17a8-452c-8a7f-300c6981c0da"
},
{
"type": "size-in-bytes",
"object_relation": "size-in-bytes",
"value": "2048",
"category": "Other",
"uuid": "05c7cb56-ea7e-4ec5-9aeb-d04245e98199"
}
],
"x_misp_meta_category": "file",
"x_misp_name": "pe-section"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--1d79df64-ad7a-4189-a107-1d2f27e8202c",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-06-17T12:32:29.000Z",
"modified": "2018-06-17T12:32:29.000Z",
"labels": [
"misp:name=\"pe-section\"",
"misp:meta-category=\"file\""
],
"x_misp_attributes": [
{
"type": "float",
"object_relation": "entropy",
"value": "0.68996",
"category": "Other",
"uuid": "cf335a8c-65a1-4861-87aa-0dc50c6b92e1"
},
{
"type": "md5",
"object_relation": "md5",
"value": "81c12eb5fc3cbdd06675cd1097363a40",
"category": "Payload delivery",
"to_ids": true,
"uuid": "be0e5848-f63f-4a60-b44e-88e691a579e2"
},
{
"type": "size-in-bytes",
"object_relation": "size-in-bytes",
"value": "4096",
"category": "Other",
"uuid": "e44574c6-ce7c-4e80-a945-2d93826c6c43"
}
],
"x_misp_meta_category": "file",
"x_misp_name": "pe-section"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--b4d6cf82-abf9-40ea-8adf-884cac0b7dca",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-06-17T12:32:30.000Z",
"modified": "2018-06-17T12:32:30.000Z",
"labels": [
"misp:name=\"pe-section\"",
"misp:meta-category=\"file\""
],
"x_misp_attributes": [
{
"type": "md5",
"object_relation": "md5",
"value": "2539474aa6202371abd37a4d66031955",
"category": "Payload delivery",
"to_ids": true,
"uuid": "8193f910-b6a6-4882-b2db-8953d9005fbc"
},
{
"type": "float",
"object_relation": "entropy",
"value": "6.641666",
"category": "Other",
"uuid": "a64b04be-5226-480a-bfd6-533d4351210a"
},
{
"type": "text",
"object_relation": "name",
"value": ".text",
"category": "Other",
"uuid": "82d7de21-f2e6-4063-8d5b-7706e21afb07"
},
{
"type": "size-in-bytes",
"object_relation": "size-in-bytes",
"value": "86016",
"category": "Other",
"uuid": "cd2231da-2e2b-4e4e-a97f-3f282001bf7a"
}
],
"x_misp_meta_category": "file",
"x_misp_name": "pe-section"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--1b2178c0-7302-4bf6-a196-e7088086d1e7",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-06-17T12:32:30.000Z",
"modified": "2018-06-17T12:32:30.000Z",
"labels": [
"misp:name=\"pe-section\"",
"misp:meta-category=\"file\""
],
"x_misp_attributes": [
{
"type": "md5",
"object_relation": "md5",
"value": "b97c14b801643b3a61ea28266f3f71b1",
"category": "Payload delivery",
"to_ids": true,
"uuid": "5a312721-fd48-476c-9654-e8e41472f1c4"
},
{
"type": "float",
"object_relation": "entropy",
"value": "4.735406",
"category": "Other",
"uuid": "b74266f1-cd11-4044-8312-00950e9ee312"
},
{
"type": "text",
"object_relation": "name",
"value": ".rdata",
"category": "Other",
"uuid": "875163fd-907d-4d52-a24d-02644bde7c9d"
},
{
"type": "size-in-bytes",
"object_relation": "size-in-bytes",
"value": "8192",
"category": "Other",
"uuid": "10bb4ac1-f150-47c4-8ded-aa009ede3f86"
}
],
"x_misp_meta_category": "file",
"x_misp_name": "pe-section"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--f6bf304a-cd3f-4bf4-8731-e4ad2e85c5c6",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-06-17T12:32:31.000Z",
"modified": "2018-06-17T12:32:31.000Z",
"labels": [
"misp:name=\"pe-section\"",
"misp:meta-category=\"file\""
],
"x_misp_attributes": [
{
"type": "md5",
"object_relation": "md5",
"value": "48eb8a67d4fd42ea24da9dc9029cb101",
"category": "Payload delivery",
"to_ids": true,
"uuid": "8f75c9c7-80a2-41fa-b5ab-8735956638d2"
},
{
"type": "float",
"object_relation": "entropy",
"value": "1.857068",
"category": "Other",
"uuid": "15bc8756-8f47-494f-840b-861e802a419b"
