2023-04-21 14:44:17 +00:00
{
"type" : "bundle" ,
"id" : "bundle--5b63f5e4-bf24-4f46-8340-48fc02de0b81" ,
"objects" : [
{
"type" : "identity" ,
"spec_version" : "2.1" ,
"id" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-03T07:05:35.000Z" ,
"modified" : "2018-08-03T07:05:35.000Z" ,
"name" : "CIRCL" ,
"identity_class" : "organization"
} ,
{
"type" : "report" ,
"spec_version" : "2.1" ,
"id" : "report--5b63f5e4-bf24-4f46-8340-48fc02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-03T07:05:35.000Z" ,
"modified" : "2018-08-03T07:05:35.000Z" ,
"name" : "OSINT - Attacks on industrial enterprises using RMS and TeamViewer" ,
"published" : "2018-08-03T07:27:04Z" ,
"object_refs" : [
"observed-data--5b63f5ef-b2ac-46ba-a801-44ce02de0b81" ,
"url--5b63f5ef-b2ac-46ba-a801-44ce02de0b81" ,
"x-misp-attribute--5b63f608-97e4-4125-9e7b-457d02de0b81" ,
"x-misp-attribute--5b63f8c5-a258-4e3e-a5d7-46d602de0b81" ,
"x-misp-attribute--5b63f8c5-6240-4b67-a5d9-4b2d02de0b81" ,
"x-misp-attribute--5b63f8c5-322c-4d68-9493-44ce02de0b81" ,
"x-misp-attribute--5b63f8c5-be84-4d86-9781-45ef02de0b81" ,
"x-misp-attribute--5b63f8c5-818c-4271-a487-4e7b02de0b81" ,
"indicator--5b63fae7-0148-448a-bb4c-44f002de0b81" ,
"indicator--5b63fb12-b55c-4d94-b9dd-4dc202de0b81" ,
"indicator--5b63fb98-a0c0-42dd-910a-4ad602de0b81" ,
"indicator--5b63fb98-79a8-4232-9aed-470502de0b81" ,
"indicator--5b63fb98-42f0-4c8a-956b-40f002de0b81" ,
"indicator--5b63fb98-23a8-48b4-b711-4e2802de0b81" ,
"indicator--5b63fbff-76c4-4c00-a466-433802de0b81" ,
"indicator--5b63fbff-7078-4f05-a045-4d9502de0b81" ,
"indicator--5b63fc00-24f0-4eaa-a4ea-451f02de0b81" ,
"indicator--5b63fc00-d590-4678-8fbb-4b0d02de0b81" ,
"indicator--5b63fc01-0e4c-459d-9aa5-4b2802de0b81" ,
"indicator--5b63fc01-36c8-42e1-b9bb-4f1d02de0b81" ,
"indicator--5b63fc02-c7c4-4406-acbd-424302de0b81" ,
"indicator--5b63fc02-3994-454f-91a3-471e02de0b81" ,
"indicator--5b63fc03-d9a4-487e-9f6a-434102de0b81" ,
"indicator--5b63fc03-23fc-4d52-ad37-4c3c02de0b81" ,
"indicator--5b63fc04-be90-4410-b7a9-4d2302de0b81" ,
"indicator--5b63fc04-ed58-450f-b839-41da02de0b81" ,
"indicator--5b63fc04-6064-4772-a747-462602de0b81" ,
"indicator--5b63fc05-d124-4f85-b57d-42eb02de0b81" ,
"indicator--5b63fc05-ed94-4549-adbc-45d502de0b81" ,
"indicator--5b63fc06-97d0-4776-947b-435202de0b81" ,
"indicator--5b63fc97-9664-44ad-b08f-449d02de0b81" ,
"indicator--5b63fc97-0a8c-495d-bacc-484d02de0b81" ,
"indicator--5b63fc98-824c-429d-acd0-463902de0b81" ,
"indicator--5b63fc98-1bb4-4b68-9353-4cd302de0b81" ,
"indicator--5b63fc99-34ac-43a7-83aa-40c202de0b81" ,
"indicator--5b63fc99-4c68-452a-a241-4e2602de0b81" ,
"indicator--5b63fc99-1b1c-4342-abd2-4ee502de0b81" ,
"indicator--5b63fc9a-cf44-4116-be6e-40ec02de0b81" ,
"indicator--5b63fc9a-922c-4066-9966-464b02de0b81" ,
"indicator--5b63fc9b-f500-4352-acb2-49f802de0b81" ,
"indicator--5b63fc9b-2dcc-4b46-92f2-456202de0b81" ,
"indicator--5b63fc9c-b8b0-4a56-ba31-4a0a02de0b81" ,
