misp-circl-feed/feeds/circl/stix-2.1/5adf7b6e-eb68-43dc-8a49-47b1950d210f.json

5702 lines
415 KiB
JSON
Raw Permalink Normal View History

2023-04-21 14:44:17 +00:00
{
"type": "bundle",
"id": "bundle--5adf7b6e-eb68-43dc-8a49-47b1950d210f",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-04-24T18:57:53.000Z",
"modified": "2018-04-24T18:57:53.000Z",
"name": "CIRCL",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--5adf7b6e-eb68-43dc-8a49-47b1950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-04-24T18:57:53.000Z",
"modified": "2018-04-24T18:57:53.000Z",
"name": "OSINT - Sednit update: Analysis of Zebrocy",
"published": "2018-04-24T18:58:10Z",
"object_refs": [
"observed-data--5adf7b90-43b8-4afe-9c56-4401950d210f",
"url--5adf7b90-43b8-4afe-9c56-4401950d210f",
"x-misp-attribute--5adf7ba3-3b5c-4ab6-acb9-4154950d210f",
"observed-data--5adf7be8-c1bc-4162-aa18-4914950d210f",
"file--5adf7be8-c1bc-4162-aa18-4914950d210f",
"artifact--5adf7be8-c1bc-4162-aa18-4914950d210f",
"indicator--5adf7c2a-2900-4127-8037-a5b9950d210f",
"indicator--5adf7c2a-b200-49ab-b8bc-a5b9950d210f",
"indicator--5adf7c2b-e094-4394-a530-a5b9950d210f",
"indicator--5adf7c2b-8e60-4c01-811a-a5b9950d210f",
"indicator--5adf7c2c-5464-4b95-8fa5-a5b9950d210f",
"indicator--5adf7c2c-6670-4309-8f81-a5b9950d210f",
"indicator--5adf7c2d-ff10-4bbb-bd0f-a5b9950d210f",
"indicator--5adf7c2d-28bc-4764-881c-a5b9950d210f",
"indicator--5adf7c2e-7a4c-4c28-9a5f-a5b9950d210f",
"indicator--5adf7c2e-8868-4991-8cb1-a5b9950d210f",
"indicator--5adf7c2f-080c-4610-9fb9-a5b9950d210f",
"indicator--5adf7c2f-4ff8-4cf2-af5a-a5b9950d210f",
"indicator--5adf7c30-d638-4eba-a3f6-a5b9950d210f",
"indicator--5adf7c30-c6b8-40d9-bd42-a5b9950d210f",
"indicator--5adf7c31-1758-4b41-8b8c-a5b9950d210f",
"indicator--5adf7c31-03d0-43c3-bf9a-a5b9950d210f",
"indicator--5adf7c31-75c8-4da6-a4c9-a5b9950d210f",
"indicator--5adf7c32-9590-454a-8e89-a5b9950d210f",
"indicator--5adf7c32-eabc-4915-81c1-a5b9950d210f",
"indicator--5adf7c33-1bd4-48df-97df-a5b9950d210f",
"indicator--5adf7c33-63f8-4d44-ba2e-a5b9950d210f",
"indicator--5adf7c34-1d50-4261-a514-a5b9950d210f",
"indicator--5adf7c34-b82c-4561-bbec-a5b9950d210f",
"indicator--5adf7c35-24f4-4af7-8e28-a5b9950d210f",
"indicator--5adf7c35-e6a8-4cbe-bdcd-a5b9950d210f",
"indicator--5adf7c36-9c58-4a7a-a4cc-a5b9950d210f",
"indicator--5adf7c37-7114-4b3e-b278-a5b9950d210f",
"indicator--5adf7c37-bb80-45ea-a052-a5b9950d210f",
"indicator--5adf7c38-da38-48db-89fc-a5b9950d210f",
"indicator--5adf7c38-16bc-4a0c-827b-a5b9950d210f",
"indicator--5adf7c39-ba1c-4927-972e-a5b9950d210f",
"indicator--5adf7c39-8024-479e-9e91-a5b9950d210f",
"indicator--5adf7c3a-3fe8-44c7-ba92-a5b9950d210f",
"indicator--5adf7c3a-63fc-4971-abe8-a5b9950d210f",
"indicator--5adf7c3b-ed20-4ca5-af3d-a5b9950d210f",
"indicator--5adf7c3b-fe30-4b1d-8155-a5b9950d210f",
"indicator--5adf7c3c-440c-4f0e-987c-a5b9950d210f",
"indicator--5adf7c3c-5570-4291-81fd-a5b9950d210f",
"indicator--5adf7c3d-2290-4469-9e62-a5b9950d210f",
"indicator--5adf7c3d-30bc-450b-b41e-a5b9950d210f",
"indicator--5adf7c3d-48c0-4306-b58a-a5b9950d210f",
"indicator--5adf7c3e-5a70-41a0-ac45-a5b9950d210f",
"indicator--5adf7c3e-1388-4b89-b340-a5b9950d210f",
"indicator--5adf7c76-431c-4ce4-a812-db5a950d210f",
"indicator--5adf7c76-c5bc-45c9-b03c-db5a950d210f",
"indicator--5adf7cdb-f558-436b-b8f5-de5f950d210f",
"indicator--5adf7cdb-0300-4f68-9eb9-de5f950d210f",
"indicator--5adf7cdc-65c4-4c6c-85a0-de5f950d210f",
"indicator--5adf7cdc-a19c-49c4-ace9-de5f950d210f",
"indicator--5adf7cdd-71c8-4e6f-a855-de5f950d210f",
"indicator--5adf7cdd-b198-46df-98f8-de5f950d210f",
"indicator--5adf7cde-1550-4b9e-be86-de5f950d210f",
"indicator--5adf7cde-dfe8-4ccf-86f6-de5f950d210f",
"indicator--5adf7cde-4008-4f78-b142-de5f950d210f",
"indicator--5adf7cdf-8620-4e20-aa9b-de5f950d210f",
"indicator--5adf7cdf-c59c-450e-84f2-de5f950d210f",
"indicator--5adf7ce0-e768-4726-8080-de5f950d210f",
"indicator--5adf7ce0-b5a8-4c42-bc41-de5f950d210f",
"indicator--5adf7cf0-76c4-40ed-bba6-de5f950d210f",
"indicator--5adf7cf0-f198-451c-a83b-de5f950d210f",
"indicator--5adf7cf1-b4dc-4bdf-a930-de5f950d210f",
"indicator--5adf7cf1-c738-4d3c-86ac-de5f950d210f",
"indicator--5adf7cf2-e81c-40cf-a823-de5f950d210f",
"indicator--5adf7cf2-58f8-4e72-8928-de5f950d210f",
"indicator--5adf7cf3-b488-4c78-bf80-de5f950d210f",
"indicator--5adf7cf3-217c-489e-98f1-de5f950d210f",
"indicator--5adf7cf3-c5a4-4616-8c5a-de5f950d210f",
"indicator--5adf7d16-d6a8-4446-9cdb-4672950d210f",
"indicator--5adf7d17-c208-4c91-a403-4672950d210f",
"indicator--5adf7d17-5918-4e52-927d-4672950d210f",
"indicator--5adf7d18-b040-4595-bd7a-4672950d210f",
"indicator--5adf7d18-0668-4930-8f75-4672950d210f",
"indicator--5adf7d19-09d8-4cda-b21a-4672950d210f",
"indicator--5adf7d19-43b0-44de-ba90-4672950d210f",
"indicator--5adf7d19-6d08-41b4-837f-4672950d210f",
"indicator--5adf7d1a-4f4c-4429-b6f1-4672950d210f",
"indicator--5adf7d1a-20e0-4f9b-996a-4672950d210f",
"indicator--5adf7d1b-d0fc-4d16-9e7b-4672950d210f",
"indicator--5adf7d1b-f758-45e7-922c-4672950d210f",
"indicator--5adf7d1c-34f4-4995-bde2-4672950d210f",
"indicator--5adf7d1c-f9b0-4322-b7b0-4672950d210f",
"indicator--5adf7d1d-7a88-4775-8095-4672950d210f",
"indicator--5adf7d1d-3e9c-4574-a32b-4672950d210f",
"indicator--5adf7d1e-2b60-43dd-8e0f-4672950d210f",
"indicator--5adf7d1e-9574-4146-ad13-4672950d210f",
"indicator--5adf7d1f-15bc-4ba7-bbba-4672950d210f",
"indicator--5adf7d1f-e108-4b6f-ab95-4672950d210f",
"indicator--5adf7d20-da68-4200-9f55-4672950d210f",
"indicator--302f24a6-cc84-4575-ad9b-06463c14e099",
"x-misp-object--99962fb8-2977-48bc-b99a-d41fc2bb9c36",
"indicator--d1395618-6286-4483-ac39-2529eee30b0e",
"x-misp-object--0e7e0bef-02b2-4c73-b677-e842a6d359b5",
"indicator--261155fb-4cd5-45e1-8b13-e1a39032793a",
"x-misp-object--094e60cb-a46e-449d-831b-56e943719480",
"indicator--595f3890-1294-41a5-baa3-491baf80f894",
"x-misp-object--bf9509a8-55d0-4487-a3f2-c978b390626e",
"indicator--1314f1f0-19d4-46c9-8e46-28554785026d",
"x-misp-object--719ef8f0-408a-4c1d-8e0f-d8c5ece319df",
"indicator--642529b8-ed04-4c7e-9b2e-7b7292123e82",
"x-misp-object--67ab9f86-569c-4934-8bcb-0ff68395281f",
"indicator--fd8fdb13-1446-49fa-ab12-1650348daacb",
"x-misp-object--3057b350-62f9-4e56-8581-3760f7d8621a",
"indicator--f935a768-6cbe-4f6a-8627-ecc6b1bdb9f5",
"x-misp-object--94b1712b-9ecd-4b9f-905c-0758bf880db7",
"indicator--1da0fd9b-3d57-4ad9-ba4a-f85e3d40f107",
"x-misp-object--b6e4244e-208a-45e0-be0d-f8959ee03f62",
"indicator--3a95499b-0068-4fc2-8ec4-cd4f44dbf30d",
"x-misp-object--a01e587d-c651-4fda-80e2-1cbb6beae16d",
"indicator--ce5d079f-20fd-4f03-b440-a12063c7b7f6",
"x-misp-object--c5fa284c-19fd-44bc-8fcc-a24f831574b8",
"indicator--2192b730-c7c2-471e-9889-c09e11c73355",
"x-misp-object--ef9ea072-bf47-451a-844c-4d40afdfc463",
"indicator--5949a4b4-1ebb-4b11-955f-d69e30594c2c",
"x-misp-object--051677f1-b2f5-4b4a-845b-77b1278a9c08",
"indicator--9eec20d3-7f37-4f18-a861-9d95bd6aea86",
"x-misp-object--38824d89-1178-4d1c-b022-d8ae2adeae9f",
"indicator--988ccae3-9e28-4432-8517-30e01057df0d",
"x-misp-object--fa3cc16f-8fd6-4cc1-bc5f-89f0a24beb1d",
"indicator--486cb263-bf1a-43f8-baf2-9f41bb6a1571",
"x-misp-object--576def47-945e-4ae9-8c0e-152c5f4fac12",
"indicator--baf449dc-4245-449d-bdbb-7a5c29cb15d1",
"x-misp-object--1bb74aeb-3552-4d7a-8eb5-99ca2508fb52",
"indicator--b330fd72-4ec0-4752-95de-e0a789b7e9e8",
"x-misp-object--4c792f79-2353-457e-81c9-eff70489079a",
"indicator--3db0b28c-67cf-4546-a40d-da94eec7ee5e",
"x-misp-object--09b083f6-2364-4d2b-a1e3-1162587cc7e6",
"indicator--4745d413-4f7b-4f16-96be-f4dd074f1941",
"x-misp-object--ec56b918-e921-4d4b-a0cc-bfadf8120482",
"indicator--3c3df287-c480-4e94-a872-1f03ac0f92bc",
"x-misp-object--08c1796d-7949-4531-83ff-45db4afae1d1",
"indicator--a9a54fb9-5c34-49d1-b282-fb57ef4ed40a",
"x-misp-object--12ef353f-60f2-4459-be94-50e52fd85569",
"indicator--747f6ce0-02a7-4ad1-9d6b-521ba518604c",
"x-misp-object--51f38f80-a11b-4aa3-8080-164c185cdb2d",
"indicator--35669949-414e-46e8-b922-a268178ce5cd",
"x-misp-object--d56ef909-0c8a-4a43-91f6-43c824ef6b16",
"indicator--ad3d881f-c113-48d5-855b-2dd4d024f91f",
"x-misp-object--105287fa-3fa6-4fc7-9e89-2b40dd00f83c",
"indicator--49564bbc-8586-4f0e-85d2-9e2740c15bd2",
"x-misp-object--d23722af-7e5c-4eae-8351-cba27a8ed023",
"indicator--2f1db766-fb4f-473b-b63f-dd28deffd49d",
"x-misp-object--5773f131-49f8-412c-b626-dc692512567b",
"indicator--1be56ace-cd17-443a-bccd-e06270dcd50e",
"x-misp-object--004f0fc6-2583-4a1b-a1e5-47c227aef9d8",
"indicator--35e71b75-b89e-46df-a427-23edf31cfafb",
"x-misp-object--30bac908-1031-49fe-866a-593cab5b2703",
"indicator--c1d52771-ed8b-4bda-bc57-36890af08d8f",
"x-misp-object--292131ff-8255-4d75-96e4-476aaa98bce9",
"indicator--e1a2202c-2087-41e1-aa42-6dd51e4e6feb",
"x-misp-object--bd746cc8-36e9-4963-9876-cf44eba56c06",
"indicator--5eddcf55-b499-47aa-8ae2-92c101e6b647",
"x-misp-object--cce6a9d7-acd7-4a70-970a-698271170875",
"indicator--01cbd989-d616-43eb-829c-e76e83b81cef",
"x-misp-object--239bb986-17a9-4090-b77d-09d13ddb3b57",
"indicator--0c218df1-6a92-42f8-81b4-0b0bc5c3e829",
"x-misp-object--50667d9f-ba5a-4250-a1a5-8cab5f9e5dfe",
"indicator--f7efa9cb-93b6-46ab-b371-d01fecacb841",
"x-misp-object--d523f8aa-8e07-4676-a002-3b8d2cb0309e",
"indicator--457493d7-a191-4bdf-933b-74978f71aa8c",
"x-misp-object--fc424bda-f8f3-4647-8c44-eceacf716dd3",
"indicator--799485d1-81c0-4356-8c37-a1fd87d2b696",
"x-misp-object--5455dfc9-9fea-4181-9055-286a5d6bee2e",
"indicator--52cc2b2b-e22b-4859-8353-f3962ed30eb0",
"x-misp-object--d1df3a1f-0657-4f95-b413-d567e7a8e35a",
"indicator--b30ce5a7-9388-43de-a962-a21c92dd3adb",
"x-misp-object--0013c360-38e7-4b54-b525-3a9fd2a09dcf",
"indicator--b3276d07-ad5e-4273-80d2-fdbbebb461d7",
"x-misp-object--00524f3a-0430-47bf-8631-8116a10692c4",
"indicator--fd291a15-f1ec-4e9a-b6b0-bfa559cb3d3a",
"x-misp-object--8b8fe04c-91cd-4d37-82e6-668576da81cd",
"indicator--6f303c37-603a-4865-b8d8-051126590d55",
"x-misp-object--694554ff-b6b8-4a69-90b9-e3c221c1178c",
"indicator--7d6b3b1f-0adf-44cd-bb64-de0239f5b652",
"x-misp-object--7c34a838-84cb-4ebb-9084-3f9cf9a8b891",
"indicator--e25631f0-e2b9-4d16-817d-edfcc584a529",
"x-misp-object--4adfc07f-6b19-4fa0-be98-82d35e9a5438",
"indicator--65124dbe-196c-434a-9bd3-3253323b7574",
"x-misp-object--a81445af-4351-4773-8a6e-db2ad43829d2",
2024-08-07 08:13:15 +00:00
"relationship--4cd71f4b-8703-4f58-94d3-089fb03f9246",
"relationship--22bc101c-d5ff-4419-8b29-be48183783fd",
"relationship--28694ee8-7c2b-44c4-8ecc-de440205c5a1",
"relationship--7febd77a-5240-4942-93bb-7c78ea22d8c1",
"relationship--4f33bc2c-f565-4664-bfd1-37b37583b47c",
"relationship--4fc6350b-955f-41c6-a312-9af5285d516a",
"relationship--33d0f6aa-2cb8-44c8-a56c-916b0c650e49",
"relationship--d4a09615-5279-47f6-b5e6-50f7e36a9810",
"relationship--c76ef0e3-ff02-42d0-83dd-0af5e4ff0966",
"relationship--aba5aef5-4135-4b3a-8e3f-8a40399571c7",
"relationship--ea11fca9-8058-4ca3-a453-b91c8899ed30",
"relationship--1f8046b8-9e95-4e64-8bb0-2ad87bec3acd",
"relationship--f18294fc-8663-4f5f-983c-ba929b361eb2",
"relationship--219b8b0e-3e5d-4d3b-b150-f4fe25f77ed6",
"relationship--0e5b7c6e-a0dd-46c7-a776-2fc31234594d",
"relationship--99347121-f128-4e06-bf17-7f2623858a11",
"relationship--fcc2cc1a-8020-48b0-b71b-b19fea12a22f",
"relationship--c3c582fc-054d-4b2a-b6cd-4b2419acad79",
"relationship--eb48a305-6cad-4e65-9622-7d5e993ee500",
"relationship--9d98d734-8daf-49a4-be93-35381f0ca4e5",
"relationship--8911e29b-d539-40ab-8c03-2ff1ca7ba105",
"relationship--a2c1a911-f7e9-46ae-b024-18137e5530a1",
"relationship--5da8d241-c258-467e-8bc6-04cb516204ed",
"relationship--f372fcc5-b6d2-4f25-9fc9-8768e6714e6a",
"relationship--3005ae30-9186-4f90-a265-d5377880f8f2",
"relationship--4aae2b16-f75c-48d6-9c99-60bf9558e32e",
"relationship--c3a5bd81-0edb-4411-96c4-27c13c496a77",
"relationship--7c8d4c54-5929-4cb7-9d13-c699ad24d70a",
"relationship--1e279a8b-9c98-429f-be9c-6a9f685137d4",
"relationship--30970b4b-58b4-4d34-844e-c1e89aabdb3b",
"relationship--9935e76f-0cf5-4652-bbd6-02bdf0c73d1f",
"relationship--37fcf317-0f43-4779-9e80-99b4bc614c71",
"relationship--ed3eb1e1-fd22-40dc-a109-73bdafd00c52",
"relationship--b4a6b1d4-c5aa-4257-8b45-b7b04171734b",
"relationship--1dc2f003-3ee4-41d8-8857-4eb6cc788168",
"relationship--e33619b7-0fbd-4e73-bbe6-cc2f358f4a2b",
"relationship--9eebcbbf-a74f-444a-872e-25ada0c8a5cd",
"relationship--16609238-6350-44ca-985f-daf3d8717d60",
"relationship--405dd615-959d-420f-a61b-5cbc61f37fd3",
"relationship--b16dee2a-13ad-45f6-a326-c561949a1d29",
"relationship--bc24906a-73e9-4308-9fde-b197de27924e",
"relationship--bfa407ec-9731-4f3a-8c9f-0bf7b33a7551",
"relationship--fe0cbfd9-eacc-4831-a19c-baae85b78f3d",
"relationship--c1af16b6-7c9a-4f35-9fbe-6c63d5a83080",
"relationship--05850a31-4a22-404c-8db2-412d5226e9cd"
2023-04-21 14:44:17 +00:00
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"misp-galaxy:mitre-enterprise-attack-intrusion-set=\"APT28\"",
"misp-galaxy:threat-actor=\"Sofacy\"",
"misp-galaxy:microsoft-activity-group=\"STRONTIUM\""
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5adf7b90-43b8-4afe-9c56-4401950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-04-24T18:54:24.000Z",
"modified": "2018-04-24T18:54:24.000Z",
"first_observed": "2018-04-24T18:54:24Z",
"last_observed": "2018-04-24T18:54:24Z",
"number_observed": 1,
"object_refs": [
"url--5adf7b90-43b8-4afe-9c56-4401950d210f"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5adf7b90-43b8-4afe-9c56-4401950d210f",
"value": "https://www.welivesecurity.com/2018/04/24/sednit-update-analysis-zebrocy/"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--5adf7ba3-3b5c-4ab6-acb9-4154950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-04-24T18:54:24.000Z",
"modified": "2018-04-24T18:54:24.000Z",
"labels": [
"misp:type=\"text\"",
"misp:category=\"External analysis\""
],
"x_misp_category": "External analysis",
"x_misp_type": "text",
"x_misp_value": "The Sednit group \u00e2\u20ac\u201c also known as APT28, Fancy Bear, Sofacy or STRONTIUM \u00e2\u20ac\u201c is a group of attackers operating since 2004, if not earlier, and whose main objective is to steal confidential information from specific targets.\r\n\r\nToward the end of 2015, we started seeing a new component deployed by the group; a downloader for the main Sednit backdoor, Xagent. Kaspersky mentioned this component for the first time in 2017 in their APT trend report and recently wrote an article where they quickly described it under the name Zebrocy.\r\n\r\nThis new component is a family of malware, comprising downloaders and backdoors written in Delphi and AutoIt. These components play the same role in the Sednit ecosystem as Seduploader; that of first-stage malware."