},
{
"type": "text",
"object_relation": "name",
"value": ".data",
"category": "Other",
"uuid": "ee33eb1b-d468-4e3e-9864-f0be95463ee9"
},
{
"type": "size-in-bytes",
"object_relation": "size-in-bytes",
"value": "16384",
"category": "Other",
"uuid": "14303c6c-455c-4e90-acf1-bd235be80e5e"
}
],
"x_misp_meta_category": "file",
"x_misp_name": "pe-section"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--245d12e0-fda7-41de-935c-5fc5208ea77a",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-06-17T12:32:31.000Z",
"modified": "2018-06-17T12:32:31.000Z",
"labels": [
"misp:name=\"pe-section\"",
"misp:meta-category=\"file\""
],
"x_misp_attributes": [
{
"type": "md5",
"object_relation": "md5",
"value": "c139ac9cb34e0620a10c15e5d42b85d2",
"category": "Payload delivery",
"to_ids": true,
"uuid": "9382818d-b836-4bce-be05-0dc121894ce4"
},
{
"type": "float",
"object_relation": "entropy",
"value": "1.174962",
"category": "Other",
"uuid": "6024c08a-0a67-468d-a7ca-5b316029ebde"
},
{
"type": "text",
"object_relation": "name",
"value": ".rsrc",
"category": "Other",
"uuid": "1c6d2b79-dc6c-4b92-9132-d8e6c9b6f0a6"
},
{
"type": "size-in-bytes",
"object_relation": "size-in-bytes",
"value": "4096",
"category": "Other",
"uuid": "aa257733-68ee-4822-92e8-a75ff29fed05"
}
],
"x_misp_meta_category": "file",
"x_misp_name": "pe-section"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--a5bf7615-9482-49f6-9959-55010346971f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-06-17T12:32:37.000Z",
"modified": "2018-06-17T12:32:37.000Z",
"labels": [
"misp:name=\"pe-section\"",
"misp:meta-category=\"file\""
],
"x_misp_attributes": [
{
"type": "float",
"object_relation": "entropy",
"value": "2.558659",
"category": "Other",
"uuid": "6f846829-c071-4357-834a-88d3c908d07d"
},
{
"type": "md5",
"object_relation": "md5",
"value": "55b6d1ed6d76c7d17cc270bc1843d2cb",
"category": "Payload delivery",
"to_ids": true,
"uuid": "12337d08-e2f7-4a13-b25a-9018dc6fb5a3"
},
{
"type": "size-in-bytes",
"object_relation": "size-in-bytes",
"value": "1024",
"category": "Other",
"uuid": "00869999-96fa-4094-8e60-8fd9643b04e5"
}
],
"x_misp_meta_category": "file",
"x_misp_name": "pe-section"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--e20e89de-dedb-4493-9f39-d19bca906c68",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-06-17T12:32:37.000Z",
"modified": "2018-06-17T12:32:37.000Z",
"labels": [
"misp:name=\"pe-section\"",
"misp:meta-category=\"file\""
],
"x_misp_attributes": [
{
"type": "md5",
"object_relation": "md5",
"value": "6e501513865a783fa945269010ac3785",
"category": "Payload delivery",
"to_ids": true,
"uuid": "594249fb-de2c-44c7-9c72-b883b0bbd722"
},
{
"type": "float",
"object_relation": "entropy",
"value": "6.390707",
"category": "Other",
"uuid": "5399e04c-6797-4851-9c02-4498d8fedeb8"
},
{
"type": "text",
"object_relation": "name",
"value": ".text",
"category": "Other",
"uuid": "28cf08e9-586f-40ff-88e6-24f58b74ef7b"
},
{
"type": "size-in-bytes",
"object_relation": "size-in-bytes",
"value": "69632",
"category": "Other",
"uuid": "d63e0b10-bf65-429e-a385-577f4a7ca1d4"
}
],
"x_misp_meta_category": "file",
"x_misp_name": "pe-section"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--a640c76e-6b15-4f46-bb4a-3c41a62700c5",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-06-17T12:32:38.000Z",
"modified": "2018-06-17T12:32:38.000Z",
"labels": [
"misp:name=\"pe-section\"",
"misp:meta-category=\"file\""
],
"x_misp_attributes": [
{
"type": "md5",
"object_relation": "md5",
"value": "45584c7afdc086b651d7299673643506",
"category": "Payload delivery",
"to_ids": true,
"uuid": "2a4a9051-94ca-498b-ace2-73b414564804"