"indicator--5b63fd66-cdb8-4bc0-a818-470002de0b81" ,
"indicator--5b63fd67-eefc-4c2f-9ce5-49a102de0b81" ,
"indicator--5b63fd67-2da4-4702-9b89-4d4402de0b81" ,
"indicator--5b63fd67-b584-4a05-8b22-480702de0b81" ,
"indicator--5b63fd68-a048-457f-bd35-437202de0b81" ,
"indicator--5b63fd68-63cc-4a17-b1b6-403002de0b81" ,
"indicator--5b63fd69-6dc4-4a45-9a9c-4d4102de0b81" ,
"indicator--5b63fd69-3470-4837-89db-49bc02de0b81" ,
"indicator--5b63fd6a-0fbc-47b7-aad6-471102de0b81" ,
"indicator--5b63fd6a-b0c4-4cd1-9769-46ea02de0b81" ,
"indicator--5b63fd6a-9b48-4aa5-9970-4b8b02de0b81" ,
"observed-data--5b63fdfa-9d30-4d83-9783-40d402de0b81" ,
"file--5b63fdfa-9d30-4d83-9783-40d402de0b81" ,
"artifact--5b63fdfa-9d30-4d83-9783-40d402de0b81" ,
"indicator--76d54bf8-8a5c-4d15-99a5-60099d75f33c" ,
"x-misp-object--85c6f32f-13fd-45fc-b553-04eea230334d" ,
"indicator--8fbcce78-3cbc-4071-b67d-dfe531d27c00" ,
"x-misp-object--19c2defe-70e2-4b45-9834-a0d0c63c4611" ,
"indicator--18222cee-2ac0-47a1-8791-6744df043aad" ,
"x-misp-object--89416cc5-db81-4f92-9523-398c9f71e800" ,
"indicator--0e9b4bd9-14db-4902-9991-a206bcacc6f1" ,
"x-misp-object--b0a6a50d-3304-4eaf-9802-eb197d2ad89d" ,
"indicator--d4cb5445-b513-432b-97e4-b95f612ab3d4" ,
"x-misp-object--2b6f9fe6-6e77-420e-ad70-57285e0091df" ,
"indicator--7c801ac7-ea1e-463d-91c4-d0cbd23b3109" ,
"x-misp-object--f3f2eb44-2a5c-4d1c-b9bd-1edfe18dfc2d" ,
"indicator--7afe7225-8811-485e-8937-ab7bad8e74f0" ,
"x-misp-object--7d927d9b-6bc5-4668-9595-b58885c9cc0b" ,
"indicator--294d1429-59cd-4ad7-95d9-fc5b3661475a" ,
"x-misp-object--240a9164-aac0-4a1d-9f8c-ac58688889dd" ,
"indicator--0bf17bb7-e694-4e30-ae93-44dad8b167dc" ,
"x-misp-object--f600d536-ac39-4588-9ff8-63621d6d372b" ,
"indicator--95ac7141-73a2-4887-a57b-703e4ae18c8f" ,
"x-misp-object--8afbb632-1a98-404c-bde5-89b01c882fda" ,
"indicator--1b004d6a-4eaa-4144-80db-7ddfed3e1672" ,
"x-misp-object--1f8e9d51-4bc9-466f-ad49-357294ada4d8" ,
"indicator--764f0fcd-1ab1-4784-8f89-476df01f9e82" ,
"x-misp-object--4d24cad3-2421-48ad-9b73-2624715cd5dd" ,
"indicator--d5094d86-5aa2-4930-be67-590b666faf24" ,
"x-misp-object--68f98b66-dfff-4879-a93e-23798294887a" ,
"indicator--52674802-1516-419a-bc3b-01dae5b5746f" ,
"x-misp-object--2b1648e9-577e-46f9-bdb3-f70186927dc3" ,
"indicator--096da749-1936-41dd-96f3-cbdd247f2548" ,
"x-misp-object--bee97d03-cf53-441d-b24e-be6fe5aff6fe" ,
"indicator--fe9ff2db-3990-4476-af1f-4ea5fd9455ec" ,
"x-misp-object--3a3d31fe-1599-4535-8de1-073d022ac421" ,
"indicator--2c0a000b-4cb5-444e-b6e8-f5ce047774bc" ,
"x-misp-object--6a699fff-9d42-4ebc-835c-7063f752908c" ,
"indicator--b41fba7b-7e99-46be-b244-3749274d6511" ,
"x-misp-object--2643e936-cbd4-4080-bf24-897926886b9c" ,
"indicator--4024aa3c-18df-4452-a3b9-9f3e62fa105c" ,
"x-misp-object--242889dc-9946-48f0-bb16-b6044a619b37" ,
"indicator--818160f4-21c2-45b6-be21-dd9eec574074" ,
"x-misp-object--250c1137-3bfa-446e-b1e3-9ac17421a058" ,
"indicator--1267f609-b45b-4b55-a0d1-ea1ae7db562d" ,