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5adf7be8-c1bc-4162-aa18-4914950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-04-24T18:54:25.000Z",
"modified": "2018-04-24T18:54:25.000Z",
"first_observed": "2018-04-24T18:54:25Z",
"last_observed": "2018-04-24T18:54:25Z",
"number_observed": 1,
"object_refs": [
"file--5adf7be8-c1bc-4162-aa18-4914950d210f",
"artifact--5adf7be8-c1bc-4162-aa18-4914950d210f"
],
"labels": [
"misp:type=\"attachment\"",
"misp:category=\"Payload delivery\""
]
},
{
"type": "file",
"spec_version": "2.1",
"id": "file--5adf7be8-c1bc-4162-aa18-4914950d210f",
"name": "eset-infographic-blog_zebrocy.png",
"content_ref": "artifact--5adf7be8-c1bc-4162-aa18-4914950d210f"
},
{
"type": "artifact",
"spec_version": "2.1",
"id": "artifact--5adf7be8-c1bc-4162-aa18-4914950d210f",
"payload_bin": "iVBORw0KGgoAAAANSUhEUgAACiQAAAnICAIAAAB408lhAAAABGdBTUEAALGPC/xhBQAAACBjSFJNAAB6JgAAgIQAAPoAAACA6AAAdTAAAOpgAAA6mAAAF3CculE8AAAABmJLR0QA/wD/AP+gvaeTAAAACXBIWXMAAC4jAAAuIwF4pT92AAAAB3RJTUUH4gQLDRs22438uAAAgABJREFUeNrs/X1YlPed9/+fiYAwowI6gFocx0FlREHEmKDSOiaFXoV8j0z2F93W9Yja+m1am19iGpPm6O7lXb/bw6T2isk3ySbdtGrWkq1mt+Ovwe5Cq2OKSiVBRUVQIcOAN8CgIM4McpP8/pgsIdzMzDnMzGduno+jx3XAcM55vj+nk71gXvN+f+5rbGqUAAAAAAAAAAAAAACQ437RBQAAAAAAAAAAAAAAQg9hMwAAAAAAAAAAAABANsJmAAAAAAAAAAAAAIBshM0AAAAAAAAAAAAAANkImwEAAAAAAAAAAAAAshE2AwAAAAAAAAAAAABkI2wGAAAAAAAAAAAAAMhG2AwAAAAAAAAAAAAAkI2wGQAAAAAAAAAAAAAgG2EzAAAAAAAAAAAAAEA2wmYAAAAAAAAAAAAAgGyEzQAAAAAAAAAAAAAA2QibAQAAAAAAAAAAAACyETYDAAAAAAAAAAAAAGQjbAYAAAAAAAAAAAAAyEbYDAAAAAAAAAAAAACQjbAZAAAAAAAAAAAAACAbYTMAAAAAAAAAAAAAQDbCZgAAAAAAAAAAAACAbITNAAAAAAAAAAAAAADZCJsBAAAAAAAAAAAAALIRNgMAAAAAAAAAAAAAZCNsBgAAAAAAAAAAAADIRtgMAAAAAAAAAAAAAJCNsBkAAAAAAAAAAAAAIBthMwAAAAAAAAAAAABANsJmAAAAAAAAAAAAAIBshM0AAAAAAAAAAAAAANkImwEAAAAAAAAAAAAAshE2AwAAAAAAAAAAAABkI2wGAAAAAAAAAAAAAMhG2AwAAAAAAAAAAAAAkI2wGQAAAAAAAAAAAAAgG2EzAAAAAAAAAAAAAEA2wmYAAAAAAAAAAAAAgGyEzQAAAAAAAAAAAAAA2QibAQAAAAAAAAAAAACyETYDAAAAAAAAAAAAAGQjbAYAAAAAAAAAAAAAyEbYDAAAAAAAAAAAAACQjbAZAAAAAAAAAAAAACAbYTMAAAAAAAAAAAAAQDbCZgAAAAAAAAAAAACAbITNAAAAAAAAAAAAAADZCJsBAAAAAAAAAAAAALIRNgMAAAAAAAAAAAAAZCNsBgAAAAAAAAAAAADIRtgMAAAAAAAAAAAAAJCNsBkAAAAAAAAAAAAAIBthMwAAAAAAAAAAAABANsJmAAAAAAAAAAAAAIBshM0AAAAAAAAAAAAAANkImwEAAAAAAAAAAAAAshE2AwAAAAAAAAAAAABkI2wGAAAAAAAAAAAAAMhG2AwAAAAAAAAAAAAAkI2wGQAAAAAAAAAAAAAgG2EzAAAAAAAAAAAAAEA2wmYAAAAAAAAAAAAAgGyEzQAAAAAAAAAAAAAA2QibAQAAAAAAAAAAAACyETYDAAAAAAAAAAAAAGQjbAYAAAAAAAAAAAAAyEbYDAAAAAAAAAAAAACQjbAZAAAAAAAAAAAAACAbYTMAAAAAAAAAAAAAQDbCZgAAAAAAAAAAAACAbITNAAAAAAAAAAAAAADZCJsBAAAAAAAAAAAAALIRNgMAAAAAAAAAAAAAZCNsBgAAAAAAAAAAAADIRtgMAAAAAAAAAAAAAJCNsBkAAAAAAAAAAAAAIBthMwAAAAAAAAAAAABANsJmAAAAAAAAAAAAAIBshM0AAAAAAAAAAAAAANmiRBfgd/GT4uMnxYuuAgAAAAAAAAAAAEAEaW1r7b7XLboK/6KzGQAAAAAAAAAAAAAgG2EzAAAAAAAAAAAAAEA2wmYAAAAAAAAAAAAAgGyEzQAAAAAAAAAAAAAA2QibAQAAAAAAAAAAAACyETYDAAAAAAAAAAAAAGQjbAYAAAAAAAAAAAAAyEbYDAAAAAAAAAAAAACQjbAZAAAAAAAAAAAAACAbYTMAAAAAAAAAAAAAQDbCZgAAAAAAAAAAAACAbITNAAAAAAAAAAAAAADZCJsBAAAAAAAAAAAAALIRNgMAAAAAAAAAAAAAZCNsBgAAAAAAAAAAAADIRtgMAAAAAAAAAAAAAJCNsBkAAAAAAAAAAAAAIBthMwAAAAAAAAAAAABANsJmAAAAAAAAAAAAAIBshM0AAAAAAAAAAAAAANkImwEAAAAAAAAAAAAAshE2AwAAAAAAAAAAAABkI2wGAAAAAAAAAAAAAMhG2AwAAAAAAAAAAAAAkI2wGQAAAAAAAAAAAAAgG2EzAAAAAAAAAAAAAEA2wmYAAAAAAAAAAAAAgGyEzQAAAAAAAAAAAAAA2QibAQAAAAAAAAAAAACyETYDAAAAAAAAAAAAAGQjbAYAAAAAAAAAAAAAyEbYDAAAAAAAAAAAAACQjbAZAAAAAAAAAAAAACAbYTMAAAAAAAAAAAAAQDbCZgAAAAAAAAAAAACAbITNAAAAAAAAAAAAAADZCJsBAAAAAAAAAAAAALIRNgMAAAAAAAAAAAAAZCNsBgAAAAAAAAAAAADIRtgMAAAAAAAAAAAAAJCNsBkAAAAAAAAAAAAAIBthMwAAAAAAAAAAAABANsJmAAAAAAAAAAAAAIBshM0AAAAAAAAAAAAAANkImwEAAAAAAAAAAAAAshE2AwAAAAAAAAAAAABkI2wGAAAAAAAAAAAAAMhG2AwAAAAAAAAAAAAAkI2wGQAAAAAAAAAAAAAgG2EzAAAAAAAAAAAAAEA2wmYAAAAAAAAAAAAAgGyEzQAAAAAAAAAAAAAA2QibAQAAAAAAAAAAAACyETYDAAAAAAAAAAAAAGQjbAYAAAAAAAAAAAAAyEbYDAAAAAAAAAAAAACQjbAZAAAAAAAAAAAAACAbYTMAAAAAAAAAAAAAQLYo0QVADOOR0gOHjJ4caSgsWLvK4Kuz+UpWhi5rvi7wF936wjMeHuzbOzxGNpu9vtHSYLa0tFlbWq2SJFXX1A45RqtRT1AolEpFmkadkqTSatQpSSpPTv7Ehk2+umkHDhmNR0rdHqZUKl7Z9pKH5QEAAAAAAAAAAMBPCJsjVJmp3MMjT1VW+TsKDUvBcIdb2qynKqtOVlY1mC1uDx445lRllfOLlCRV1nxdVoZu6ZKcANyxU5VVHibN27Y8Q9IMAAAAAAAAAAAgHGFzJKquqW1ps3p4cEubtcFs0WrUoqsOJcLvcHVNrbGkdHj7siwtbdYyU3mZqTwlSZWvzzMUFvjvjjWYLW/vL/bkyB+uW8OrEQAAAAAAAAAAIBgQNkeigdZVD52srCLek0XgHW4wWw4cMo4xZh6ipc3qeXbuBZvN/vb+YpvN7vbIp9atCUybNQAAAAAAAAAAANy6X3QBCDSbzX5SZhQqNzqNcALvsPFI6Ys7dvk2aXbya8T79v5iTwZ95+vz8vV5/isDAAAAAAAAAAAAshA2R5yTlVWetJAO5pzzLLrwkCHqDr+zv/jAIaM/VpSSpMrK0PnjzJIkGY+UepK1Z2Xonlq3xk81AAAAAAAAAAAAwAuEzRHHRbCnVCpG+5HcVt1IJuQOv7O/uMxU7qcV+a+tubqm1pOAXKtRP79po59qAAAAAAAAAAAAgHcImyNLS5t1tBnLSqXCRfcqk7Q9JOQOHzhk9F/SLEmSn4ZXt7RZf/XWu24PUyoVz2/a6CKnBwAAAAAAAAAAgBBRogtAQLmIJJctyUlJUo0WeTrnPGs16hF/unRJzmg/GuLAIaPredFbX3jGk/NMUCiUSkXgL+r2GD/dYReqa2qNR0rlPkupVKTN/Mq17trtI94lrUadkqSSe35P/Oqtdz2ZN75tyzN+KgAAAAAAAAAAAABjQdgcWVy0z2pnqtNcJp0nK6tGi0JTklQexoFu81pZewMLuahrfrrDLryzr9jDI5VKxbIlOVkZuqwM3WiNwjabvb7R0mC21Jst1TW1Nps9f4Vf2prf2V/syTbVT61b48U9AQAAAAAAAAA
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5adf7c2a-2900-4127-8037-a5b9950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-04-24T18:54:26.000Z",
"modified": "2018-04-24T18:54:26.000Z",
"pattern": "[url:value = 'http://142.0.68.2/test-update-16-8852418/temp727612430/checkUpdate89732468.php']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-04-24T18:54:26Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5adf7c2a-b200-49ab-b8bc-a5b9950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-04-24T18:54:27.000Z",
"modified": "2018-04-24T18:54:27.000Z",
"pattern": "[url:value = 'http://142.0.68.2/test-update-17-8752417/temp827612480/checkUpdate79832467.php']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-04-24T18:54:27Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5adf7c2b-e094-4394-a530-a5b9950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-04-24T18:54:27.000Z",
"modified": "2018-04-24T18:54:27.000Z",
"pattern": "[url:value = 'http://185.25.50.93/syshelp/kd8812u/protocol.php']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-04-24T18:54:27Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5adf7c2b-8e60-4c01-811a-a5b9950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-04-24T18:54:28.000Z",
"modified": "2018-04-24T18:54:28.000Z",
"pattern": "[url:value = 'http://185.25.50.93/tech99-04/litelib1/setwsdv4.php']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-04-24T18:54:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5adf7c2c-5464-4b95-8fa5-a5b9950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-04-24T18:54:28.000Z",
"modified": "2018-04-24T18:54:28.000Z",
"pattern": "[url:value = 'http://185.25.50.93/techicalBS391-two/supptech18i/suppid.php']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-04-24T18:54:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5adf7c2c-6670-4309-8f81-a5b9950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-04-24T18:54:29.000Z",
"modified": "2018-04-24T18:54:29.000Z",
"pattern": "[url:value = 'http://185.25.51.114/get-help-software/get-app-c/error-code-lookup.php']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-04-24T18:54:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5adf7c2d-ff10-4bbb-bd0f-a5b9950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-04-24T18:54:29.000Z",
"modified": "2018-04-24T18:54:29.000Z",
"pattern": "[url:value = 'http://185.25.51.164/srv_upd_dest_two/destBB/en.php']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-04-24T18:54:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5adf7c2d-28bc-4764-881c-a5b9950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-04-24T18:54:30.000Z",
"modified": "2018-04-24T18:54:30.000Z",
"pattern": "[url:value = 'http://185.25.51.198/get-data/searchId/get.php']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-04-24T18:54:30Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5adf7c2e-7a4c-4c28-9a5f-a5b9950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-04-24T18:54:30.000Z",
"modified": "2018-04-24T18:54:30.000Z",
"pattern": "[url:value = 'http://185.25.51.198/stream-upd-service-two/definition/event.php']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-04-24T18:54:30Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5adf7c2e-8868-4991-8cb1-a5b9950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-04-24T18:54:31.000Z",
"modified": "2018-04-24T18:54:31.000Z",
"pattern": "[url:value = 'http://185.77.129.152/wWpYdSMRulkdp/arpz/MsKZrpUfe.php']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-04-24T18:54:31Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5adf7c2f-080c-4610-9fb9-a5b9950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-04-24T18:54:31.000Z",
"modified": "2018-04-24T18:54:31.000Z",
"pattern": "[url:value = 'http://188.241.68.121/update/dB-Release/NewBaseCheck.php']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-04-24T18:54:31Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5adf7c2f-4ff8-4cf2-af5a-a5b9950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-04-24T18:54:31.000Z",
"modified": "2018-04-24T18:54:31.000Z",
"pattern": "[url:value = 'http://194.187.249.126/database-update-centre/check-system-version/id=18862.php']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-04-24T18:54:31Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5adf7c30-d638-4eba-a3f6-a5b9950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-04-24T18:54:32.000Z",
"modified": "2018-04-24T18:54:32.000Z",
"pattern": "[url:value = 'http://194.187.249.126/security-services-DMHA-group/info-update-version/id77820082.php']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-04-24T18:54:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5adf7c30-c6b8-40d9-bd42-a5b9950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-04-24T18:54:32.000Z",
"modified": "2018-04-24T18:54:32.000Z",
"pattern": "[url:value = 'http://213.103.67.193/ghflYvz/vmwWIdx/realui.php']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-04-24T18:54:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5adf7c31-1758-4b41-8b8c-a5b9950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-04-24T18:54:33.000Z",
"modified": "2018-04-24T18:54:33.000Z",
"pattern": "[url:value = 'http://213.252.244.219/client-update-info/version-id/version333.php']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-04-24T18:54:33Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5adf7c31-03d0-43c3-bf9a-a5b9950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-04-24T18:54:33.000Z",
"modified": "2018-04-24T18:54:33.000Z",
"pattern": "[url:value = 'http://213.252.244.219/cumulative-security-update/Summary/details.php']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-04-24T18:54:33Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5adf7c31-75c8-4da6-a4c9-a5b9950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-04-24T18:54:34.000Z",
"modified": "2018-04-24T18:54:34.000Z",
"pattern": "[url:value = 'http://213.252.245.132/search-release/Search-Version/crmclients.php']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-04-24T18:54:34Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5adf7c32-9590-454a-8e89-a5b9950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-04-24T18:54:34.000Z",
"modified": "2018-04-24T18:54:34.000Z",
"pattern": "[url:value = 'http://213.252.245.132/setting-the-os-release/Support-OS-release/ApiMap.php']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-04-24T18:54:34Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5adf7c32-eabc-4915-81c1-a5b9950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-04-24T18:54:34.000Z",
"modified": "2018-04-24T18:54:34.000Z",
"pattern": "[url:value = 'http://220.158.216.127/search-sys-update-release/base-sync/db7749sc.php']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-04-24T18:54:34Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5adf7c33-1bd4-48df-97df-a5b9950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-04-24T18:54:35.000Z",
"modified": "2018-04-24T18:54:35.000Z",
"pattern": "[url:value = 'http://222.15.23.121/gft_piyes/ndhfkuryhs09/fdfd_iunb_hhert_ps.php']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-04-24T18:54:35Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5adf7c33-63f8-4d44-ba2e-a5b9950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-04-24T18:54:35.000Z",
"modified": "2018-04-24T18:54:35.000Z",
"pattern": "[url:value = 'http://46.102.152.127/messageID/get-data/SecurityID.php']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-04-24T18:54:35Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5adf7c34-1d50-4261-a514-a5b9950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-04-24T18:54:36.000Z",
"modified": "2018-04-24T18:54:36.000Z",
"pattern": "[url:value = 'http://46.183.223.227/services-check-update/security-certificate-11-554/CheckNow864.php']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-04-24T18:54:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5adf7c34-b82c-4561-bbec-a5b9950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-04-24T18:54:36.000Z",
"modified": "2018-04-24T18:54:36.000Z",
"pattern": "[url:value = 'http://80.255.6.5/daily-update-certifaicates52735462534234/update-15.dat']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-04-24T18:54:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5adf7c35-24f4-4af7-8e28-a5b9950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-04-24T18:54:36.000Z",
"modified": "2018-04-24T18:54:36.000Z",
"pattern": "[url:value = 'http://80.255.6.5/LoG-statistic8397420934809/date-update9048353094c/StaticIpUpdateLog23741033.php']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-04-24T18:54:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5adf7c35-e6a8-4cbe-bdcd-a5b9950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-04-24T18:54:37.000Z",
"modified": "2018-04-24T18:54:37.000Z",
"pattern": "[url:value = 'http://86.105.18.106/apps.update/DetailsID/clientPID-118253.php']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-04-24T18:54:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5adf7c36-9c58-4a7a-a4cc-a5b9950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-04-24T18:54:37.000Z",
"modified": "2018-04-24T18:54:37.000Z",
"pattern": "[url:value = 'http://86.105.18.106/data-extract/timermodule/update-client.php']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-04-24T18:54:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5adf7c37-7114-4b3e-b278-a5b9950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-04-24T18:54:38.000Z",
"modified": "2018-04-24T18:54:38.000Z",
"pattern": "[url:value = 'http://86.105.18.106/debug-info/pluginId/CLISD1934.php']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-04-24T18:54:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5adf7c37-bb80-45ea-a052-a5b9950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-04-24T18:54:38.000Z",
"modified": "2018-04-24T18:54:38.000Z",
"pattern": "[url:value = 'http://86.105.18.106/ram-data/managerId/REM1234.php']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-04-24T18:54:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5adf7c38-da38-48db-89fc-a5b9950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-04-24T18:54:39.000Z",
"modified": "2018-04-24T18:54:39.000Z",
"pattern": "[url:value = 'http://86.105.18.106/versionID/Plugin0899/debug-release01119/debug-19.app']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-04-24T18:54:39Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5adf7c38-16bc-4a0c-827b-a5b9950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-04-24T18:54:39.000Z",
"modified": "2018-04-24T18:54:39.000Z",
"pattern": "[url:value = 'http://86.105.18.111/UpdateCertificate33-33725cnm^BB/CheckerNow-saMbA-99-36^11/CheckerSerface^8830-11.php']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-04-24T18:54:39Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5adf7c39-ba1c-4927-972e-a5b9950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-04-24T18:54:39.000Z",
"modified": "2018-04-24T18:54:39.000Z",
"pattern": "[url:value = 'http://86.106.131.177/srvSettings/conf4421i/support.php']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-04-24T18:54:39Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5adf7c39-8024-479e-9e91-a5b9950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-04-24T18:54:40.000Z",