},
{
"type": "float",
"object_relation": "entropy",
"value": "4.704433",
"category": "Other",
"uuid": "7633f9f1-2783-41d6-9348-b190763c9718"
},
{
"type": "text",
"object_relation": "name",
"value": ".rdata",
"category": "Other",
"uuid": "0214cb1a-7528-4f12-bcd6-f954bb7d6323"
},
{
"type": "size-in-bytes",
"object_relation": "size-in-bytes",
"value": "24064",
"category": "Other",
"uuid": "7403a39b-afb6-4849-bef1-16b02e384da7"
}
],
"x_misp_meta_category": "file",
"x_misp_name": "pe-section"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--940a978d-4e70-4357-a7c1-2e1a9e80b784",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-06-17T12:32:38.000Z",
"modified": "2018-06-17T12:32:38.000Z",
"labels": [
"misp:name=\"pe-section\"",
"misp:meta-category=\"file\""
],
"x_misp_meta_category": "file",
"x_misp_name": "pe-section"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--fe2d8b67-f422-4335-be73-542f40ee8559",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-06-17T12:32:39.000Z",
"modified": "2018-06-17T12:32:39.000Z",
"labels": [
"misp:name=\"pe-section\"",
"misp:meta-category=\"file\""
],
"x_misp_attributes": [
{
"type": "md5",
"object_relation": "md5",
"value": "de3fe99833797faa77379640174d16c4",
"category": "Payload delivery",
"to_ids": true,
"uuid": "26ce7da5-8330-403a-babf-afa9f4e8bbbc"
},
{
"type": "float",
"object_relation": "entropy",
"value": "4.786623",
"category": "Other",
"uuid": "7fbfbec0-c2a2-4968-beb9-2bcd00bf4234"
},
{
"type": "text",
"object_relation": "name",
"value": ".pdata",
"category": "Other",
"uuid": "4d3c86ab-bd7e-4d16-8645-8faf593a8b0e"
},
{
"type": "size-in-bytes",
"object_relation": "size-in-bytes",
"value": "4096",
"category": "Other",
"uuid": "af55cdc6-ae33-4a93-a0f1-183d270362ad"
}
],
"x_misp_meta_category": "file",
"x_misp_name": "pe-section"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--c11a828a-e1d5-4299-9329-7908ca5aeea8",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-06-17T12:32:39.000Z",
"modified": "2018-06-17T12:32:39.000Z",
"labels": [
"misp:name=\"pe-section\"",
"misp:meta-category=\"file\""
],
"x_misp_attributes": [
{
"type": "md5",
"object_relation": "md5",
"value": "0cc425d0556c63acb7c04b9b1a211d5b",
"category": "Payload delivery",
"to_ids": true,
"uuid": "fdac98ce-e37a-4a40-a5fa-6cbae5a0d41d"
},
{
"type": "float",
"object_relation": "entropy",
"value": "5.105006",
"category": "Other",
"uuid": "fab78eda-b6fc-4db9-9983-f7c622a5b838"
},
{
"type": "text",
"object_relation": "name",
"value": ".rsrc",
"category": "Other",
"uuid": "9f7e4bc6-7a0f-4830-9152-696b88b5719d"
},
{
"type": "size-in-bytes",
"object_relation": "size-in-bytes",
"value": "512",
"category": "Other",
"uuid": "5f0f9cfa-6975-4e6e-bdec-05c056a9b3b2"
}
],
"x_misp_meta_category": "file",
"x_misp_name": "pe-section"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--f5d96ec9-8867-4032-8088-5c539234665c",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-06-17T12:32:40.000Z",
"modified": "2018-06-17T12:32:40.000Z",
"labels": [
"misp:name=\"pe-section\"",
"misp:meta-category=\"file\""
],
"x_misp_attributes": [
{
"type": "md5",
"object_relation": "md5",
"value": "914f25782a74f42e42d7974b13bd01c8",
"category": "Payload delivery",
"to_ids": true,
"uuid": "af06b21f-d9a4-44d7-91e4-1e533736ec2d"
},
{
"type": "float",
"object_relation": "entropy",
"value": "2.869845",
"category": "Other",
"uuid": "2a4ff6aa-6535-4cc3-bb2b-3bcf214b5924"
},
{
"type": "text",
"object_relation": "name",
"value": ".reloc",
"category": "Other",
"uuid": "18e88c8c-0485-4da2-b13b-34bc3ca648b5"
},
{
"type": "size-in-bytes",
"object_relation": "size-in-bytes",
"value": "1536",
"category": "Other",