"x-misp-object--df4f13dc-e7db-4896-a560-3f428553d305" ,
"indicator--6745208f-c8c8-4274-b672-890fb2779a26" ,
"x-misp-object--5f713e33-c562-4370-87c0-17a7a79034be" ,
"indicator--7d5de9ae-0701-4641-b1dd-6db94f8b0ad6" ,
"x-misp-object--d9a9cd7a-cc40-41c7-ab06-8ca0b166726f" ,
2024-08-07 08:13:15 +00:00
"relationship--119f2a76-d43a-4a18-bad2-9b60a35bdbf3" ,
"relationship--58852f7a-4364-4562-96b7-f7d12dd03a97" ,
"relationship--63f344da-93e7-4349-a0b6-9b62d1a63936" ,
"relationship--fcdf7045-6063-40c5-b290-df3f992bf95e" ,
"relationship--7c572f60-8e76-4e4e-9871-db795105216e" ,
"relationship--03e9518b-d63a-4414-baaa-ecd66a3a7683" ,
"relationship--80726698-1170-4ddd-832a-0b1e043b881e" ,
"relationship--95c9ece5-fb00-457f-baa2-8483ce8515c7" ,
"relationship--ca56f12b-7a7b-4c8e-819c-c9d2bdd86084" ,
"relationship--bdd0aac3-300c-4db9-8a5e-3878ac64b520" ,
"relationship--45480b25-62ef-4033-8450-7c5b29dcd594" ,
"relationship--a6673616-5aa4-4e72-a8e5-ef6898fc493c" ,
"relationship--67881442-fe9d-409c-b6c7-e3a32e211dd4" ,
"relationship--b700b0e8-fd36-4934-8d3d-3355e3a39c96" ,
"relationship--bac7b5fd-1801-4d39-89d8-c92ff199de60" ,
"relationship--7ee12c78-a0ee-46ee-9675-7298def5cfed" ,
"relationship--91135903-f818-4ce5-b49e-8a1b7b4af543" ,
"relationship--b06cc5f7-a2f5-4b01-b75b-0f2c1dce1290" ,
"relationship--44a46da7-247e-415a-8a9c-64619a270e19" ,
"relationship--23046ab1-1306-4248-a361-a255f2b21407" ,
"relationship--1889e57f-2a63-435e-aa9d-9a5d1851c08f" ,
"relationship--0527993d-c18f-4bf5-8bf4-56839d319deb" ,
"relationship--35a81de7-b9f4-4d76-a581-8bc84876604c"
2023-04-21 14:44:17 +00:00
] ,
"labels" : [
"Threat-Report" ,
"misp:tool=\"MISP-STIX-Converter\"" ,
"misp-galaxy:rat=\"Babylon\"" ,
"misp-galaxy:botnet=\"BetaBot\"" ,
"misp-galaxy:stealer=\"AZORult\"" ,
"misp-galaxy:sector=\"Manufacturing\"" ,
"misp-galaxy:sector=\"Oil\"" ,
"misp-galaxy:sector=\"Energy\"" ,
"misp-galaxy:sector=\"Mining\"" ,
"misp-galaxy:sector=\"Construction\"" ,
"misp-galaxy:sector=\"Logistic\"" ,
"osint:source-type=\"blog-post\"" ,
"estimative-language:confidence-in-analytic-judgment=\"moderate\""
] ,
"object_marking_refs" : [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--5b63f5ef-b2ac-46ba-a801-44ce02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-03T06:27:59.000Z" ,
"modified" : "2018-08-03T06:27:59.000Z" ,
"first_observed" : "2018-08-03T06:27:59Z" ,
"last_observed" : "2018-08-03T06:27:59Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--5b63f5ef-b2ac-46ba-a801-44ce02de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--5b63f5ef-b2ac-46ba-a801-44ce02de0b81" ,
"value" : "https://securelist.com/attacks-on-industrial-enterprises-using-rms-and-teamviewer/87104/"
} ,
{
"type" : "x-misp-attribute" ,
"spec_version" : "2.1" ,
"id" : "x-misp-attribute--5b63f608-97e4-4125-9e7b-457d02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-03T06:28:24.000Z" ,
"modified" : "2018-08-03T06:28:24.000Z" ,
"labels" : [
"misp:type=\"text\"" ,