"modified": "2018-04-24T18:54:40.000Z",
"pattern": "[url:value = 'http://86.106.131.177/SupportA91i/syshelpA774i/viewsupp.php']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-04-24T18:54:40Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5adf7c3a-3fe8-44c7-ba92-a5b9950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-04-24T18:54:40.000Z",
"modified": "2018-04-24T18:54:40.000Z",
"pattern": "[url:value = 'http://89.249.65.166/clientid-and-uniqued-r2/the-differenceU/Events76.php']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-04-24T18:54:40Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5adf7c3a-63fc-4971-abe8-a5b9950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-04-24T18:54:41.000Z",
"modified": "2018-04-24T18:54:41.000Z",
"pattern": "[url:value = 'http://89.249.65.166/int-release/check-user/userid.php']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-04-24T18:54:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5adf7c3b-ed20-4ca5-af3d-a5b9950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-04-24T18:54:41.000Z",
"modified": "2018-04-24T18:54:41.000Z",
"pattern": "[url:value = 'http://89.249.65.234/guard-service/Servers-ip4/upd-release/mdb4']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-04-24T18:54:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5adf7c3b-fe30-4b1d-8155-a5b9950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-04-24T18:54:42.000Z",
"modified": "2018-04-24T18:54:42.000Z",
"pattern": "[url:value = 'http://89.40.181.126/verification-online/service.911-19/check-verification-88291.php']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-04-24T18:54:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5adf7c3c-440c-4f0e-987c-a5b9950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-04-24T18:54:42.000Z",
"modified": "2018-04-24T18:54:42.000Z",
"pattern": "[url:value = 'http://89.45.67.153/grenadLibS44-two/fIndToClose12t3/sol41.php']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-04-24T18:54:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5adf7c3c-5570-4291-81fd-a5b9950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-04-24T18:54:42.000Z",
"modified": "2018-04-24T18:54:42.000Z",
"pattern": "[url:value = 'http://89.45.67.153/supportfsys/t863321i/func112SerErr.php']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-04-24T18:54:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5adf7c3d-2290-4469-9e62-a5b9950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-04-24T18:54:43.000Z",
"modified": "2018-04-24T18:54:43.000Z",
"pattern": "[url:value = 'http://93.113.131.117/KB7735-9927/security-serv/opt.php']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-04-24T18:54:43Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5adf7c3d-30bc-450b-b41e-a5b9950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-04-24T18:54:43.000Z",
"modified": "2018-04-24T18:54:43.000Z",
"pattern": "[url:value = 'http://93.113.131.155/Verifica-El-Lanzamiento/Ayuda-Del-Sistema/obtenerId.php']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-04-24T18:54:43Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5adf7c3d-48c0-4306-b58a-a5b9950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-04-24T18:54:44.000Z",
"modified": "2018-04-24T18:54:44.000Z",
"pattern": "[url:value = 'http://93.115.38.132/wWpYdSMRulkdp/arpz/MsKZrpUfe.php']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-04-24T18:54:44Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5adf7c3e-5a70-41a0-ac45-a5b9950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-04-24T18:54:44.000Z",
"modified": "2018-04-24T18:54:44.000Z",
"pattern": "[url:value = 'http://rammatica.com/QqrAzMjp/CmKjzk/EspTkzmH.php']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-04-24T18:54:44Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5adf7c3e-1388-4b89-b340-a5b9950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-04-24T18:54:45.000Z",
"modified": "2018-04-24T18:54:45.000Z",
"pattern": "[url:value = 'http://rammatica.com/QqrAzMjp/CmKjzk/OspRkzmG.php']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-04-24T18:54:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5adf7c76-431c-4ce4-a812-db5a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-04-24T18:51:11.000Z",
"modified": "2018-04-24T18:51:11.000Z",
"description": "Malicious documents",
"pattern": "[file:hashes.SHA1 = '4f07d18475601d0492cbf678ee0f0860c729910e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-04-24T18:51:11Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5adf7c76-c5bc-45c9-b03c-db5a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-04-24T18:51:11.000Z",
"modified": "2018-04-24T18:51:11.000Z",
"description": "Malicious documents",
"pattern": "[file:hashes.SHA1 = 'f10b2c052afc07e2dec9dbe816031059fdc900ba']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-04-24T18:51:11Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5adf7cdb-f558-436b-b8f5-de5f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-04-24T18:52:11.000Z",
"modified": "2018-04-24T18:52:11.000Z",
"description": "Delphi downloader",
"pattern": "[file:hashes.SHA1 = '00b39f2deaf1f1fc29e5acb63f4d1100e04fd701']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-04-24T18:52:11Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5adf7cdb-0300-4f68-9eb9-de5f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-04-24T18:52:11.000Z",
"modified": "2018-04-24T18:52:11.000Z",
"description": "Delphi downloader",
"pattern": "[file:hashes.SHA1 = '07e44b44c5f1043d16f6011a2cf0d2e7c5a52787']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-04-24T18:52:11Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5adf7cdc-65c4-4c6c-85a0-de5f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-04-24T18:52:12.000Z",
"modified": "2018-04-24T18:52:12.000Z",
"description": "Delphi downloader",
"pattern": "[file:hashes.SHA1 = '0f946f619ae8e2181a5bd76c8af03347742765c6']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-04-24T18:52:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5adf7cdc-a19c-49c4-ace9-de5f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-04-24T18:52:12.000Z",
"modified": "2018-04-24T18:52:12.000Z",
"description": "Delphi downloader",
"pattern": "[file:hashes.SHA1 = '2900ed173a9f5dc99f905942a6be595cc6f03387']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-04-24T18:52:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5adf7cdd-71c8-4e6f-a855-de5f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-04-24T18:52:13.000Z",
"modified": "2018-04-24T18:52:13.000Z",
"description": "Delphi downloader",
"pattern": "[file:hashes.SHA1 = '2b5a7f4e054d0130883c8821b629121e0228bf54']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-04-24T18:52:13Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5adf7cdd-b198-46df-98f8-de5f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-04-24T18:52:13.000Z",
"modified": "2018-04-24T18:52:13.000Z",
"description": "Delphi downloader",
"pattern": "[file:hashes.SHA1 = '36b5e59a01e7f244d4a3bbb539e57aa468115dc8']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-04-24T18:52:13Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5adf7cde-1550-4b9e-be86-de5f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-04-24T18:52:13.000Z",
"modified": "2018-04-24T18:52:13.000Z",
"description": "Delphi downloader",
"pattern": "[file:hashes.SHA1 = '37bd951c483da057337ef8f38d6e48051cbb39d0']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-04-24T18:52:13Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5adf7cde-dfe8-4ccf-86f6-de5f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-04-24T18:52:14.000Z",
"modified": "2018-04-24T18:52:14.000Z",
"description": "Delphi downloader",
"pattern": "[file:hashes.SHA1 = '41686703ce9e9aec64b6ad1c516746751219bc62']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-04-24T18:52:14Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5adf7cde-4008-4f78-b142-de5f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-04-24T18:52:14.000Z",
"modified": "2018-04-24T18:52:14.000Z",
"description": "Delphi downloader",
"pattern": "[file:hashes.SHA1 = '4e6470f4a245efaa138c8c6eedb046e916706383']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-04-24T18:52:14Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5adf7cdf-8620-4e20-aa9b-de5f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-04-24T18:52:15.000Z",
"modified": "2018-04-24T18:52:15.000Z",
"description": "Delphi downloader",
"pattern": "[file:hashes.SHA1 = '54b14fc84f152b43c63babc46f2597b053e94627']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-04-24T18:52:15Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5adf7cdf-c59c-450e-84f2-de5f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-04-24T18:52:15.000Z",
"modified": "2018-04-24T18:52:15.000Z",
"description": "Delphi downloader",
"pattern": "[file:hashes.SHA1 = 'afd5a60b7fff4deea15f7011339ad2cc2987a937']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-04-24T18:52:15Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5adf7ce0-e768-4726-8080-de5f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-04-24T18:52:16.000Z",
"modified": "2018-04-24T18:52:16.000Z",
"description": "Delphi downloader",
"pattern": "[file:hashes.SHA1 = 'd4ab51bc5c26183771e3358d76e348943f9dd2fc']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-04-24T18:52:16Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5adf7ce0-b5a8-4c42-bc41-de5f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-04-24T18:52:16.000Z",
"modified": "2018-04-24T18:52:16.000Z",
"description": "Delphi downloader",
"pattern": "[file:hashes.SHA1 = 'd6fdc72792ee736b8d606d40d72cb89d6e8a3e18']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-04-24T18:52:16Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5adf7cf0-76c4-40ed-bba6-de5f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-04-24T18:52:32.000Z",
"modified": "2018-04-24T18:52:32.000Z",
"description": "AutoIt downloader",
"pattern": "[file:hashes.SHA1 = '0cd61d367dd0b13000774ab77abf3d4cfb713c8e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-04-24T18:52:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5adf7cf0-f198-451c-a83b-de5f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-04-24T18:52:32.000Z",
"modified": "2018-04-24T18:52:32.000Z",
"description": "AutoIt downloader",
"pattern": "[file:hashes.SHA1 = '185ab7a371b58ff367c155ec0dabe28842d340bd']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-04-24T18:52:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5adf7cf1-b4dc-4bdf-a930-de5f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-04-24T18:52:33.000Z",
"modified": "2018-04-24T18:52:33.000Z",
"description": "AutoIt downloader",
"pattern": "[file:hashes.SHA1 = '267abd7105ac26d5cb6ecb96292f83708f64b994']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-04-24T18:52:33Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5adf7cf1-c738-4d3c-86ac-de5f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-04-24T18:52:33.000Z",
"modified": "2018-04-24T18:52:33.000Z",
"description": "AutoIt downloader",
"pattern": "[file:hashes.SHA1 = '4a6dcbccab5344388b331d543cc2260ca531c7ca']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-04-24T18:52:33Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5adf7cf2-e81c-40cf-a823-de5f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-04-24T18:52:34.000Z",
"modified": "2018-04-24T18:52:34.000Z",
"description": "AutoIt downloader",
"pattern": "[file:hashes.SHA1 = '62dcf2f33ecc6014fa9a10f4e9ac9fd9bb0a6d23']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-04-24T18:52:34Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5adf7cf2-58f8-4e72-8928-de5f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-04-24T18:52:34.000Z",
"modified": "2018-04-24T18:52:34.000Z",
"description": "AutoIt downloader",
"pattern": "[file:hashes.SHA1 = 'b8b847d3d0139db68dba730b3424b29dcb40b3c7']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-04-24T18:52:34Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5adf7cf3-b488-4c78-bf80-de5f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-04-24T18:52:35.000Z",
"modified": "2018-04-24T18:52:35.000Z",
"description": "AutoIt downloader",
"pattern": "[file:hashes.SHA1 = 'c0271dbb02636402742c390ffbeee6418f696668']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-04-24T18:52:35Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5adf7cf3-217c-489e-98f1-de5f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-04-24T18:52:35.000Z",
"modified": "2018-04-24T18:52:35.000Z",
"description": "AutoIt downloader",
"pattern": "[file:hashes.SHA1 = 'd379b94a3eb4fd9c9a973f64d436d7fc2e9d6762']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-04-24T18:52:35Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5adf7cf3-c5a4-4616-8c5a-de5f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-04-24T18:52:35.000Z",
"modified": "2018-04-24T18:52:35.000Z",
"description": "AutoIt downloader",
"pattern": "[file:hashes.SHA1 = 'dabeadf0a9af3a8a0802f8445670806cd7671b1d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-04-24T18:52:35Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5adf7d16-d6a8-4446-9cdb-4672950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-04-24T18:53:10.000Z",
"modified": "2018-04-24T18:53:10.000Z",
"description": "Delphi backdoor",
"pattern": "[file:hashes.SHA1 = '0983d940ba42135106bf7a1e87ed5a1975fc7ead']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-04-24T18:53:10Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5adf7d17-c208-4c91-a403-4672950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-04-24T18:53:11.000Z",
"modified": "2018-04-24T18:53:11.000Z",
"description": "Delphi backdoor",
"pattern": "[file:hashes.SHA1 = '226083c7190f1a939d5b7b352400450690d59f65']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-04-24T18:53:11Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5adf7d17-5918-4e52-927d-4672950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-04-24T18:53:11.000Z",
"modified": "2018-04-24T18:53:11.000Z",
"description": "Delphi backdoor",
"pattern": "[file:hashes.SHA1 = '245868d6805c66181808973e93f23293d6d2f7d1']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-04-24T18:53:11Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5adf7d18-b040-4595-bd7a-4672950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-04-24T18:53:12.000Z",
"modified": "2018-04-24T18:53:12.000Z",
"description": "Delphi backdoor",
"pattern": "[file:hashes.SHA1 = '2c01ae417e5de213845b1ed46d4e82d45edd598d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-04-24T18:53:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5adf7d18-0668-4930-8f75-4672950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-04-24T18:53:12.000Z",
"modified": "2018-04-24T18:53:12.000Z",
"description": "Delphi backdoor",
"pattern": "[file:hashes.SHA1 = '4ccbe222bd97dc229b36efaf52520939da9d51c8']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-04-24T18:53:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5adf7d19-09d8-4cda-b21a-4672950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-04-24T18:53:12.000Z",
"modified": "2018-04-24T18:53:12.000Z",
"description": "Delphi backdoor",
"pattern": "[file:hashes.SHA1 = '51ae516792570bcd069a657c27859cd3fdc07d00']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-04-24T18:53:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5adf7d19-43b0-44de-ba90-4672950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-04-24T18:53:13.000Z",
"modified": "2018-04-24T18:53:13.000Z",
"description": "Delphi backdoor",
"pattern": "[file:hashes.SHA1 = '55179f0c6bce5a37311a44efe3f9845096c09668']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-04-24T18:53:13Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5adf7d19-6d08-41b4-837f-4672950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-04-24T18:53:13.000Z",
"modified": "2018-04-24T18:53:13.000Z",
"description": "Delphi backdoor",