"uuid": "4552ec2e-a15f-4e81-a1ce-ba951b0585ba"
}
],
"x_misp_meta_category": "file",
"x_misp_name": "pe-section"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--90eb0a08-a0d8-49c6-8ec7-dccc20d06199",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-06-17T12:32:46.000Z",
"modified": "2018-06-17T12:32:46.000Z",
"labels": [
"misp:name=\"pe-section\"",
"misp:meta-category=\"file\""
],
"x_misp_attributes": [
{
"type": "float",
"object_relation": "entropy",
"value": "2.623906",
"category": "Other",
"uuid": "4f20d754-af06-4bf8-a089-e1604183d051"
},
{
"type": "md5",
"object_relation": "md5",
"value": "2082ea5adc4b910e8673c04dc7d962d2",
"category": "Payload delivery",
"to_ids": true,
"uuid": "77867ffc-adae-4cb2-b0b7-31f5a2fcaf04"
},
{
"type": "size-in-bytes",
"object_relation": "size-in-bytes",
"value": "1024",
"category": "Other",
"uuid": "746ff0db-a29c-47e9-b429-a582329f3bee"
}
],
"x_misp_meta_category": "file",
"x_misp_name": "pe-section"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--073bfabc-0580-4fde-8659-c3854029937d",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-06-17T12:32:46.000Z",
"modified": "2018-06-17T12:32:46.000Z",
"labels": [
"misp:name=\"pe-section\"",
"misp:meta-category=\"file\""
],
"x_misp_attributes": [
{
"type": "md5",
"object_relation": "md5",
"value": "e6e5ce270a5e80221a815dbf739883a2",
"category": "Payload delivery",
"to_ids": true,
"uuid": "e49319ec-2ee0-40a3-8ff4-3c94373b1bd2"
},
{
"type": "float",
"object_relation": "entropy",
"value": "6.434048",
"category": "Other",
"uuid": "efff8e0d-ca3c-482e-909f-517d3b0f429e"
},
{
"type": "text",
"object_relation": "name",
"value": ".text",
"category": "Other",
"uuid": "dfb19b82-e9d3-4b43-8eac-c37e3fcfe445"
},
{
"type": "size-in-bytes",
"object_relation": "size-in-bytes",
"value": "111616",
"category": "Other",
"uuid": "9ea0245b-8cf8-4e5d-99d4-f5fb3222d571"
}
],
"x_misp_meta_category": "file",
"x_misp_name": "pe-section"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--e5f2a5b2-f9b6-4536-8068-1e610b0a5b17",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-06-17T12:32:47.000Z",
"modified": "2018-06-17T12:32:47.000Z",
"labels": [
"misp:name=\"pe-section\"",
"misp:meta-category=\"file\""
],
"x_misp_meta_category": "file",
"x_misp_name": "pe-section"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--592953b3-0474-4ad1-8942-757124e30a99",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-06-17T12:32:47.000Z",
"modified": "2018-06-17T12:32:47.000Z",
"labels": [
"misp:name=\"pe-section\"",
"misp:meta-category=\"file\""
],
"x_misp_meta_category": "file",
"x_misp_name": "pe-section"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--d4bf7b4c-7f49-46cd-94a6-c12dc5a471eb",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-06-17T12:32:48.000Z",
"modified": "2018-06-17T12:32:48.000Z",
"labels": [
"misp:name=\"pe-section\"",
"misp:meta-category=\"file\""
],
"x_misp_meta_category": "file",
"x_misp_name": "pe-section"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--3a63168f-d604-46d2-80c0-d24afea4639b",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-06-17T12:32:48.000Z",
"modified": "2018-06-17T12:32:48.000Z",
"labels": [
"misp:name=\"pe-section\"",
"misp:meta-category=\"file\""
],
"x_misp_meta_category": "file",
"x_misp_name": "pe-section"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--c8df1989-af8f-49db-838c-ef2f8bb96eb5",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-06-17T12:32:49.000Z",
"modified": "2018-06-17T12:32:49.000Z",
"labels": [
"misp:name=\"pe-section\"",
"misp:meta-category=\"file\""
],
"x_misp_meta_category": "file",