"misp:category=\"External analysis\""
] ,
"x_misp_category" : "External analysis" ,
"x_misp_type" : "text" ,
"x_misp_value" : "Kaspersky Lab ICS CERT has identified a new wave of phishing emails with malicious attachments targeting primarily companies and organizations that are, in one way or another, associated with industrial production.\r\n\r\nThe phishing emails are disguised as legitimate commercial offers and are sent mainly to industrial companies located in Russia. The content of each email reflects the activity of the organization under attack and the type of work performed by the employee to whom the email is sent.\r\n\r\nAccording to the data that we have collected, this series of attacks started in November 2017 and is currently in progress. Notably, the first similar attacks were recorded as far back as 2015.\r\n\r\nThe malware used in these attacks installs legitimate remote administration software \u00e2\u20ac\u201c TeamViewer or Remote Manipulator System/Remote Utilities (RMS). This enables the attackers to gain remote control of infected systems. The threat actor uses various techniques to mask the infection and the activity of malware installed in the system.\r\n\r\nAccording to the data available, the attackers\u00e2\u20ac\u2122 main goal is to steal money from victim organizations\u00e2\u20ac\u2122 accounts. When attackers connect to a victim\u00e2\u20ac\u2122s computer, they search for and analyze purchase documents, as well as the financial and accounting software used. After that, the attackers look for various ways in which they can commit financial fraud, such as spoofing the bank details used to make payments.\r\n\r\nIn cases where the cybercriminals need additional data or capabilities after infecting a system, such as privilege escalation and obtaining local administrator privileges, the theft of user authentication data for financial software and services, or Windows accounts for lateral movement, the attackers download an additional pack of malware to the system, which is specifically tailored to the attack on each individual victim. The malware pack can include spyware, additional remote administration utilities that extend the attackers\u00e2\u20ac\u2122 control on infected systems, malware for exploiting operating system and application software vulnerabilities, as well as the Mimikatz utility, which provides the attackers with Windows account data.\r\n\r\nApparently, among other methods, the attackers obtain the information they need to perpetrate their criminal activity by analyzing the correspondence of employees at the enterprises attacked. They may also use the information found in these emails to prepare new attacks \u00e2\u20ac\u201c against companies that partner with the current victim.\r\n\r\nClearly, on top of the financial losses, these attacks result in leaks of the victim organizations\u00e2\u20ac\u2122 sensitive data."