"pattern": "[file:hashes.SHA1 = '6fd7ce97061169b835ea77976651b5bf20aca4ef']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-04-24T18:53:13Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5adf7d1a-4f4c-4429-b6f1-4672950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-04-24T18:53:14.000Z",
"modified": "2018-04-24T18:53:14.000Z",
"description": "Delphi backdoor",
"pattern": "[file:hashes.SHA1 = '7349843e4dac1226ad6ce3e3cda8c389dd599548']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-04-24T18:53:14Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5adf7d1a-20e0-4f9b-996a-4672950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-04-24T18:53:14.000Z",
"modified": "2018-04-24T18:53:14.000Z",
"description": "Delphi backdoor",
"pattern": "[file:hashes.SHA1 = '7b5c223a4968cc2190c1b5444cad47187d27ec50']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-04-24T18:53:14Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5adf7d1b-d0fc-4d16-9e7b-4672950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-04-24T18:53:15.000Z",
"modified": "2018-04-24T18:53:15.000Z",
"description": "Delphi backdoor",
"pattern": "[file:hashes.SHA1 = '83882e13b369986b513f4aae245c112b82ec2097']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-04-24T18:53:15Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5adf7d1b-f758-45e7-922c-4672950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-04-24T18:53:15.000Z",
"modified": "2018-04-24T18:53:15.000Z",
"description": "Delphi backdoor",
"pattern": "[file:hashes.SHA1 = '8aedf7a462024acf72d708c89230e4f02d94bc78']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-04-24T18:53:15Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5adf7d1c-34f4-4995-bde2-4672950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-04-24T18:53:16.000Z",
"modified": "2018-04-24T18:53:16.000Z",
"description": "Delphi backdoor",
"pattern": "[file:hashes.SHA1 = '8bd56b580974ae195e9f92b3aa525547d33434c1']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-04-24T18:53:16Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5adf7d1c-f9b0-4322-b7b0-4672950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-04-24T18:53:16.000Z",
"modified": "2018-04-24T18:53:16.000Z",
"description": "Delphi backdoor",
"pattern": "[file:hashes.SHA1 = '9beacd8e145fa01e16409d44d8b9470af6c7afd8']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-04-24T18:53:16Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5adf7d1d-7a88-4775-8095-4672950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-04-24T18:53:17.000Z",
"modified": "2018-04-24T18:53:17.000Z",
"description": "Delphi backdoor",
"pattern": "[file:hashes.SHA1 = 'a172fe6e91170f858c8ce5d734c094996bdf83d0']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-04-24T18:53:17Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5adf7d1d-3e9c-4574-a32b-4672950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-04-24T18:53:17.000Z",
"modified": "2018-04-24T18:53:17.000Z",
"description": "Delphi backdoor",
"pattern": "[file:hashes.SHA1 = 'ae93b6ec2d56512a1c7e8c053d2a6ce6fdfb7e4c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-04-24T18:53:17Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5adf7d1e-2b60-43dd-8e0f-4672950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-04-24T18:53:18.000Z",
"modified": "2018-04-24T18:53:18.000Z",
"description": "Delphi backdoor",
"pattern": "[file:hashes.SHA1 = 'c08d89c7f7be69d5d705d4ac7e24e8f48e22faaf']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-04-24T18:53:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5adf7d1e-9574-4146-ad13-4672950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-04-24T18:53:18.000Z",
"modified": "2018-04-24T18:53:18.000Z",
"description": "Delphi backdoor",
"pattern": "[file:hashes.SHA1 = 'c2f3ca699aef3d226a800c2262efdca1470e00dc']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-04-24T18:53:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5adf7d1f-15bc-4ba7-bbba-4672950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-04-24T18:53:19.000Z",
"modified": "2018-04-24T18:53:19.000Z",
"description": "Delphi backdoor",
"pattern": "[file:hashes.SHA1 = 'cdf9c24b86bc9a872035dcf3f53f380c904ed98b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-04-24T18:53:19Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5adf7d1f-e108-4b6f-ab95-4672950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-04-24T18:53:19.000Z",
"modified": "2018-04-24T18:53:19.000Z",
"description": "Delphi backdoor",
"pattern": "[file:hashes.SHA1 = 'f63e29621c8becac47ae6eac7bf9577bd0a37b73']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-04-24T18:53:19Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5adf7d20-da68-4200-9f55-4672950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-04-24T18:53:20.000Z",
"modified": "2018-04-24T18:53:20.000Z",
"description": "Delphi backdoor",
"pattern": "[file:hashes.SHA1 = 'fea8752d90d2b4f0fc49ac0d58d62090782d8c5b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-04-24T18:53:20Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--302f24a6-cc84-4575-ad9b-06463c14e099",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-04-24T18:54:48.000Z",
"modified": "2018-04-24T18:54:48.000Z",
"pattern": "[file:hashes.MD5 = 'c834ef2d3e0fe5239b2c97d6d14a4c9b' AND file:hashes.SHA1 = '54b14fc84f152b43c63babc46f2597b053e94627' AND file:hashes.SHA256 = '5fab4d08348b4ef080ba91bdb0d769d31797f5092bff3b24b3c23d091fccc8a7']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-04-24T18:54:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--99962fb8-2977-48bc-b99a-d41fc2bb9c36",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-04-24T18:54:46.000Z",
"modified": "2018-04-24T18:54:46.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2017-11-17T14:53:28",
"category": "Other",
"comment": "Delphi downloader",
"uuid": "5adf7d77-df50-4115-a402-46db02de0b81"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/5fab4d08348b4ef080ba91bdb0d769d31797f5092bff3b24b3c23d091fccc8a7/analysis/1510930408/",
"category": "External analysis",
"comment": "Delphi downloader",
"uuid": "5adf7d77-5220-4235-a5f8-4efe02de0b81"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "36/67",
"category": "Other",
"comment": "Delphi downloader",
"uuid": "5adf7d77-c83c-41c5-82b0-4feb02de0b81"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--d1395618-6286-4483-ac39-2529eee30b0e",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-04-24T18:54:50.000Z",
"modified": "2018-04-24T18:54:50.000Z",
"pattern": "[file:hashes.MD5 = '8a9a42a9901b80753c12d97ca7bb35af' AND file:hashes.SHA1 = '83882e13b369986b513f4aae245c112b82ec2097' AND file:hashes.SHA256 = '030e1f6b82a8c4a63b9754585b73a8f98c129234707ebdbd401020c068838262']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-04-24T18:54:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--0e7e0bef-02b2-4c73-b677-e842a6d359b5",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-04-24T18:54:49.000Z",
"modified": "2018-04-24T18:54:49.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-03-26T10:20:55",
"category": "Other",
"comment": "Delphi backdoor",
"uuid": "5adf7d79-7564-4a47-9662-446a02de0b81"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/030e1f6b82a8c4a63b9754585b73a8f98c129234707ebdbd401020c068838262/analysis/1522059655/",
"category": "External analysis",
"comment": "Delphi backdoor",
"uuid": "5adf7d79-d948-47cc-a73c-4a8402de0b81"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "42/66",
"category": "Other",
"comment": "Delphi backdoor",
"uuid": "5adf7d7a-11f0-4e64-a015-479302de0b81"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--261155fb-4cd5-45e1-8b13-e1a39032793a",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-04-24T18:54:53.000Z",
"modified": "2018-04-24T18:54:53.000Z",
"pattern": "[file:hashes.MD5 = '4c49a17ee2f2dcd8041914110f362cd8' AND file:hashes.SHA1 = 'a172fe6e91170f858c8ce5d734c094996bdf83d0' AND file:hashes.SHA256 = '0f3c57f3944563c8a653b1a828f494c599655f2af16b57cb131bfd00ec993f45']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-04-24T18:54:53Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--094e60cb-a46e-449d-831b-56e943719480",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-04-24T18:54:51.000Z",
"modified": "2018-04-24T18:54:51.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-03-15T18:22:50",
"category": "Other",
"comment": "Delphi backdoor",
"uuid": "5adf7d7b-0080-4025-bbaa-422602de0b81"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/0f3c57f3944563c8a653b1a828f494c599655f2af16b57cb131bfd00ec993f45/analysis/1521138170/",
"category": "External analysis",
"comment": "Delphi backdoor",
"uuid": "5adf7d7b-a1f8-417c-b1c6-4fa702de0b81"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "43/65",
"category": "Other",
"comment": "Delphi backdoor",
"uuid": "5adf7d7c-a66c-412c-ba4f-429202de0b81"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--595f3890-1294-41a5-baa3-491baf80f894",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-04-24T18:54:55.000Z",
"modified": "2018-04-24T18:54:55.000Z",
"pattern": "[file:hashes.MD5 = 'fed3f5c6b68a299cf98a2adac4d16bb2' AND file:hashes.SHA1 = '8aedf7a462024acf72d708c89230e4f02d94bc78' AND file:hashes.SHA256 = 'cd220cdffe907283ee8c722d50367da8dd190a289135225e2fef8bf322e6d6b2']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-04-24T18:54:55Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--bf9509a8-55d0-4487-a3f2-c978b390626e",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-04-24T18:54:53.000Z",
"modified": "2018-04-24T18:54:53.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2017-11-26T03:52:03",
"category": "Other",
"comment": "Delphi backdoor",
"uuid": "5adf7d7d-4c38-4f3f-8cdf-41ff02de0b81"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/cd220cdffe907283ee8c722d50367da8dd190a289135225e2fef8bf322e6d6b2/analysis/1511668323/",
"category": "External analysis",
"comment": "Delphi backdoor",
"uuid": "5adf7d7e-beec-4904-8c09-4c6f02de0b81"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "43/68",
"category": "Other",
"comment": "Delphi backdoor",
"uuid": "5adf7d7e-8afc-4520-ab00-414802de0b81"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--1314f1f0-19d4-46c9-8e46-28554785026d",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-04-24T18:54:57.000Z",
"modified": "2018-04-24T18:54:57.000Z",
"pattern": "[file:hashes.MD5 = '66b4fb539806ce27be184b6735584339' AND file:hashes.SHA1 = '51ae516792570bcd069a657c27859cd3fdc07d00' AND file:hashes.SHA256 = '11fab8361a942e46375bd5ac259146fda20608594e265bcc1d3c011ab4c17226']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-04-24T18:54:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--719ef8f0-408a-4c1d-8e0f-d8c5ece319df",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-04-24T18:54:55.000Z",
"modified": "2018-04-24T18:54:55.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-03-01T10:26:11",
"category": "Other",
"comment": "Delphi backdoor",
"uuid": "5adf7d7f-fe14-4c77-a263-4d8302de0b81"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/11fab8361a942e46375bd5ac259146fda20608594e265bcc1d3c011ab4c17226/analysis/1519899971/",
"category": "External analysis",
"comment": "Delphi backdoor",
"uuid": "5adf7d80-9214-45de-84d9-40c902de0b81"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "46/68",
"category": "Other",
"comment": "Delphi backdoor",
"uuid": "5adf7d80-3814-464a-a3a9-442b02de0b81"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--642529b8-ed04-4c7e-9b2e-7b7292123e82",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-04-24T18:54:59.000Z",
"modified": "2018-04-24T18:54:59.000Z",
"pattern": "[file:hashes.MD5 = 'a2dc261893d9ccb4be571b0ef6b52a40' AND file:hashes.SHA1 = 'c2f3ca699aef3d226a800c2262efdca1470e00dc' AND file:hashes.SHA256 = '6e3f2b4e69a2e88ef13df8697c12187c482044367e4f1930e70d78a5db0628af']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-04-24T18:54:59Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--67ab9f86-569c-4934-8bcb-0ff68395281f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-04-24T18:54:58.000Z",
"modified": "2018-04-24T18:54:58.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2017-11-13T18:21:17",
"category": "Other",
"comment": "Delphi backdoor",
"uuid": "5adf7d82-2428-4115-a2ec-467c02de0b81"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/6e3f2b4e69a2e88ef13df8697c12187c482044367e4f1930e70d78a5db0628af/analysis/1510597277/",
"category": "External analysis",
"comment": "Delphi backdoor",
"uuid": "5adf7d82-ee34-45b0-9614-449702de0b81"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "42/66",
"category": "Other",
"comment": "Delphi backdoor",
"uuid": "5adf7d83-bab4-4454-b873-4b7c02de0b81"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--fd8fdb13-1446-49fa-ab12-1650348daacb",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-04-24T18:55:02.000Z",
"modified": "2018-04-24T18:55:02.000Z",
"pattern": "[file:hashes.MD5 = '18afd364d287dfb20921e2c76d4e2c41' AND file:hashes.SHA1 = '00b39f2deaf1f1fc29e5acb63f4d1100e04fd701' AND file:hashes.SHA256 = '53aef1e8b281a00dea41387a24664655986b58d61d39cfbde7e58d8c2ca3efda']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-04-24T18:55:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--3057b350-62f9-4e56-8581-3760f7d8621a",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-04-24T18:55:00.000Z",
"modified": "2018-04-24T18:55:00.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-04-24T14:29:53",
"category": "Other",
"comment": "Delphi downloader",
"uuid": "5adf7d84-48b0-4860-9039-409502de0b81"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/53aef1e8b281a00dea41387a24664655986b58d61d39cfbde7e58d8c2ca3efda/analysis/1524580193/",
"category": "External analysis",
"comment": "Delphi downloader",
"uuid": "5adf7d85-b1cc-4d58-a746-42d102de0b81"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "44/65",
"category": "Other",
"comment": "Delphi downloader",
"uuid": "5adf7d85-2014-49e4-a26b-4abd02de0b81"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--f935a768-6cbe-4f6a-8627-ecc6b1bdb9f5",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-04-24T18:55:04.000Z",
"modified": "2018-04-24T18:55:04.000Z",
"pattern": "[file:hashes.MD5 = '8907c97ef307a8ba6cf577498a20c583' AND file:hashes.SHA1 = '55179f0c6bce5a37311a44efe3f9845096c09668' AND file:hashes.SHA256 = '27f8bab18136a805d4e1efa88bb4546929862c1ef7c6ad307a6662e18af939cd']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-04-24T18:55:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--94b1712b-9ecd-4b9f-905c-0758bf880db7",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-04-24T18:55:03.000Z",
"modified": "2018-04-24T18:55:03.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-02-26T04:13:42",
"category": "Other",
"comment": "Delphi backdoor",
"uuid": "5adf7d87-9880-4384-8c98-4bf802de0b81"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/27f8bab18136a805d4e1efa88bb4546929862c1ef7c6ad307a6662e18af939cd/analysis/1519618422/",
"category": "External analysis",
"comment": "Delphi backdoor",
"uuid": "5adf7d88-ac60-46c8-8329-488e02de0b81"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "43/68",
"category": "Other",
"comment": "Delphi backdoor",
"uuid": "5adf7d88-a5b4-4df8-a5f4-4af602de0b81"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--1da0fd9b-3d57-4ad9-ba4a-f85e3d40f107",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-04-24T18:55:07.000Z",
"modified": "2018-04-24T18:55:07.000Z",
"pattern": "[file:hashes.MD5 = '6c6cdb4aa5e7c19eeda01196d0717038' AND file:hashes.SHA1 = '2b5a7f4e054d0130883c8821b629121e0228bf54' AND file:hashes.SHA256 = '10a9a217d3b53a3e43ec03b81a026f7a70350a062b900d672353690090e1ade6']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-04-24T18:55:07Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--b6e4244e-208a-45e0-be0d-f8959ee03f62",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-04-24T18:55:06.000Z",
"modified": "2018-04-24T18:55:06.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-04-04T10:55:20",
"category": "Other",
"comment": "Delphi downloader",
"uuid": "5adf7d8a-6384-4872-8e7f-4b1502de0b81"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/10a9a217d3b53a3e43ec03b81a026f7a70350a062b900d672353690090e1ade6/analysis/1522839320/",