"x_misp_name": "pe-section"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--81962a81-10c7-4f4d-ba8b-b9df3d5d741d",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-06-17T12:32:52.000Z",
"modified": "2018-06-17T12:32:52.000Z",
"labels": [
"misp:name=\"pe-section\"",
"misp:meta-category=\"file\""
],
"x_misp_attributes": [
{
"type": "float",
"object_relation": "entropy",
"value": "0.736742",
"category": "Other",
"uuid": "fc7e52c1-6011-43c6-86de-e8aaab9a61de"
},
{
"type": "md5",
"object_relation": "md5",
"value": "f066de8df54d4f92795472d981374309",
"category": "Payload delivery",
"to_ids": true,
"uuid": "4e34dda4-b9ad-4519-959a-0825f5d71bb3"
},
{
"type": "md5",
"object_relation": "md5",
"value": "f066de8df54d4f92795472d981374309",
"category": "Payload delivery",
"to_ids": true,
"uuid": "d42cac4e-b0d6-46d6-9f8a-f35f08f40a06"
},
{
"type": "size-in-bytes",
"object_relation": "size-in-bytes",
"value": "4096",
"category": "Other",
"uuid": "494565ac-b506-4c9a-9af8-7d6b07e59ab3"
}
],
"x_misp_meta_category": "file",
"x_misp_name": "pe-section"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--0f3b61d8-1fdd-408b-9710-61e6e3a05220",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-06-17T12:32:52.000Z",
"modified": "2018-06-17T12:32:52.000Z",
"labels": [
"misp:name=\"pe-section\"",
"misp:meta-category=\"file\""
],
"x_misp_attributes": [
{
"type": "md5",
"object_relation": "md5",
"value": "e321dba33ae4db3b9e29aa6072b92e77",
"category": "Payload delivery",
"to_ids": true,
"uuid": "6656b273-6c7a-4832-a86c-c2e3f7a660dc"
},
{
"type": "float",
"object_relation": "entropy",
"value": "6.464385",
"category": "Other",
"uuid": "2e222367-ab5f-4682-8801-5e1df46ec400"
},
{
"type": "text",
"object_relation": "name",
"value": ".text",
"category": "Other",
"uuid": "0107108d-10f0-43c8-95db-edddeefda13b"
},
{
"type": "size-in-bytes",
"object_relation": "size-in-bytes",
"value": "57344",
"category": "Other",
"uuid": "08610deb-6845-469f-bff4-eb4952548ea2"
}
],
"x_misp_meta_category": "file",
"x_misp_name": "pe-section"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--5690876b-7f5b-4032-bb10-3f690b1ce2cd",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-06-17T12:32:53.000Z",
"modified": "2018-06-17T12:32:53.000Z",
"labels": [
"misp:name=\"pe-section\"",
"misp:meta-category=\"file\""
],
"x_misp_attributes": [
{
"type": "md5",
"object_relation": "md5",
"value": "e321dba33ae4db3b9e29aa6072b92e77",
"category": "Payload delivery",
"to_ids": true,
"uuid": "0c9f8b24-4858-41b6-84ee-3cdc6d14c88d"
},
{
"type": "float",
"object_relation": "entropy",
"value": "6.464385",
"category": "Other",
"uuid": "57a2e7f2-3dd1-4271-a6ef-f60f642c14ad"
},
{
"type": "text",
"object_relation": "name",
"value": ".text",
"category": "Other",
"uuid": "cec5ad39-baa9-4390-953f-f4a921c5c4d4"
},
{
"type": "size-in-bytes",
"object_relation": "size-in-bytes",
"value": "57344",
"category": "Other",
"uuid": "7fcb8b99-d6ed-419b-b839-b59567bbaa05"
}
],
"x_misp_meta_category": "file",
"x_misp_name": "pe-section"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--05809cc2-e217-49db-a128-b8b63d1b5171",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-06-17T12:32:54.000Z",
"modified": "2018-06-17T12:32:54.000Z",
"labels": [
"misp:name=\"pe-section\"",
"misp:meta-category=\"file\""
],
"x_misp_attributes": [
{
"type": "md5",
"object_relation": "md5",
"value": "a256d5f52608331df8545a9d38751462",
"category": "Payload delivery",
"to_ids": true,
"uuid": "080b39a2-0110-4edc-a43c-a9484d0f01d8"
},
{
"type": "float",
"object_relation": "entropy",
"value": "3.62856",
"category": "Other",
"uuid": "fd32f17e-c693-4ae4-86a9-220e71e8ff3d"
},
{
"type": "text",
"object_relation": "name",
"value": ".rdata",
"category": "Other",
"uuid": "9e32adde-d36d-446c-bec6-c68ce69cd29d"
},
{
"type": "size-in-bytes",
"object_relation": "size-in-bytes",
"value": "8192",
"category": "Other",
"uuid": "68d693c4-6d58-4174-a992-04bd071efdeb"
}
],
"x_misp_meta_category": "file",
"x_misp_name": "pe-section"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--58af18ac-7fad-4504-85de-90947ece0028",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-06-17T12:32:54.000Z",
"modified": "2018-06-17T12:32:54.000Z",
"labels": [
"misp:name=\"pe-section\"",
"misp:meta-category=\"file\""
],
"x_misp_attributes": [
{
"type": "md5",
"object_relation": "md5",
"value": "a256d5f52608331df8545a9d38751462",
"category": "Payload delivery",
"to_ids": true,
"uuid": "69c33713-7739-4f5e-a7e3-d58476a58de6"
},
{
"type": "float",
"object_relation": "entropy",
"value": "3.62856",
"category": "Other",
"uuid": "4311be4a-1510-4945-ae3c-d5bcb855ab5c"
},
{
"type": "text",
"object_relation": "name",
"value": ".rdata",
"category": "Other",
"uuid": "857498ed-6f15-4196-8d87-3b2522567d38"
},
{
"type": "size-in-bytes",
"object_relation": "size-in-bytes",
"value": "8192",
"category": "Other",
"uuid": "3ee3d7b1-1268-4b31-b195-679c3fb83b1c"
}
],
"x_misp_meta_category": "file",
"x_misp_name": "pe-section"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--75cd1bef-0d6e-4c7f-bc48-293403212159",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-06-17T12:32:55.000Z",
"modified": "2018-06-17T12:32:55.000Z",
"labels": [
"misp:name=\"pe-section\"",
"misp:meta-category=\"file\""
],
"x_misp_attributes": [
{
"type": "md5",
"object_relation": "md5",
"value": "1d905ad87919346eb6c8463f61b599e8",
"category": "Payload delivery",
"to_ids": true,
"uuid": "8c837b33-91dd-44e1-a433-145918d62c3e"
},
{
"type": "float",
"object_relation": "entropy",
"value": "1.547483",
"category": "Other",
"uuid": "6d8b2665-bdd9-4b08-98c9-71eff4a95c71"
},
{
"type": "text",
"object_relation": "name",
"value": ".data",
"category": "Other",
"uuid": "0d60a67c-0f8e-4dd3-b20e-4ff453638f33"
},
{
"type": "size-in-bytes",
"object_relation": "size-in-bytes",
"value": "16384",
"category": "Other",
"uuid": "2b4024d6-5a16-4d3c-8d50-d142267c9bd5"
}
],
"x_misp_meta_category": "file",
"x_misp_name": "pe-section"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--e1eb04f2-bccb-4dd0-9f93-a1f2ccb4e650",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-06-17T12:32:55.000Z",
"modified": "2018-06-17T12:32:55.000Z",
"labels": [
"misp:name=\"pe-section\"",
"misp:meta-category=\"file\""
],
"x_misp_attributes": [
{
"type": "md5",
"object_relation": "md5",
"value": "1d905ad87919346eb6c8463f61b599e8",
"category": "Payload delivery",
"to_ids": true,
"uuid": "cc978b97-e011-4b39-baa6-83cf5041703f"
},
{
"type": "float",
"object_relation": "entropy",
"value": "1.547483",
"category": "Other",
"uuid": "5b1c2cd7-1fa1-4f92-b2a2-eae73347d002"
},
{
"type": "text",
"object_relation": "name",
"value": ".data",
"category": "Other",
"uuid": "6c3936b8-dd84-4b92-9d71-712e542bd4c5"
},
{
"type": "size-in-bytes",
"object_relation": "size-in-bytes",
"value": "16384",
"category": "Other",
"uuid": "6f514aa7-57c0-49a9-9a7b-2f22321f196a"
}
],
"x_misp_meta_category": "file",
"x_misp_name": "pe-section"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--5ddcf5da-400b-4bad-b4f3-9dd0708a6644",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-06-17T12:32:56.000Z",
"modified": "2018-06-17T12:32:56.000Z",
"labels": [
"misp:name=\"pe-section\"",
"misp:meta-category=\"file\""
],
"x_misp_attributes": [
{
"type": "md5",
"object_relation": "md5",
"value": "afdf2120655e37010482a536d552199e",