"category": "External analysis",
"comment": "Delphi downloader",
"uuid": "5adf7d8a-b658-4475-883f-49ce02de0b81"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "46/65",
"category": "Other",
"comment": "Delphi downloader",
"uuid": "5adf7d8b-fe7c-484b-8372-416402de0b81"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--3a95499b-0068-4fc2-8ec4-cd4f44dbf30d",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-04-24T18:55:10.000Z",
"modified": "2018-04-24T18:55:10.000Z",
"pattern": "[file:hashes.MD5 = 'c983f5f9f92734e10d60b30790a1c402' AND file:hashes.SHA1 = '245868d6805c66181808973e93f23293d6d2f7d1' AND file:hashes.SHA256 = '72aa4905598c9fb5a1e3222ba8daa3efb52bbff09d89603ab0911e43e15201f3']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-04-24T18:55:10Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--a01e587d-c651-4fda-80e2-1cbb6beae16d",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-04-24T18:55:08.000Z",
"modified": "2018-04-24T18:55:08.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-01-17T14:53:52",
"category": "Other",
"comment": "Delphi backdoor",
"uuid": "5adf7d8c-f4bc-496d-af19-4b4b02de0b81"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/72aa4905598c9fb5a1e3222ba8daa3efb52bbff09d89603ab0911e43e15201f3/analysis/1516200832/",
"category": "External analysis",
"comment": "Delphi backdoor",
"uuid": "5adf7d8c-b308-4435-8e2c-488302de0b81"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "34/63",
"category": "Other",
"comment": "Delphi backdoor",
"uuid": "5adf7d8d-bc70-4677-aa47-475002de0b81"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--ce5d079f-20fd-4f03-b440-a12063c7b7f6",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-04-24T18:55:12.000Z",
"modified": "2018-04-24T18:55:12.000Z",
"pattern": "[file:hashes.MD5 = '8fa89f99f96aa694910087cfdc087e18' AND file:hashes.SHA1 = '0f946f619ae8e2181a5bd76c8af03347742765c6' AND file:hashes.SHA256 = 'e8e78cc9fec87983a6bd1ab6c76347c6ffd91729d3dd629646391ee9e55f94d7']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-04-24T18:55:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--c5fa284c-19fd-44bc-8fcc-a24f831574b8",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-04-24T18:55:10.000Z",
"modified": "2018-04-24T18:55:10.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-01-12T17:14:04",
"category": "Other",
"comment": "Delphi downloader",
"uuid": "5adf7d8e-671c-4c0e-a734-4f3302de0b81"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/e8e78cc9fec87983a6bd1ab6c76347c6ffd91729d3dd629646391ee9e55f94d7/analysis/1515777244/",
"category": "External analysis",
"comment": "Delphi downloader",
"uuid": "5adf7d8f-9fdc-418c-a55e-4eb402de0b81"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "40/67",
"category": "Other",
"comment": "Delphi downloader",
"uuid": "5adf7d8f-7030-4607-a8c9-4f3e02de0b81"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--2192b730-c7c2-471e-9889-c09e11c73355",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-04-24T18:55:14.000Z",
"modified": "2018-04-24T18:55:14.000Z",
"pattern": "[file:hashes.MD5 = 'b5c9581b169990f94fa54dba19f6ece3' AND file:hashes.SHA1 = '41686703ce9e9aec64b6ad1c516746751219bc62' AND file:hashes.SHA256 = 'bb9a40db67fab5fcc89f5f90fb7c00f515a997cd46b5be378660017bbbd0b45a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-04-24T18:55:14Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--ef9ea072-bf47-451a-844c-4d40afdfc463",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-04-24T18:55:12.000Z",
"modified": "2018-04-24T18:55:12.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2017-10-27T16:48:06",
"category": "Other",
"comment": "Delphi downloader",
"uuid": "5adf7d90-6238-4920-9c62-468902de0b81"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/bb9a40db67fab5fcc89f5f90fb7c00f515a997cd46b5be378660017bbbd0b45a/analysis/1509122886/",
"category": "External analysis",
"comment": "Delphi downloader",
"uuid": "5adf7d91-e76c-45ff-a142-4f8f02de0b81"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "19/68",
"category": "Other",
"comment": "Delphi downloader",
"uuid": "5adf7d91-ef68-415c-b508-41ee02de0b81"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5949a4b4-1ebb-4b11-955f-d69e30594c2c",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-04-24T18:55:16.000Z",
"modified": "2018-04-24T18:55:16.000Z",
"pattern": "[file:hashes.MD5 = '21834a5bb7ec4bf017a3ef74cf6781b9' AND file:hashes.SHA1 = 'fea8752d90d2b4f0fc49ac0d58d62090782d8c5b' AND file:hashes.SHA256 = '38949635b0d6de1388df80c2d3d45e9c877ff1b796d50929f213c5736b3872dd']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-04-24T18:55:16Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--051677f1-b2f5-4b4a-845b-77b1278a9c08",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-04-24T18:55:14.000Z",
"modified": "2018-04-24T18:55:14.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-04-22T17:38:06",
"category": "Other",
"comment": "Delphi backdoor",
"uuid": "5adf7d93-157c-4c7a-beee-4f0602de0b81"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/38949635b0d6de1388df80c2d3d45e9c877ff1b796d50929f213c5736b3872dd/analysis/1524418686/",
"category": "External analysis",
"comment": "Delphi backdoor",
"uuid": "5adf7d93-73e4-4fac-9ac1-478c02de0b81"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "44/67",
"category": "Other",
"comment": "Delphi backdoor",
"uuid": "5adf7d93-d3a0-4567-8799-4c3e02de0b81"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--9eec20d3-7f37-4f18-a861-9d95bd6aea86",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-04-24T18:55:18.000Z",
"modified": "2018-04-24T18:55:18.000Z",
"pattern": "[file:hashes.MD5 = '0e21c281a16787f6d96bdc22e7002cc1' AND file:hashes.SHA1 = '2900ed173a9f5dc99f905942a6be595cc6f03387' AND file:hashes.SHA256 = '9e38d9831e52968e919a298830c169f89940ee1303ec4ea62fe8cc11c0e8072a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-04-24T18:55:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--38824d89-1178-4d1c-b022-d8ae2adeae9f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-04-24T18:55:17.000Z",
"modified": "2018-04-24T18:55:17.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-01-17T17:32:49",
"category": "Other",
"comment": "Delphi downloader",
"uuid": "5adf7d95-c194-4541-a803-48ea02de0b81"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/9e38d9831e52968e919a298830c169f89940ee1303ec4ea62fe8cc11c0e8072a/analysis/1516210369/",
"category": "External analysis",
"comment": "Delphi downloader",
"uuid": "5adf7d95-bdec-4eed-98b5-4cff02de0b81"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "38/67",
"category": "Other",
"comment": "Delphi downloader",
"uuid": "5adf7d95-7160-4caf-928d-429902de0b81"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--988ccae3-9e28-4432-8517-30e01057df0d",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-04-24T18:55:20.000Z",
"modified": "2018-04-24T18:55:20.000Z",
"pattern": "[file:hashes.MD5 = '98d1c9770d92ba42607ac5e98fc7486f' AND file:hashes.SHA1 = '4f07d18475601d0492cbf678ee0f0860c729910e' AND file:hashes.SHA256 = 'e9ea627e7a6d5e79ca9568504796091c136435159000ec7966f0eaebd935c306']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-04-24T18:55:20Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--fa3cc16f-8fd6-4cc1-bc5f-89f0a24beb1d",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-04-24T18:55:19.000Z",
"modified": "2018-04-24T18:55:19.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-01-06T17:20:20",
"category": "Other",
"comment": "Malicious documents",
"uuid": "5adf7d97-0860-4618-a34f-4d5e02de0b81"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/e9ea627e7a6d5e79ca9568504796091c136435159000ec7966f0eaebd935c306/analysis/1515259220/",
"category": "External analysis",
"comment": "Malicious documents",
"uuid": "5adf7d97-c154-4d8a-a3c2-4a6c02de0b81"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "28/61",
"category": "Other",
"comment": "Malicious documents",
"uuid": "5adf7d98-45fc-455c-a42d-442802de0b81"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--486cb263-bf1a-43f8-baf2-9f41bb6a1571",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-04-24T18:55:23.000Z",
"modified": "2018-04-24T18:55:23.000Z",
"pattern": "[file:hashes.MD5 = 'd806ff313f7b77dd9334852599e5f7fe' AND file:hashes.SHA1 = 'afd5a60b7fff4deea15f7011339ad2cc2987a937' AND file:hashes.SHA256 = '4305214c4d9cf9e3c44962b5903db0032a9f4e4b4a2ee3d497887abed3b4ffe1']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-04-24T18:55:23Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--576def47-945e-4ae9-8c0e-152c5f4fac12",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-04-24T18:55:21.000Z",
"modified": "2018-04-24T18:55:21.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-02-03T14:11:32",
"category": "Other",
"comment": "Delphi downloader",
"uuid": "5adf7d99-f6f4-427d-b3e1-410302de0b81"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/4305214c4d9cf9e3c44962b5903db0032a9f4e4b4a2ee3d497887abed3b4ffe1/analysis/1517667092/",
"category": "External analysis",
"comment": "Delphi downloader",
"uuid": "5adf7d99-55e4-49aa-867f-415402de0b81"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "38/67",
"category": "Other",
"comment": "Delphi downloader",
"uuid": "5adf7d9a-0fe4-411b-8a60-4e0402de0b81"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--baf449dc-4245-449d-bdbb-7a5c29cb15d1",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-04-24T18:55:25.000Z",
"modified": "2018-04-24T18:55:25.000Z",
"pattern": "[file:hashes.MD5 = '63add4783760ab93833fd3d9f1893899' AND file:hashes.SHA1 = '7349843e4dac1226ad6ce3e3cda8c389dd599548' AND file:hashes.SHA256 = 'e355a327479dcc4e71a38f70450af02411125c5f101ba262e8df99f9f0fef7b6']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-04-24T18:55:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--1bb74aeb-3552-4d7a-8eb5-99ca2508fb52",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-04-24T18:55:23.000Z",
"modified": "2018-04-24T18:55:23.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2016-06-13T23:37:29",
"category": "Other",
"comment": "Delphi backdoor",
"uuid": "5adf7d9b-0540-43a3-8edf-472f02de0b81"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/e355a327479dcc4e71a38f70450af02411125c5f101ba262e8df99f9f0fef7b6/analysis/1465861049/",
"category": "External analysis",
"comment": "Delphi backdoor",
"uuid": "5adf7d9c-72dc-4626-82a7-488902de0b81"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "24/54",
"category": "Other",
"comment": "Delphi backdoor",
"uuid": "5adf7d9c-ffa4-4101-8a82-4f6a02de0b81"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--b330fd72-4ec0-4752-95de-e0a789b7e9e8",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-04-24T18:55:27.000Z",
"modified": "2018-04-24T18:55:27.000Z",
"pattern": "[file:hashes.MD5 = '891df2e692685f809039a8e444fe9daa' AND file:hashes.SHA1 = 'b8b847d3d0139db68dba730b3424b29dcb40b3c7' AND file:hashes.SHA256 = 'af80b82b14b7c18ce184937620078f3703a9b3a71299bd4de7a5b0cce06b98a1']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-04-24T18:55:27Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--4c792f79-2353-457e-81c9-eff70489079a",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-04-24T18:55:26.000Z",
"modified": "2018-04-24T18:55:26.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2017-09-20T15:17:03",
"category": "Other",
"comment": "AutoIt downloader",
"uuid": "5adf7d9e-94ec-4b6e-aa08-40c402de0b81"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/af80b82b14b7c18ce184937620078f3703a9b3a71299bd4de7a5b0cce06b98a1/analysis/1505920623/",
"category": "External analysis",
"comment": "AutoIt downloader",
"uuid": "5adf7d9e-d224-4f6e-aa6c-498702de0b81"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "40/65",
"category": "Other",
"comment": "AutoIt downloader",
"uuid": "5adf7d9f-5754-44db-b18c-471202de0b81"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--3db0b28c-67cf-4546-a40d-da94eec7ee5e",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-04-24T18:55:30.000Z",
"modified": "2018-04-24T18:55:30.000Z",
"pattern": "[file:hashes.MD5 = '3738934b5aa862fc8d4c3188f36ad280' AND file:hashes.SHA1 = 'ae93b6ec2d56512a1c7e8c053d2a6ce6fdfb7e4c' AND file:hashes.SHA256 = '32a45243118ef2ff15b0055c046f77d53c43ca958383d235e00ae3f29aeb4944']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-04-24T18:55:30Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--09b083f6-2364-4d2b-a1e3-1162587cc7e6",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-04-24T18:55:28.000Z",
"modified": "2018-04-24T18:55:28.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-03-14T08:49:42",
"category": "Other",
"comment": "Delphi backdoor",
"uuid": "5adf7da0-d714-414f-bd06-496a02de0b81"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/32a45243118ef2ff15b0055c046f77d53c43ca958383d235e00ae3f29aeb4944/analysis/1521017382/",
"category": "External analysis",
"comment": "Delphi backdoor",
"uuid": "5adf7da0-2cd0-4fdb-83bb-4a6b02de0b81"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "43/67",
"category": "Other",
"comment": "Delphi backdoor",
"uuid": "5adf7da1-235c-40b2-8ce1-453302de0b81"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--4745d413-4f7b-4f16-96be-f4dd074f1941",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-04-24T18:55:32.000Z",
"modified": "2018-04-24T18:55:32.000Z",
"pattern": "[file:hashes.MD5 = '277eb7762dcad112604ae2a0b55719a8' AND file:hashes.SHA1 = '0cd61d367dd0b13000774ab77abf3d4cfb713c8e' AND file:hashes.SHA256 = 'e9cd6bf375c2ff5b1f6baa2cf04b11c65f1472ed27302275f68445a17001a38b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-04-24T18:55:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--ec56b918-e921-4d4b-a0cc-bfadf8120482",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-04-24T18:55:30.000Z",
"modified": "2018-04-24T18:55:30.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2017-04-23T17:19:42",
"category": "Other",
"comment": "AutoIt downloader",
"uuid": "5adf7da2-1280-4c6b-b578-4e9102de0b81"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/e9cd6bf375c2ff5b1f6baa2cf04b11c65f1472ed27302275f68445a17001a38b/analysis/1492967982/",
"category": "External analysis",
"comment": "AutoIt downloader",
"uuid": "5adf7da3-9610-48c0-9e6a-469402de0b81"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "25/61",
"category": "Other",
"comment": "AutoIt downloader",
"uuid": "5adf7da3-f9ac-4a4e-b25e-4ee502de0b81"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--3c3df287-c480-4e94-a872-1f03ac0f92bc",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-04-24T18:55:34.000Z",
"modified": "2018-04-24T18:55:34.000Z",
"pattern": "[file:hashes.MD5 = '5b02ee0e44dcd54ee7e4aafafcd5abb0' AND file:hashes.SHA1 = 'c08d89c7f7be69d5d705d4ac7e24e8f48e22faaf' AND file:hashes.SHA256 = 'cb5e9eea00406d53f6620ca94fd2014f5fe54f74013115ff984ba97a4e6bbcf6']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-04-24T18:55:34Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--08c1796d-7949-4531-83ff-45db4afae1d1",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-04-24T18:55:32.000Z",
"modified": "2018-04-24T18:55:32.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-01-01T15:46:08",
"category": "Other",
"comment": "Delphi backdoor",
"uuid": "5adf7da4-3c80-46b9-8a9e-401a02de0b81"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/cb5e9eea00406d53f6620ca94fd2014f5fe54f74013115ff984ba97a4e6bbcf6/analysis/1514821568/",
"category": "External analysis",
"comment": "Delphi backdoor",
"uuid": "5adf7da5-1f60-4e00-bbea-41ba02de0b81"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "33/67",
"category": "Other",
"comment": "Delphi backdoor",
"uuid": "5adf7da5-f094-4ea5-9289-400702de0b81"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--a9a54fb9-5c34-49d1-b282-fb57ef4ed40a",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-04-24T18:55:36.000Z",
"modified": "2018-04-24T18:55:36.000Z",
"pattern": "[file:hashes.MD5 = 'ff0e4f31a6b18b676b9518d4a748fed1' AND file:hashes.SHA1 = '4a6dcbccab5344388b331d543cc2260ca531c7ca' AND file:hashes.SHA256 = 'dcc79262d318874ead4ea331dffe0eeac32b191733dfbd2f1aab97c970419c1a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-04-24T18:55:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--12ef353f-60f2-4459-be94-50e52fd85569",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-04-24T18:55:34.000Z",
"modified": "2018-04-24T18:55:34.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-03-28T23:33:06",
"category": "Other",
"comment": "AutoIt downloader",
"uuid": "5adf7da7-7218-496d-9a49-480c02de0b81"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/dcc79262d318874ead4ea331dffe0eeac32b191733dfbd2f1aab97c970419c1a/analysis/1522279986/",
"category": "External analysis",
"comment": "AutoIt downloader",
"uuid": "5adf7da7-2d74-4a8d-8694-481e02de0b81"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "43/64",
"category": "Other",
"comment": "AutoIt downloader",
"uuid": "5adf7da7-2a08-4db3-a3a2-4dbb02de0b81"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--747f6ce0-02a7-4ad1-9d6b-521ba518604c",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-04-24T18:55:38.000Z",
"modified": "2018-04-24T18:55:38.000Z",
"pattern": "[file:hashes.MD5 = '1535acbcae591b0d03ef7518cb56883e' AND file:hashes.SHA1 = '36b5e59a01e7f244d4a3bbb539e57aa468115dc8' AND file:hashes.SHA256 = '6fcf4592f9261d5734fb3b8534f6839ab65f68fd9ff14a9005225135e743226c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-04-24T18:55:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--51f38f80-a11b-4aa3-8080-164c185cdb2d",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-04-24T18:55:37.000Z",
"modified": "2018-04-24T18:55:37.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-04-11T06:42:54",
"category": "Other",
"comment": "Delphi downloader",
"uuid": "5adf7da9-5590-4179-be86-4d7002de0b81"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/6fcf4592f9261d5734fb3b8534f6839ab65f68fd9ff14a9005225135e743226c/analysis/1523428974/",
"category": "External analysis",
"comment": "Delphi downloader",
"uuid": "5adf7da9-0bac-491a-88d2-4b0302de0b81"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "42/67",
"category": "Other",
"comment": "Delphi downloader",
"uuid": "5adf7daa-08c4-4505-b7e4-4e9d02de0b81"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--35669949-414e-46e8-b922-a268178ce5cd",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-04-24T18:55:41.000Z",
"modified": "2018-04-24T18:55:41.000Z",
"pattern": "[file:hashes.MD5 = 'c64e34730407875418ab5278a17b5ec4' AND file:hashes.SHA1 = '9beacd8e145fa01e16409d44d8b9470af6c7afd8' AND file:hashes.SHA256 = 'e1a5637cf7c8a41a53fa5e6de9d623bf1f12fecacd295a80ab79134e1da158be']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-04-24T18:55:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--d56ef909-0c8a-4a43-91f6-43c824ef6b16",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-04-24T18:55:39.000Z",
"modified": "2018-04-24T18:55:39.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2017-06-21T17:56:39",
"category": "Other",
"comment": "Delphi backdoor",
"uuid": "5adf7dab-98d4-4c29-80d3-425f02de0b81"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/e1a5637cf7c8a41a53fa5e6de9d623bf1f12fecacd295a80ab79134e1da158be/analysis/1498067799/",
"category": "External analysis",
"comment": "Delphi backdoor",
"uuid": "5adf7dab-f51c-4d9f-98c7-47a302de0b81"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "36/60",
"category": "Other",
"comment": "Delphi backdoor",
"uuid": "5adf7dac-9e6c-4544-b260-4d6e02de0b81"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--ad3d881f-c113-48d5-855b-2dd4d024f91f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-04-24T18:55:43.000Z",
"modified": "2018-04-24T18:55:43.000Z",
"pattern": "[file:hashes.MD5 = '96a4208c6ae2bc1a4150ce9941c45ba6' AND file:hashes.SHA1 = '0983d940ba42135106bf7a1e87ed5a1975fc7ead' AND file:hashes.SHA256 = '99c84b8e063bdfdd07f39f2fac1fee4a68204e97283c60c7524cdacbf392729d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-04-24T18:55:43Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--105287fa-3fa6-4fc7-9e89-2b40dd00f83c",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-04-24T18:55:41.000Z",
"modified": "2018-04-24T18:55:41.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-04-04T03:00:08",
"category": "Other",
"comment": "Delphi backdoor",
"uuid": "5adf7dad-622c-48ed-bc70-443002de0b81"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/99c84b8e063bdfdd07f39f2fac1fee4a68204e97283c60c7524cdacbf392729d/analysis/1522810808/",
"category": "External analysis",
"comment": "Delphi backdoor",
"uuid": "5adf7dae-2970-4ea6-b3af-45fc02de0b81"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "41/67",
"category": "Other",
"comment": "Delphi backdoor",
"uuid": "5adf7dae-abcc-407e-a4d1-46f802de0b81"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--49564bbc-8586-4f0e-85d2-9e2740c15bd2",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-04-24T18:55:45.000Z",
"modified": "2018-04-24T18:55:45.000Z",
"pattern": "[file:hashes.MD5 = '2d0cc82b5e5cf025b617d0988db3c4e7' AND file:hashes.SHA1 = '2c01ae417e5de213845b1ed46d4e82d45edd598d' AND file:hashes.SHA256 = '142287861c2322646c185b5092a1e7176a63a4d4909f03ae88446c7ff1fde105']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-04-24T18:55:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--d23722af-7e5c-4eae-8351-cba27a8ed023",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-04-24T18:55:43.000Z",
"modified": "2018-04-24T18:55:43.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-01-14T22:14:22",
"category": "Other",
"comment": "Delphi backdoor",
"uuid": "5adf7db0-30d4-4589-92ca-4a3c02de0b81"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/142287861c2322646c185b5092a1e7176a63a4d4909f03ae88446c7ff1fde105/analysis/1515968062/",
"category": "External analysis",
"comment": "Delphi backdoor",
"uuid": "5adf7db0-a23c-4581-82e6-493a02de0b81"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "35/67",
"category": "Other",
"comment": "Delphi backdoor",
"uuid": "5adf7db0-91ec-4e76-9f7f-403902de0b81"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--2f1db766-fb4f-473b-b63f-dd28deffd49d",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-04-24T18:55:47.000Z",
"modified": "2018-04-24T18:55:47.000Z",
"pattern": "[file:hashes.MD5 = '96881c6d57497341cd7d8632dfbd8a8b' AND file:hashes.SHA1 = '4ccbe222bd97dc229b36efaf52520939da9d51c8' AND file:hashes.SHA256 = '979c14f993a1cd91f1b890f93a59ab5b14e059e056b9cf069222f529e50a4d5f']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-04-24T18:55:47Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--5773f131-49f8-412c-b626-dc692512567b",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-04-24T18:55:46.000Z",
"modified": "2018-04-24T18:55:46.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-03-21T08:32:53",
"category": "Other",
"comment": "Delphi backdoor",
"uuid": "5adf7db2-0f40-451a-aa0c-4d9402de0b81"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/979c14f993a1cd91f1b890f93a59ab5b14e059e056b9cf069222f529e50a4d5f/analysis/1521621173/",
"category": "External analysis",
"comment": "Delphi backdoor",
"uuid": "5adf7db2-09f8-4e6a-8848-4a8a02de0b81"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "34/65",
"category": "Other",
"comment": "Delphi backdoor",
"uuid": "5adf7db3-0720-445a-8d5c-4eea02de0b81"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--1be56ace-cd17-443a-bccd-e06270dcd50e",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-04-24T18:55:50.000Z",
"modified": "2018-04-24T18:55:50.000Z",
"pattern": "[file:hashes.MD5 = 'cf4b9a62e794e6bdbc193fc360bee132' AND file:hashes.SHA1 = 'd4ab51bc5c26183771e3358d76e348943f9dd2fc' AND file:hashes.SHA256 = 'b89f62041e18ec400082084017d084174abfdc33150c8a6e6b92642c778eb02a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-04-24T18:55:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--004f0fc6-2583-4a1b-a1e5-47c227aef9d8",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-04-24T18:55:48.000Z",
"modified": "2018-04-24T18:55:48.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2017-11-29T01:35:29",
"category": "Other",
"comment": "Delphi downloader",
"uuid": "5adf7db4-4114-4e27-b9ad-4c1802de0b81"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/b89f62041e18ec400082084017d084174abfdc33150c8a6e6b92642c778eb02a/analysis/1511919329/",
"category": "External analysis",
"comment": "Delphi downloader",
"uuid": "5adf7db4-d9c4-4ad7-a995-47aa02de0b81"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "40/67",
"category": "Other",
"comment": "Delphi downloader",
"uuid": "5adf7db5-d1e8-4c6a-a054-4b8302de0b81"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--35e71b75-b89e-46df-a427-23edf31cfafb",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-04-24T18:55:52.000Z",
"modified": "2018-04-24T18:55:52.000Z",
"pattern": "[file:hashes.MD5 = '241631a32a4c26bd83ea17b90ad266c1' AND file:hashes.SHA1 = 'c0271dbb02636402742c390ffbeee6418f696668' AND file:hashes.SHA256 = '8c128664ccbdc245969f541f406109295fee661622d507079c5bc31775ce5dcb']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-04-24T18:55:52Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--30bac908-1031-49fe-866a-593cab5b2703",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-04-24T18:55:50.000Z",
"modified": "2018-04-24T18:55:50.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2017-10-03T02:39:45",
"category": "Other",
"comment": "AutoIt downloader",
"uuid": "5adf7db6-d800-4fa1-ab31-4a5502de0b81"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/8c128664ccbdc245969f541f406109295fee661622d507079c5bc31775ce5dcb/analysis/1506998385/",
"category": "External analysis",
"comment": "AutoIt downloader",
"uuid": "5adf7db7-598c-479a-a01c-4e2102de0b81"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "40/66",
"category": "Other",
"comment": "AutoIt downloader",
"uuid": "5adf7db7-f18c-4de5-bb0a-43a902de0b81"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--c1d52771-ed8b-4bda-bc57-36890af08d8f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-04-24T18:55:54.000Z",
"modified": "2018-04-24T18:55:54.000Z",
"pattern": "[file:hashes.MD5 = 'd3b7a382b7343fd394db94fbc8ac3305' AND file:hashes.SHA1 = '7b5c223a4968cc2190c1b5444cad47187d27ec50' AND file:hashes.SHA256 = 'be95e21f1a04b9d41101afb9cb43ea239a8d8cd11772be1681ee2c16fffdf5a2']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-04-24T18:55:54Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--292131ff-8255-4d75-96e4-476aaa98bce9",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-04-24T18:55:52.000Z",
"modified": "2018-04-24T18:55:52.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-01-17T15:51:53",
"category": "Other",
"comment": "Delphi backdoor",
"uuid": "5adf7db8-9d10-4b65-b4a6-4aa902de0b81"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/be95e21f1a04b9d41101afb9cb43ea239a8d8cd11772be1681ee2c16fffdf5a2/analysis/1516204313/",
"category": "External analysis",
"comment": "Delphi backdoor",
"uuid": "5adf7db9-c694-47a0-8c77-453702de0b81"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "37/66",
"category": "Other",
"comment": "Delphi backdoor",
"uuid": "5adf7db9-1e8c-4213-880c-41d202de0b81"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--e1a2202c-2087-41e1-aa42-6dd51e4e6feb",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-04-24T18:55:56.000Z",
"modified": "2018-04-24T18:55:56.000Z",
"pattern": "[file:hashes.MD5 = '2d0860c3d867b2f557bfc568d1e90b4b' AND file:hashes.SHA1 = 'd6fdc72792ee736b8d606d40d72cb89d6e8a3e18' AND file:hashes.SHA256 = '9e20d9d1b59370ac0d1d0f0f8c8a0927569e0b4219765d58aacdc4817d130bdc']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-04-24T18:55:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--bd746cc8-36e9-4963-9876-cf44eba56c06",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-04-24T18:55:54.000Z",
"modified": "2018-04-24T18:55:54.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2017-11-24T16:56:20",
"category": "Other",
"comment": "Delphi downloader",
"uuid": "5adf7dba-a9c4-4dcd-947c-471602de0b81"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/9e20d9d1b59370ac0d1d0f0f8c8a0927569e0b4219765d58aacdc4817d130bdc/analysis/1511542580/",
"category": "External analysis",
"comment": "Delphi downloader",
"uuid": "5adf7dbb-af8c-4dbc-b645-447f02de0b81"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "42/67",
"category": "Other",
"comment": "Delphi downloader",
"uuid": "5adf7dbb-7a28-4f6f-8583-425702de0b81"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5eddcf55-b499-47aa-8ae2-92c101e6b647",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-04-24T18:55:58.000Z",
"modified": "2018-04-24T18:55:58.000Z",
"pattern": "[file:hashes.MD5 = '8378dd7ed7c15ca5dc3957a09d8db1c1' AND file:hashes.SHA1 = '185ab7a371b58ff367c155ec0dabe28842d340bd' AND file:hashes.SHA256 = '378aaaeaf2dcbaf5e2247b0f94ce8e584cec7645817a4df2e8357d0c7c41fe72']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-04-24T18:55:58Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--cce6a9d7-acd7-4a70-970a-698271170875",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-04-24T18:55:57.000Z",
"modified": "2018-04-24T18:55:57.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2017-01-08T20:21:23",
"category": "Other",
"comment": "AutoIt downloader",
"uuid": "5adf7dbd-0da4-4385-8cce-45a402de0b81"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/378aaaeaf2dcbaf5e2247b0f94ce8e584cec7645817a4df2e8357d0c7c41fe72/analysis/1483906883/",
"category": "External analysis",
"comment": "AutoIt downloader",
"uuid": "5adf7dbd-47fc-46e4-b004-4b9402de0b81"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "35/55",
"category": "Other",
"comment": "AutoIt downloader",
"uuid": "5adf7dbd-e0fc-4f7f-b42e-467502de0b81"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--01cbd989-d616-43eb-829c-e76e83b81cef",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-04-24T18:56:00.000Z",
"modified": "2018-04-24T18:56:00.000Z",
"pattern": "[file:hashes.MD5 = '3c1db655039d49b38d3d987c3f8b73b1' AND file:hashes.SHA1 = '37bd951c483da057337ef8f38d6e48051cbb39d0' AND file:hashes.SHA256 = '24b295dd5f5a10d318844170911b127f1d3a7a95bacabc11c26241f7d29b0c3f']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-04-24T18:56:00Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--239bb986-17a9-4090-b77d-09d13ddb3b57",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-04-24T18:55:59.000Z",
"modified": "2018-04-24T18:55:59.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-01-12T22:36:22",
"category": "Other",
"comment": "Delphi downloader",
"uuid": "5adf7dbf-dde0-4bed-8caf-4bb702de0b81"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/24b295dd5f5a10d318844170911b127f1d3a7a95bacabc11c26241f7d29b0c3f/analysis/1515796582/",
"category": "External analysis",
"comment": "Delphi downloader",
"uuid": "5adf7dbf-b788-48f9-b877-40b402de0b81"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "21/68",
"category": "Other",
"comment": "Delphi downloader",
"uuid": "5adf7dc0-c494-4242-8f25-472e02de0b81"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--0c218df1-6a92-42f8-81b4-0b0bc5c3e829",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-04-24T18:56:03.000Z",
"modified": "2018-04-24T18:56:03.000Z",
"pattern": "[file:hashes.MD5 = '6bb7c33879c07d9e97b9f8b62466c1cf' AND file:hashes.SHA1 = 'd379b94a3eb4fd9c9a973f64d436d7fc2e9d6762' AND file:hashes.SHA256 = '8ac4e164b463c313af059760ce1f830c19b0d5a280ec80554e8f77939143e24e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-04-24T18:56:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--50667d9f-ba5a-4250-a1a5-8cab5f9e5dfe",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-04-24T18:56:01.000Z",
"modified": "2018-04-24T18:56:01.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-04-10T20:07:56",
"category": "Other",
"comment": "AutoIt downloader",
"uuid": "5adf7dc1-06fc-4d2b-b767-447602de0b81"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/8ac4e164b463c313af059760ce1f830c19b0d5a280ec80554e8f77939143e24e/analysis/1523390876/",
"category": "External analysis",
"comment": "AutoIt downloader",
"uuid": "5adf7dc2-b128-4188-8f16-4de702de0b81"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "45/65",