"category": "Payload delivery",
"to_ids": true,
"uuid": "99f5f2f6-5baa-4c45-94e1-ddff00cf07ea"
},
{
"type": "float",
"object_relation": "entropy",
"value": "7.100033",
"category": "Other",
"uuid": "a1e21134-1f3c-4e92-aae6-42379c3da323"
},
{
"type": "text",
"object_relation": "name",
"value": ".rsrc",
"category": "Other",
"uuid": "494d887a-1d0f-409f-a595-aaf5caf25c66"
},
{
"type": "size-in-bytes",
"object_relation": "size-in-bytes",
"value": "32768",
"category": "Other",
"uuid": "6124ec92-36cb-438b-a015-afa57fceec91"
}
],
"x_misp_meta_category": "file",
"x_misp_name": "pe-section"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--52d6ebd2-4ad3-44c5-9029-ccbff450c8b7",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-06-17T12:32:56.000Z",
"modified": "2018-06-17T12:32:56.000Z",
"labels": [
"misp:name=\"pe-section\"",
"misp:meta-category=\"file\""
],
"x_misp_attributes": [
{
"type": "md5",
"object_relation": "md5",
"value": "afdf2120655e37010482a536d552199e",
"category": "Payload delivery",
"to_ids": true,
"uuid": "686fbb2b-c415-4079-9ce3-98c34cf8d5b8"
},
{
"type": "float",
"object_relation": "entropy",
"value": "7.100033",
"category": "Other",
"uuid": "61a03fd9-9828-4b54-b80a-1a73ddcedb89"
},
{
"type": "text",
"object_relation": "name",
"value": ".rsrc",
"category": "Other",
"uuid": "e1eb6292-bff0-4bee-8a3d-1801bc5535c6"
},
{
"type": "size-in-bytes",
"object_relation": "size-in-bytes",
"value": "32768",
"category": "Other",
"uuid": "aa9f8684-a9c1-41c5-8cb9-acd831c71bc5"
}
],
"x_misp_meta_category": "file",
"x_misp_name": "pe-section"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--59e02386-d00c-417d-b9c1-7a1dce691aad",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-06-17T12:32:57.000Z",
"modified": "2018-06-17T12:32:57.000Z",
"labels": [
"misp:name=\"pe-section\"",
"misp:meta-category=\"file\""
],
"x_misp_attributes": [
{
"type": "md5",
"object_relation": "md5",
"value": "bbeec3983cc5b2094f8311718d327480",
"category": "Payload delivery",
"to_ids": true,
"uuid": "8a17878e-ae39-4389-b735-22c96fdb12ac"
},
{
"type": "float",
"object_relation": "entropy",
"value": "3.234713",
"category": "Other",
"uuid": "c4a78694-bbed-4f91-91b0-b95a9d843611"
},
{
"type": "text",
"object_relation": "name",
"value": ".reloc",
"category": "Other",
"uuid": "c261f65c-d412-48de-961e-d515053ab4b2"
},
{
"type": "size-in-bytes",
"object_relation": "size-in-bytes",
"value": "8192",
"category": "Other",
"uuid": "211934d9-2206-4993-ae25-72076f830b38"
}
],
"x_misp_meta_category": "file",
"x_misp_name": "pe-section"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--dee24e7d-32ac-427d-a6be-952cf291e5f6",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-06-17T12:32:58.000Z",
"modified": "2018-06-17T12:32:58.000Z",
"labels": [
"misp:name=\"pe-section\"",
"misp:meta-category=\"file\""
],
"x_misp_attributes": [
{
"type": "md5",
"object_relation": "md5",
"value": "bbeec3983cc5b2094f8311718d327480",
"category": "Payload delivery",
"to_ids": true,
"uuid": "37431fbf-1e5d-4a02-bff9-bb3ecf2d3a0e"
},
{
"type": "float",
"object_relation": "entropy",
"value": "3.234713",
"category": "Other",
"uuid": "5b1f36af-aa43-4bf1-b1f7-3688a70e9bee"
},
{
"type": "text",
"object_relation": "name",
"value": ".reloc",
"category": "Other",
"uuid": "11f28e1c-8719-4b63-8bc0-9bb631db7792"
},
{
"type": "size-in-bytes",
"object_relation": "size-in-bytes",
"value": "8192",
"category": "Other",
"uuid": "b0a0607b-0f9c-4442-9b61-bf940e11d278"
}
],
"x_misp_meta_category": "file",
"x_misp_name": "pe-section"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--9f9e2094-5ce3-4181-bb65-4ec625516faf",
"created": "2018-06-17T12:33:01.000Z",