"category": "Other",
"comment": "AutoIt downloader",
"uuid": "5adf7dc2-9ebc-4ad8-b531-470b02de0b81"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--f7efa9cb-93b6-46ab-b371-d01fecacb841",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-04-24T18:56:05.000Z",
"modified": "2018-04-24T18:56:05.000Z",
"pattern": "[file:hashes.MD5 = '4e95e9293a663e73eb63e24442a855e1' AND file:hashes.SHA1 = '267abd7105ac26d5cb6ecb96292f83708f64b994' AND file:hashes.SHA256 = '331b06ce8b9d06f01102e8fccbf0205576feaff65803102b17a7e95233ca2d7b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-04-24T18:56:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--d523f8aa-8e07-4676-a002-3b8d2cb0309e",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-04-24T18:56:03.000Z",
"modified": "2018-04-24T18:56:03.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-01-18T23:53:16",
"category": "Other",
"comment": "AutoIt downloader",
"uuid": "5adf7dc3-c698-43fa-bbcf-482802de0b81"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/331b06ce8b9d06f01102e8fccbf0205576feaff65803102b17a7e95233ca2d7b/analysis/1516319596/",
"category": "External analysis",
"comment": "AutoIt downloader",
"uuid": "5adf7dc4-981c-4e55-9ff0-4e7802de0b81"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "38/66",
"category": "Other",
"comment": "AutoIt downloader",
"uuid": "5adf7dc4-a4c8-4ee9-83db-432202de0b81"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--457493d7-a191-4bdf-933b-74978f71aa8c",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-04-24T18:56:07.000Z",
"modified": "2018-04-24T18:56:07.000Z",
"pattern": "[file:hashes.MD5 = 'e4ef63f74d55930157bc425bf3bd856f' AND file:hashes.SHA1 = 'f10b2c052afc07e2dec9dbe816031059fdc900ba' AND file:hashes.SHA256 = '6f72632394b89daff89f08488081f782d63c1f01e0033cec693fd5c895965b80']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-04-24T18:56:07Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--fc424bda-f8f3-4647-8c44-eceacf716dd3",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-04-24T18:56:05.000Z",
"modified": "2018-04-24T18:56:05.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-01-25T18:59:40",
"category": "Other",
"comment": "Malicious documents",
"uuid": "5adf7dc6-1608-4732-9c70-472802de0b81"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/6f72632394b89daff89f08488081f782d63c1f01e0033cec693fd5c895965b80/analysis/1516906780/",
"category": "External analysis",
"comment": "Malicious documents",
"uuid": "5adf7dc6-61a0-4cd0-9660-4e7702de0b81"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "33/58",
"category": "Other",
"comment": "Malicious documents",
"uuid": "5adf7dc6-3480-402c-b5ea-422802de0b81"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--799485d1-81c0-4356-8c37-a1fd87d2b696",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-04-24T18:56:09.000Z",
"modified": "2018-04-24T18:56:09.000Z",
"pattern": "[file:hashes.MD5 = 'd41dc335d2106d53b9f478a173e9c778' AND file:hashes.SHA1 = '226083c7190f1a939d5b7b352400450690d59f65' AND file:hashes.SHA256 = '0b6e96edab66aaeb9b3912cd511b6aeea852e33453796226db36dce7bdf0f38d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-04-24T18:56:09Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--5455dfc9-9fea-4181-9055-286a5d6bee2e",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-04-24T18:56:08.000Z",
"modified": "2018-04-24T18:56:08.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-01-03T04:24:53",
"category": "Other",
"comment": "Delphi backdoor",
"uuid": "5adf7dc8-9a8c-4cb5-8a22-463b02de0b81"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/0b6e96edab66aaeb9b3912cd511b6aeea852e33453796226db36dce7bdf0f38d/analysis/1514953493/",
"category": "External analysis",
"comment": "Delphi backdoor",
"uuid": "5adf7dc8-df94-47b2-845e-466802de0b81"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "35/68",
"category": "Other",
"comment": "Delphi backdoor",
"uuid": "5adf7dc8-67cc-487f-8280-4a3a02de0b81"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--52cc2b2b-e22b-4859-8353-f3962ed30eb0",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-04-24T18:56:11.000Z",
"modified": "2018-04-24T18:56:11.000Z",
"pattern": "[file:hashes.MD5 = 'c590c371200f8896da664168d13011ef' AND file:hashes.SHA1 = '62dcf2f33ecc6014fa9a10f4e9ac9fd9bb0a6d23' AND file:hashes.SHA256 = '7d2dd600a6255780aef39717b9dd500ba3eea25dca8cf332247abf18479f608b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-04-24T18:56:11Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--d1df3a1f-0657-4f95-b413-d567e7a8e35a",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-04-24T18:56:10.000Z",
"modified": "2018-04-24T18:56:10.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-03-20T11:23:09",
"category": "Other",
"comment": "AutoIt downloader",
"uuid": "5adf7dca-84c0-4a06-aa8a-41fd02de0b81"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/7d2dd600a6255780aef39717b9dd500ba3eea25dca8cf332247abf18479f608b/analysis/1521544989/",
"category": "External analysis",
"comment": "AutoIt downloader",
"uuid": "5adf7dca-a6c4-4dcc-a69a-4b2302de0b81"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "38/63",
"category": "Other",
"comment": "AutoIt downloader",
"uuid": "5adf7dcb-7748-4312-bcc2-454902de0b81"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--b30ce5a7-9388-43de-a962-a21c92dd3adb",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-04-24T18:56:14.000Z",
"modified": "2018-04-24T18:56:14.000Z",
"pattern": "[file:hashes.MD5 = '0a2a1c64a70231498f36b56b8253bf85' AND file:hashes.SHA1 = '4e6470f4a245efaa138c8c6eedb046e916706383' AND file:hashes.SHA256 = 'c07d30c0b69e11bae9f700187f2ca2473918142905fa258f1c6b52986087e3c7']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-04-24T18:56:14Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--0013c360-38e7-4b54-b525-3a9fd2a09dcf",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-04-24T18:56:12.000Z",
"modified": "2018-04-24T18:56:12.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-02-28T15:38:27",
"category": "Other",
"comment": "Delphi downloader",
"uuid": "5adf7dcc-a078-4990-8fd2-4a7a02de0b81"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/c07d30c0b69e11bae9f700187f2ca2473918142905fa258f1c6b52986087e3c7/analysis/1519832307/",
"category": "External analysis",
"comment": "Delphi downloader",
"uuid": "5adf7dcc-eb74-46a7-bab8-4d7802de0b81"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "41/68",
"category": "Other",
"comment": "Delphi downloader",
"uuid": "5adf7dcd-f2a4-4072-85d3-40c202de0b81"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--b3276d07-ad5e-4273-80d2-fdbbebb461d7",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-04-24T18:56:16.000Z",
"modified": "2018-04-24T18:56:16.000Z",
"pattern": "[file:hashes.MD5 = 'ba348414fff2f3eafc65fdccdce9336f' AND file:hashes.SHA1 = '6fd7ce97061169b835ea77976651b5bf20aca4ef' AND file:hashes.SHA256 = 'ecb835d03060db1ea3496ceca2d79d7c4c6c671c9907e0b0e73bf8d3371fa931']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-04-24T18:56:16Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--00524f3a-0430-47bf-8631-8116a10692c4",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-04-24T18:56:14.000Z",
"modified": "2018-04-24T18:56:14.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2016-06-22T09:46:08",
"category": "Other",
"comment": "Delphi backdoor",
"uuid": "5adf7dce-528c-44b5-a67d-474902de0b81"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/ecb835d03060db1ea3496ceca2d79d7c4c6c671c9907e0b0e73bf8d3371fa931/analysis/1466588768/",
"category": "External analysis",
"comment": "Delphi backdoor",
"uuid": "5adf7dcf-0810-4aab-bea9-42de02de0b81"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "31/55",
"category": "Other",
"comment": "Delphi backdoor",
"uuid": "5adf7dcf-870c-470e-84d1-430102de0b81"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--fd291a15-f1ec-4e9a-b6b0-bfa559cb3d3a",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-04-24T18:56:18.000Z",
"modified": "2018-04-24T18:56:18.000Z",
"pattern": "[file:hashes.MD5 = 'd89bef3fcf226b02d24e6026f4433944' AND file:hashes.SHA1 = '07e44b44c5f1043d16f6011a2cf0d2e7c5a52787' AND file:hashes.SHA256 = '657c83297cfcc5809e89098adf69c206df95aee77bfc1292898bbbe1c44c9dc4']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-04-24T18:56:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--8b8fe04c-91cd-4d37-82e6-668576da81cd",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-04-24T18:56:16.000Z",
"modified": "2018-04-24T18:56:16.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2017-10-31T22:48:55",
"category": "Other",
"comment": "Delphi downloader",
"uuid": "5adf7dd0-f53c-4858-a537-4ced02de0b81"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/657c83297cfcc5809e89098adf69c206df95aee77bfc1292898bbbe1c44c9dc4/analysis/1509490135/",
"category": "External analysis",
"comment": "Delphi downloader",
"uuid": "5adf7dd1-a568-4e0b-8e71-43aa02de0b81"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "35/68",
"category": "Other",
"comment": "Delphi downloader",
"uuid": "5adf7dd1-ab84-4380-8e3a-467502de0b81"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--6f303c37-603a-4865-b8d8-051126590d55",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-04-24T18:56:20.000Z",
"modified": "2018-04-24T18:56:20.000Z",
"pattern": "[file:hashes.MD5 = 'ccaa16fbd2eb85dc496ee72ae125c711' AND file:hashes.SHA1 = 'f63e29621c8becac47ae6eac7bf9577bd0a37b73' AND file:hashes.SHA256 = '018a3fbea5a8a5c0d2680428ae48ba865c4c88cb809e6875208368f5d016a51b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-04-24T18:56:20Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--694554ff-b6b8-4a69-90b9-e3c221c1178c",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-04-24T18:56:18.000Z",
"modified": "2018-04-24T18:56:18.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2016-11-25T10:59:01",
"category": "Other",
"comment": "Delphi backdoor",
"uuid": "5adf7dd3-dde0-4da2-8234-490002de0b81"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/018a3fbea5a8a5c0d2680428ae48ba865c4c88cb809e6875208368f5d016a51b/analysis/1480071541/",
"category": "External analysis",
"comment": "Delphi backdoor",
"uuid": "5adf7dd3-0ac4-4b34-adbe-44c702de0b81"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "36/56",
"category": "Other",
"comment": "Delphi backdoor",
"uuid": "5adf7dd3-6acc-4b77-8d19-4ef902de0b81"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--7d6b3b1f-0adf-44cd-bb64-de0239f5b652",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-04-24T18:56:22.000Z",
"modified": "2018-04-24T18:56:22.000Z",
"pattern": "[file:hashes.MD5 = '783d1d533ba68b0f71902f8cf357c2f0' AND file:hashes.SHA1 = 'dabeadf0a9af3a8a0802f8445670806cd7671b1d' AND file:hashes.SHA256 = '7f4e4cc382af5d87b5d74fc7c3226652ee5748bd1de55466b5d36a70018b2460']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-04-24T18:56:22Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--7c34a838-84cb-4ebb-9084-3f9cf9a8b891",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-04-24T18:56:21.000Z",
"modified": "2018-04-24T18:56:21.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2016-09-14T11:19:03",
"category": "Other",
"comment": "AutoIt downloader",
"uuid": "5adf7dd5-70f4-4f55-a3e2-43e802de0b81"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/7f4e4cc382af5d87b5d74fc7c3226652ee5748bd1de55466b5d36a70018b2460/analysis/1473851943/",
"category": "External analysis",
"comment": "AutoIt downloader",
"uuid": "5adf7dd5-7d08-4bc9-8e82-466f02de0b81"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "34/58",
"category": "Other",
"comment": "AutoIt downloader",
"uuid": "5adf7dd6-e860-4e4d-8361-4c0f02de0b81"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--e25631f0-e2b9-4d16-817d-edfcc584a529",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-04-24T18:56:25.000Z",
"modified": "2018-04-24T18:56:25.000Z",
"pattern": "[file:hashes.MD5 = '87b5f05de6787fae0c48c23e03234502' AND file:hashes.SHA1 = '8bd56b580974ae195e9f92b3aa525547d33434c1' AND file:hashes.SHA256 = '1d3970df043761627f2ac63a01550074a0ef137d408c0f029fecb1481b820f93']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-04-24T18:56:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--4adfc07f-6b19-4fa0-be98-82d35e9a5438",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-04-24T18:56:23.000Z",
"modified": "2018-04-24T18:56:23.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-02-05T22:41:32",
"category": "Other",
"comment": "Delphi backdoor",
"uuid": "5adf7dd7-321c-48e8-b373-4da302de0b81"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/1d3970df043761627f2ac63a01550074a0ef137d408c0f029fecb1481b820f93/analysis/1517870492/",
"category": "External analysis",
"comment": "Delphi backdoor",
"uuid": "5adf7dd8-e4ac-46d4-9d72-489f02de0b81"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "37/58",
"category": "Other",
"comment": "Delphi backdoor",
"uuid": "5adf7dd8-a908-4f0f-aa33-445602de0b81"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--65124dbe-196c-434a-9bd3-3253323b7574",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-04-24T18:56:27.000Z",
"modified": "2018-04-24T18:56:27.000Z",
"pattern": "[file:hashes.MD5 = '39a400477b3289a9b627c1b7fb4af463' AND file:hashes.SHA1 = 'cdf9c24b86bc9a872035dcf3f53f380c904ed98b' AND file:hashes.SHA256 = 'ac9aea57da03206b1df12b5c012537c899bf5d67a5eb8113b4a4d99e0a0eb893']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-04-24T18:56:27Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--a81445af-4351-4773-8a6e-db2ad43829d2",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-04-24T18:56:26.000Z",
"modified": "2018-04-24T18:56:26.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-03-06T13:12:47",
"category": "Other",
"comment": "Delphi backdoor",
"uuid": "5adf7dda-ce14-4a7d-83a9-450a02de0b81"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/ac9aea57da03206b1df12b5c012537c899bf5d67a5eb8113b4a4d99e0a0eb893/analysis/1520341967/",
"category": "External analysis",
"comment": "Delphi backdoor",
"uuid": "5adf7dda-11e8-4867-ae31-473f02de0b81"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "31/67",
"category": "Other",
"comment": "Delphi backdoor",
"uuid": "5adf7ddb-7a5c-4814-8334-465502de0b81"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "relationship",
"spec_version": "2.1",
2024-08-07 08:13:15 +00:00
"id": "relationship--4cd71f4b-8703-4f58-94d3-089fb03f9246",
2023-04-21 14:44:17 +00:00
"created": "2018-04-24T18:56:27.000Z",
"modified": "2018-04-24T18:56:27.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--302f24a6-cc84-4575-ad9b-06463c14e099",
"target_ref": "x-misp-object--99962fb8-2977-48bc-b99a-d41fc2bb9c36"
},
{
"type": "relationship",
"spec_version": "2.1",
2024-08-07 08:13:15 +00:00
"id": "relationship--22bc101c-d5ff-4419-8b29-be48183783fd",
2023-04-21 14:44:17 +00:00
"created": "2018-04-24T18:56:27.000Z",
"modified": "2018-04-24T18:56:27.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--d1395618-6286-4483-ac39-2529eee30b0e",
"target_ref": "x-misp-object--0e7e0bef-02b2-4c73-b677-e842a6d359b5"
},
{
"type": "relationship",
"spec_version": "2.1",
2024-08-07 08:13:15 +00:00
"id": "relationship--28694ee8-7c2b-44c4-8ecc-de440205c5a1",
2023-04-21 14:44:17 +00:00
"created": "2018-04-24T18:56:27.000Z",
"modified": "2018-04-24T18:56:27.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--261155fb-4cd5-45e1-8b13-e1a39032793a",
"target_ref": "x-misp-object--094e60cb-a46e-449d-831b-56e943719480"
},
{
"type": "relationship",
"spec_version": "2.1",
2024-08-07 08:13:15 +00:00
"id": "relationship--7febd77a-5240-4942-93bb-7c78ea22d8c1",
2023-04-21 14:44:17 +00:00
"created": "2018-04-24T18:56:27.000Z",
"modified": "2018-04-24T18:56:27.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--595f3890-1294-41a5-baa3-491baf80f894",
"target_ref": "x-misp-object--bf9509a8-55d0-4487-a3f2-c978b390626e"
},
{
"type": "relationship",
"spec_version": "2.1",
2024-08-07 08:13:15 +00:00
"id": "relationship--4f33bc2c-f565-4664-bfd1-37b37583b47c",
2023-04-21 14:44:17 +00:00
"created": "2018-04-24T18:56:27.000Z",
"modified": "2018-04-24T18:56:27.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--1314f1f0-19d4-46c9-8e46-28554785026d",
"target_ref": "x-misp-object--719ef8f0-408a-4c1d-8e0f-d8c5ece319df"
},
{
"type": "relationship",
"spec_version": "2.1",
2024-08-07 08:13:15 +00:00
"id": "relationship--4fc6350b-955f-41c6-a312-9af5285d516a",
2023-04-21 14:44:17 +00:00
"created": "2018-04-24T18:56:27.000Z",
"modified": "2018-04-24T18:56:27.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--642529b8-ed04-4c7e-9b2e-7b7292123e82",
"target_ref": "x-misp-object--67ab9f86-569c-4934-8bcb-0ff68395281f"
},
{
"type": "relationship",
"spec_version": "2.1",
2024-08-07 08:13:15 +00:00
"id": "relationship--33d0f6aa-2cb8-44c8-a56c-916b0c650e49",
2023-04-21 14:44:17 +00:00
"created": "2018-04-24T18:56:27.000Z",
"modified": "2018-04-24T18:56:27.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--fd8fdb13-1446-49fa-ab12-1650348daacb",
"target_ref": "x-misp-object--3057b350-62f9-4e56-8581-3760f7d8621a"
},
{
"type": "relationship",
"spec_version": "2.1",
2024-08-07 08:13:15 +00:00
"id": "relationship--d4a09615-5279-47f6-b5e6-50f7e36a9810",
2023-04-21 14:44:17 +00:00
"created": "2018-04-24T18:56:27.000Z",
"modified": "2018-04-24T18:56:27.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--f935a768-6cbe-4f6a-8627-ecc6b1bdb9f5",
"target_ref": "x-misp-object--94b1712b-9ecd-4b9f-905c-0758bf880db7"
},
{
"type": "relationship",
"spec_version": "2.1",
2024-08-07 08:13:15 +00:00
"id": "relationship--c76ef0e3-ff02-42d0-83dd-0af5e4ff0966",
2023-04-21 14:44:17 +00:00
"created": "2018-04-24T18:56:27.000Z",
"modified": "2018-04-24T18:56:27.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--1da0fd9b-3d57-4ad9-ba4a-f85e3d40f107",
"target_ref": "x-misp-object--b6e4244e-208a-45e0-be0d-f8959ee03f62"
},
{
"type": "relationship",
"spec_version": "2.1",
2024-08-07 08:13:15 +00:00
"id": "relationship--aba5aef5-4135-4b3a-8e3f-8a40399571c7",
2023-04-21 14:44:17 +00:00
"created": "2018-04-24T18:56:27.000Z",
"modified": "2018-04-24T18:56:27.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--3a95499b-0068-4fc2-8ec4-cd4f44dbf30d",
"target_ref": "x-misp-object--a01e587d-c651-4fda-80e2-1cbb6beae16d"
},
{
"type": "relationship",
"spec_version": "2.1",
2024-08-07 08:13:15 +00:00
"id": "relationship--ea11fca9-8058-4ca3-a453-b91c8899ed30",
2023-04-21 14:44:17 +00:00
"created": "2018-04-24T18:56:27.000Z",
"modified": "2018-04-24T18:56:27.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--ce5d079f-20fd-4f03-b440-a12063c7b7f6",
"target_ref": "x-misp-object--c5fa284c-19fd-44bc-8fcc-a24f831574b8"
},
{
"type": "relationship",
"spec_version": "2.1",
2024-08-07 08:13:15 +00:00
"id": "relationship--1f8046b8-9e95-4e64-8bb0-2ad87bec3acd",
2023-04-21 14:44:17 +00:00
"created": "2018-04-24T18:56:27.000Z",
"modified": "2018-04-24T18:56:27.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--2192b730-c7c2-471e-9889-c09e11c73355",
"target_ref": "x-misp-object--ef9ea072-bf47-451a-844c-4d40afdfc463"
},
{
"type": "relationship",
"spec_version": "2.1",
2024-08-07 08:13:15 +00:00
"id": "relationship--f18294fc-8663-4f5f-983c-ba929b361eb2",
2023-04-21 14:44:17 +00:00
"created": "2018-04-24T18:56:28.000Z",
"modified": "2018-04-24T18:56:28.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--5949a4b4-1ebb-4b11-955f-d69e30594c2c",
"target_ref": "x-misp-object--051677f1-b2f5-4b4a-845b-77b1278a9c08"
},
{
"type": "relationship",
"spec_version": "2.1",
2024-08-07 08:13:15 +00:00
"id": "relationship--219b8b0e-3e5d-4d3b-b150-f4fe25f77ed6",
2023-04-21 14:44:17 +00:00
"created": "2018-04-24T18:56:28.000Z",
"modified": "2018-04-24T18:56:28.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--9eec20d3-7f37-4f18-a861-9d95bd6aea86",
"target_ref": "x-misp-object--38824d89-1178-4d1c-b022-d8ae2adeae9f"
},
{
"type": "relationship",
"spec_version": "2.1",
2024-08-07 08:13:15 +00:00
"id": "relationship--0e5b7c6e-a0dd-46c7-a776-2fc31234594d",
2023-04-21 14:44:17 +00:00
"created": "2018-04-24T18:56:28.000Z",
"modified": "2018-04-24T18:56:28.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--988ccae3-9e28-4432-8517-30e01057df0d",
"target_ref": "x-misp-object--fa3cc16f-8fd6-4cc1-bc5f-89f0a24beb1d"
},
{
"type": "relationship",
"spec_version": "2.1",
2024-08-07 08:13:15 +00:00
"id": "relationship--99347121-f128-4e06-bf17-7f2623858a11",
2023-04-21 14:44:17 +00:00
"created": "2018-04-24T18:56:28.000Z",
"modified": "2018-04-24T18:56:28.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--486cb263-bf1a-43f8-baf2-9f41bb6a1571",
"target_ref": "x-misp-object--576def47-945e-4ae9-8c0e-152c5f4fac12"
},
{
"type": "relationship",
"spec_version": "2.1",
2024-08-07 08:13:15 +00:00
"id": "relationship--fcc2cc1a-8020-48b0-b71b-b19fea12a22f",
2023-04-21 14:44:17 +00:00
"created": "2018-04-24T18:56:28.000Z",
"modified": "2018-04-24T18:56:28.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--baf449dc-4245-449d-bdbb-7a5c29cb15d1",
"target_ref": "x-misp-object--1bb74aeb-3552-4d7a-8eb5-99ca2508fb52"
},
{
"type": "relationship",
"spec_version": "2.1",
2024-08-07 08:13:15 +00:00
"id": "relationship--c3c582fc-054d-4b2a-b6cd-4b2419acad79",
2023-04-21 14:44:17 +00:00
"created": "2018-04-24T18:56:28.000Z",
"modified": "2018-04-24T18:56:28.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--b330fd72-4ec0-4752-95de-e0a789b7e9e8",
"target_ref": "x-misp-object--4c792f79-2353-457e-81c9-eff70489079a"
},
{
"type": "relationship",
"spec_version": "2.1",
2024-08-07 08:13:15 +00:00
"id": "relationship--eb48a305-6cad-4e65-9622-7d5e993ee500",
2023-04-21 14:44:17 +00:00
"created": "2018-04-24T18:56:28.000Z",
"modified": "2018-04-24T18:56:28.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--3db0b28c-67cf-4546-a40d-da94eec7ee5e",
"target_ref": "x-misp-object--09b083f6-2364-4d2b-a1e3-1162587cc7e6"
},
{
"type": "relationship",
"spec_version": "2.1",
2024-08-07 08:13:15 +00:00
"id": "relationship--9d98d734-8daf-49a4-be93-35381f0ca4e5",
2023-04-21 14:44:17 +00:00
"created": "2018-04-24T18:56:28.000Z",
"modified": "2018-04-24T18:56:28.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--4745d413-4f7b-4f16-96be-f4dd074f1941",
"target_ref": "x-misp-object--ec56b918-e921-4d4b-a0cc-bfadf8120482"
},
{
"type": "relationship",
"spec_version": "2.1",
2024-08-07 08:13:15 +00:00
"id": "relationship--8911e29b-d539-40ab-8c03-2ff1ca7ba105",
2023-04-21 14:44:17 +00:00
"created": "2018-04-24T18:56:28.000Z",
"modified": "2018-04-24T18:56:28.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--3c3df287-c480-4e94-a872-1f03ac0f92bc",
"target_ref": "x-misp-object--08c1796d-7949-4531-83ff-45db4afae1d1"
},
{
"type": "relationship",
"spec_version": "2.1",
2024-08-07 08:13:15 +00:00
"id": "relationship--a2c1a911-f7e9-46ae-b024-18137e5530a1",
2023-04-21 14:44:17 +00:00
"created": "2018-04-24T18:56:28.000Z",
"modified": "2018-04-24T18:56:28.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--a9a54fb9-5c34-49d1-b282-fb57ef4ed40a",
"target_ref": "x-misp-object--12ef353f-60f2-4459-be94-50e52fd85569"
},
{
"type": "relationship",
"spec_version": "2.1",
2024-08-07 08:13:15 +00:00
"id": "relationship--5da8d241-c258-467e-8bc6-04cb516204ed",
2023-04-21 14:44:17 +00:00
"created": "2018-04-24T18:56:28.000Z",
"modified": "2018-04-24T18:56:28.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--747f6ce0-02a7-4ad1-9d6b-521ba518604c",
"target_ref": "x-misp-object--51f38f80-a11b-4aa3-8080-164c185cdb2d"
},
{
"type": "relationship",
"spec_version": "2.1",
2024-08-07 08:13:15 +00:00
"id": "relationship--f372fcc5-b6d2-4f25-9fc9-8768e6714e6a",
2023-04-21 14:44:17 +00:00
"created": "2018-04-24T18:56:28.000Z",
"modified": "2018-04-24T18:56:28.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--35669949-414e-46e8-b922-a268178ce5cd",
"target_ref": "x-misp-object--d56ef909-0c8a-4a43-91f6-43c824ef6b16"
},
{
"type": "relationship",
"spec_version": "2.1",
2024-08-07 08:13:15 +00:00
"id": "relationship--3005ae30-9186-4f90-a265-d5377880f8f2",
2023-04-21 14:44:17 +00:00
"created": "2018-04-24T18:56:28.000Z",
"modified": "2018-04-24T18:56:28.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--ad3d881f-c113-48d5-855b-2dd4d024f91f",
"target_ref": "x-misp-object--105287fa-3fa6-4fc7-9e89-2b40dd00f83c"
},
{
"type": "relationship",
"spec_version": "2.1",
2024-08-07 08:13:15 +00:00
"id": "relationship--4aae2b16-f75c-48d6-9c99-60bf9558e32e",
2023-04-21 14:44:17 +00:00
"created": "2018-04-24T18:56:28.000Z",
"modified": "2018-04-24T18:56:28.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--49564bbc-8586-4f0e-85d2-9e2740c15bd2",
"target_ref": "x-misp-object--d23722af-7e5c-4eae-8351-cba27a8ed023"
},
{
"type": "relationship",
"spec_version": "2.1",
2024-08-07 08:13:15 +00:00
"id": "relationship--c3a5bd81-0edb-4411-96c4-27c13c496a77",
2023-04-21 14:44:17 +00:00
"created": "2018-04-24T18:56:28.000Z",
"modified": "2018-04-24T18:56:28.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--2f1db766-fb4f-473b-b63f-dd28deffd49d",
"target_ref": "x-misp-object--5773f131-49f8-412c-b626-dc692512567b"
},
{
"type": "relationship",
"spec_version": "2.1",
2024-08-07 08:13:15 +00:00
"id": "relationship--7c8d4c54-5929-4cb7-9d13-c699ad24d70a",
2023-04-21 14:44:17 +00:00
"created": "2018-04-24T18:56:28.000Z",
"modified": "2018-04-24T18:56:28.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--1be56ace-cd17-443a-bccd-e06270dcd50e",
"target_ref": "x-misp-object--004f0fc6-2583-4a1b-a1e5-47c227aef9d8"
},
{
"type": "relationship",
"spec_version": "2.1",
2024-08-07 08:13:15 +00:00
"id": "relationship--1e279a8b-9c98-429f-be9c-6a9f685137d4",
2023-04-21 14:44:17 +00:00
"created": "2018-04-24T18:56:28.000Z",
"modified": "2018-04-24T18:56:28.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--35e71b75-b89e-46df-a427-23edf31cfafb",
"target_ref": "x-misp-object--30bac908-1031-49fe-866a-593cab5b2703"
},
{
"type": "relationship",
"spec_version": "2.1",
2024-08-07 08:13:15 +00:00
"id": "relationship--30970b4b-58b4-4d34-844e-c1e89aabdb3b",
2023-04-21 14:44:17 +00:00
"created": "2018-04-24T18:56:29.000Z",
"modified": "2018-04-24T18:56:29.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--c1d52771-ed8b-4bda-bc57-36890af08d8f",
"target_ref": "x-misp-object--292131ff-8255-4d75-96e4-476aaa98bce9"
},
{
"type": "relationship",
"spec_version": "2.1",
2024-08-07 08:13:15 +00:00
"id": "relationship--9935e76f-0cf5-4652-bbd6-02bdf0c73d1f",
2023-04-21 14:44:17 +00:00
"created": "2018-04-24T18:56:29.000Z",
"modified": "2018-04-24T18:56:29.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--e1a2202c-2087-41e1-aa42-6dd51e4e6feb",
"target_ref": "x-misp-object--bd746cc8-36e9-4963-9876-cf44eba56c06"
},
{
"type": "relationship",
"spec_version": "2.1",
2024-08-07 08:13:15 +00:00
"id": "relationship--37fcf317-0f43-4779-9e80-99b4bc614c71",
2023-04-21 14:44:17 +00:00
"created": "2018-04-24T18:56:29.000Z",
"modified": "2018-04-24T18:56:29.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--5eddcf55-b499-47aa-8ae2-92c101e6b647",
"target_ref": "x-misp-object--cce6a9d7-acd7-4a70-970a-698271170875"
},
{
"type": "relationship",
"spec_version": "2.1",
2024-08-07 08:13:15 +00:00
"id": "relationship--ed3eb1e1-fd22-40dc-a109-73bdafd00c52",
2023-04-21 14:44:17 +00:00
"created": "2018-04-24T18:56:29.000Z",
"modified": "2018-04-24T18:56:29.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--01cbd989-d616-43eb-829c-e76e83b81cef",
"target_ref": "x-misp-object--239bb986-17a9-4090-b77d-09d13ddb3b57"
},
{
"type": "relationship",
"spec_version": "2.1",
2024-08-07 08:13:15 +00:00
"id": "relationship--b4a6b1d4-c5aa-4257-8b45-b7b04171734b",
2023-04-21 14:44:17 +00:00
"created": "2018-04-24T18:56:29.000Z",
"modified": "2018-04-24T18:56:29.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--0c218df1-6a92-42f8-81b4-0b0bc5c3e829",
"target_ref": "x-misp-object--50667d9f-ba5a-4250-a1a5-8cab5f9e5dfe"
},
{
"type": "relationship",
"spec_version": "2.1",
2024-08-07 08:13:15 +00:00
"id": "relationship--1dc2f003-3ee4-41d8-8857-4eb6cc788168",
2023-04-21 14:44:17 +00:00
"created": "2018-04-24T18:56:29.000Z",
"modified": "2018-04-24T18:56:29.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--f7efa9cb-93b6-46ab-b371-d01fecacb841",
"target_ref": "x-misp-object--d523f8aa-8e07-4676-a002-3b8d2cb0309e"
},
{
"type": "relationship",
"spec_version": "2.1",
2024-08-07 08:13:15 +00:00
"id": "relationship--e33619b7-0fbd-4e73-bbe6-cc2f358f4a2b",
2023-04-21 14:44:17 +00:00
"created": "2018-04-24T18:56:29.000Z",
"modified": "2018-04-24T18:56:29.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--457493d7-a191-4bdf-933b-74978f71aa8c",
"target_ref": "x-misp-object--fc424bda-f8f3-4647-8c44-eceacf716dd3"
},
{
"type": "relationship",
"spec_version": "2.1",
2024-08-07 08:13:15 +00:00
"id": "relationship--9eebcbbf-a74f-444a-872e-25ada0c8a5cd",
2023-04-21 14:44:17 +00:00
"created": "2018-04-24T18:56:29.000Z",
"modified": "2018-04-24T18:56:29.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--799485d1-81c0-4356-8c37-a1fd87d2b696",
"target_ref": "x-misp-object--5455dfc9-9fea-4181-9055-286a5d6bee2e"
},
{
"type": "relationship",
"spec_version": "2.1",
2024-08-07 08:13:15 +00:00
"id": "relationship--16609238-6350-44ca-985f-daf3d8717d60",
2023-04-21 14:44:17 +00:00
"created": "2018-04-24T18:56:29.000Z",
"modified": "2018-04-24T18:56:29.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--52cc2b2b-e22b-4859-8353-f3962ed30eb0",
"target_ref": "x-misp-object--d1df3a1f-0657-4f95-b413-d567e7a8e35a"
},
{
"type": "relationship",
"spec_version": "2.1",
2024-08-07 08:13:15 +00:00
"id": "relationship--405dd615-959d-420f-a61b-5cbc61f37fd3",
2023-04-21 14:44:17 +00:00
"created": "2018-04-24T18:56:29.000Z",
"modified": "2018-04-24T18:56:29.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--b30ce5a7-9388-43de-a962-a21c92dd3adb",
"target_ref": "x-misp-object--0013c360-38e7-4b54-b525-3a9fd2a09dcf"
},
{
"type": "relationship",
"spec_version": "2.1",
2024-08-07 08:13:15 +00:00
"id": "relationship--b16dee2a-13ad-45f6-a326-c561949a1d29",
2023-04-21 14:44:17 +00:00
"created": "2018-04-24T18:56:29.000Z",
"modified": "2018-04-24T18:56:29.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--b3276d07-ad5e-4273-80d2-fdbbebb461d7",
"target_ref": "x-misp-object--00524f3a-0430-47bf-8631-8116a10692c4"
},
{
"type": "relationship",
"spec_version": "2.1",
2024-08-07 08:13:15 +00:00
"id": "relationship--bc24906a-73e9-4308-9fde-b197de27924e",
2023-04-21 14:44:17 +00:00
"created": "2018-04-24T18:56:29.000Z",
"modified": "2018-04-24T18:56:29.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--fd291a15-f1ec-4e9a-b6b0-bfa559cb3d3a",
"target_ref": "x-misp-object--8b8fe04c-91cd-4d37-82e6-668576da81cd"
},
{
"type": "relationship",
"spec_version": "2.1",
2024-08-07 08:13:15 +00:00
"id": "relationship--bfa407ec-9731-4f3a-8c9f-0bf7b33a7551",
2023-04-21 14:44:17 +00:00
"created": "2018-04-24T18:56:29.000Z",
"modified": "2018-04-24T18:56:29.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--6f303c37-603a-4865-b8d8-051126590d55",
"target_ref": "x-misp-object--694554ff-b6b8-4a69-90b9-e3c221c1178c"
},
{
"type": "relationship",
"spec_version": "2.1",
2024-08-07 08:13:15 +00:00
"id": "relationship--fe0cbfd9-eacc-4831-a19c-baae85b78f3d",
2023-04-21 14:44:17 +00:00
"created": "2018-04-24T18:56:29.000Z",
"modified": "2018-04-24T18:56:29.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--7d6b3b1f-0adf-44cd-bb64-de0239f5b652",
"target_ref": "x-misp-object--7c34a838-84cb-4ebb-9084-3f9cf9a8b891"
},
{
"type": "relationship",
"spec_version": "2.1",
2024-08-07 08:13:15 +00:00
"id": "relationship--c1af16b6-7c9a-4f35-9fbe-6c63d5a83080",
2023-04-21 14:44:17 +00:00
"created": "2018-04-24T18:56:29.000Z",
"modified": "2018-04-24T18:56:29.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--e25631f0-e2b9-4d16-817d-edfcc584a529",
"target_ref": "x-misp-object--4adfc07f-6b19-4fa0-be98-82d35e9a5438"
},
{
"type": "relationship",
"spec_version": "2.1",
2024-08-07 08:13:15 +00:00
"id": "relationship--05850a31-4a22-404c-8db2-412d5226e9cd",
2023-04-21 14:44:17 +00:00
"created": "2018-04-24T18:56:29.000Z",
"modified": "2018-04-24T18:56:29.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--65124dbe-196c-434a-9bd3-3253323b7574",
"target_ref": "x-misp-object--a81445af-4351-4773-8a6e-db2ad43829d2"
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
]
}