"modified": "2018-06-17T12:33:01.000Z",
"relationship_type": "contains",
"source_ref": "x-misp-object--331a2fb4-3f10-45ca-89c9-60cf96c9205f",
"target_ref": "x-misp-object--2c6f9016-4377-447f-84df-ddc4c2d59f35"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--4571ae32-c759-4b07-a8d7-6e6314e3e254",
"created": "2018-06-17T12:33:02.000Z",
"modified": "2018-06-17T12:33:02.000Z",
"relationship_type": "contained-within",
"source_ref": "x-misp-object--2c6f9016-4377-447f-84df-ddc4c2d59f35",
"target_ref": "x-misp-object--331a2fb4-3f10-45ca-89c9-60cf96c9205f"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--75b5a86a-bf7d-4c4e-9d3a-209b0a25814c",
"created": "2018-06-17T12:33:02.000Z",
"modified": "2018-06-17T12:33:02.000Z",
"relationship_type": "contains",
"source_ref": "x-misp-object--bd2613b3-ef57-4c37-9e55-26e51493ba3a",
"target_ref": "x-misp-object--16c183f2-2c3f-4304-ad99-9e19c2323ee0"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--289328c5-25c2-413e-a454-570a890bd059",
"created": "2018-06-17T12:33:03.000Z",
"modified": "2018-06-17T12:33:03.000Z",
"relationship_type": "contained-within",
"source_ref": "x-misp-object--16c183f2-2c3f-4304-ad99-9e19c2323ee0",
"target_ref": "x-misp-object--bd2613b3-ef57-4c37-9e55-26e51493ba3a"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--f8e4934e-1210-4fd6-8ab1-8f2facc167a3",
"created": "2018-06-17T12:33:04.000Z",
"modified": "2018-06-17T12:33:04.000Z",
"relationship_type": "contains",
"source_ref": "indicator--1dd9ce3a-5709-4b5b-9dd2-12d9bf32e1d0",
"target_ref": "indicator--c2593c36-69f5-4c43-9fcc-b335d606d569"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--31473915-bd20-47b1-bf59-0b348e5d678d",
"created": "2018-06-17T12:33:05.000Z",
"modified": "2018-06-17T12:33:05.000Z",
"relationship_type": "contained-within",
"source_ref": "indicator--c2593c36-69f5-4c43-9fcc-b335d606d569",
"target_ref": "indicator--1dd9ce3a-5709-4b5b-9dd2-12d9bf32e1d0"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--5042adca-c7d4-45b0-9e88-b5fe10021849",
"created": "2018-06-17T12:33:05.000Z",
"modified": "2018-06-17T12:33:05.000Z",
"relationship_type": "contains",
"source_ref": "indicator--35046b12-4171-4598-ab66-f6c536f03862",
"target_ref": "indicator--36c77c19-8523-4fc0-b1c7-a37fc417137f"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--0b339351-2483-424d-ac85-64ab07064f2e",
"created": "2018-06-17T12:33:06.000Z",
"modified": "2018-06-17T12:33:06.000Z",
"relationship_type": "contained-within",
"source_ref": "indicator--36c77c19-8523-4fc0-b1c7-a37fc417137f",
"target_ref": "indicator--35046b12-4171-4598-ab66-f6c536f03862"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--89f11649-c4ed-4847-8856-873c26b416d4",
"created": "2018-06-17T12:40:50.000Z",
"modified": "2018-06-17T12:40:50.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--36c77c19-8523-4fc0-b1c7-a37fc417137f",
"target_ref": "x-misp-object--450c3377-2c9b-4b69-8381-f51dfe41f149"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--992eaa29-f029-4690-9214-45bdd0b7ce25",
"created": "2018-06-17T12:33:06.000Z",
"modified": "2018-06-17T12:33:06.000Z",
"relationship_type": "contains",
"source_ref": "indicator--a84b8d9c-0175-411b-8b89-fc0ac709df56",
"target_ref": "indicator--f94d3e39-27ea-4214-bb44-c25505dc2326"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--b08174a4-98d4-4e4e-923f-8c5ebd2fea27",
"created": "2018-06-17T12:33:06.000Z",
"modified": "2018-06-17T12:33:06.000Z",
"relationship_type": "contained-within",
"source_ref": "indicator--f94d3e39-27ea-4214-bb44-c25505dc2326",
"target_ref": "indicator--a84b8d9c-0175-411b-8b89-fc0ac709df56"
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
]
}