} ,
{
"type" : "x-misp-attribute" ,
"spec_version" : "2.1" ,
"id" : "x-misp-attribute--5b63f8c5-a258-4e3e-a5d7-46d602de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-03T06:40:05.000Z" ,
"modified" : "2018-08-03T06:40:05.000Z" ,
"labels" : [
"misp:type=\"text\"" ,
"misp:category=\"Antivirus detection\""
] ,
"x_misp_category" : "Antivirus detection" ,
"x_misp_type" : "text" ,
"x_misp_value" : "Trojan.BAT.Starter"
} ,
{
"type" : "x-misp-attribute" ,
"spec_version" : "2.1" ,
"id" : "x-misp-attribute--5b63f8c5-6240-4b67-a5d9-4b2d02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-03T06:40:05.000Z" ,
"modified" : "2018-08-03T06:40:05.000Z" ,
"labels" : [
"misp:type=\"text\"" ,
"misp:category=\"Antivirus detection\""
] ,
"x_misp_category" : "Antivirus detection" ,
"x_misp_type" : "text" ,
"x_misp_value" : "Trojan.Win32.Dllhijack"
} ,
{
"type" : "x-misp-attribute" ,
"spec_version" : "2.1" ,
"id" : "x-misp-attribute--5b63f8c5-322c-4d68-9493-44ce02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-03T06:40:05.000Z" ,
"modified" : "2018-08-03T06:40:05.000Z" ,
"labels" : [
"misp:type=\"text\"" ,
"misp:category=\"Antivirus detection\""
] ,
"x_misp_category" : "Antivirus detection" ,
"x_misp_type" : "text" ,
"x_misp_value" : "Trojan.Win32.Waldek"
} ,
{
"type" : "x-misp-attribute" ,
"spec_version" : "2.1" ,
"id" : "x-misp-attribute--5b63f8c5-be84-4d86-9781-45ef02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-03T06:40:05.000Z" ,
"modified" : "2018-08-03T06:40:05.000Z" ,
"labels" : [
"misp:type=\"text\"" ,
"misp:category=\"Antivirus detection\""
] ,
"x_misp_category" : "Antivirus detection" ,
"x_misp_type" : "text" ,
"x_misp_value" : "Backdoor.Win32.RA-based"
} ,
{
"type" : "x-misp-attribute" ,
"spec_version" : "2.1" ,
"id" : "x-misp-attribute--5b63f8c5-818c-4271-a487-4e7b02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-03T06:40:05.000Z" ,
"modified" : "2018-08-03T06:40:05.000Z" ,
"labels" : [
"misp:type=\"text\"" ,
"misp:category=\"Antivirus detection\""
] ,
"x_misp_category" : "Antivirus detection" ,
"x_misp_type" : "text" ,
"x_misp_value" : "Backdoor.Win32.Agent"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b63fae7-0148-448a-bb4c-44f002de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-03T06:49:11.000Z" ,
"modified" : "2018-08-03T06:49:11.000Z" ,
"pattern" : "[rule TeamViewer_msimg32_dllhijack {\r\nmeta:\r\ndescription = \"msimg32.dll malicious file used in TeamViewer\"\r\nhash = \"16b4ebfdf74db8f730f2fb4d03e86d27\"\r\nhash = \"8c4e9016b9b4db809dd312f971a275b\r\n1\"\r\nversion = \"1.1\" \r\nstrings:\r\n$a1=\"msimg32.dll\" fullword\r\ncondition:\r\nuint16(0) == 0x5A4D\r\nand any of ($a*)\r\nand pe.exports(\"SvcMain\")\r\nand pe.number_of_exports >6\r\nand filesize > 50000 \r\nand filesize < 200000 \r\n}]" ,
"pattern_type" : "yara" ,
2023-12-14 14:30:15 +00:00
"pattern_version" : "2.1" ,
2023-04-21 14:44:17 +00:00
"valid_from" : "2018-08-03T06:49:11Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Artifacts dropped"
}
] ,
"labels" : [
"misp:type=\"yara\"" ,
"misp:category=\"Artifacts dropped\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b63fb12-b55c-4d94-b9dd-4dc202de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-03T06:49:54.000Z" ,
"modified" : "2018-08-03T06:49:54.000Z" ,
"pattern" : "[import \"pe\"\r\n\r\nrule RMS_winspooldrv_dllhijack {\r\nmeta:\r\ndescription = \"winspool.drv malicious file used in RMS RAT\"\r\nhash = \"5a6efa2921d3174bb9808fa3a3400d13\" \r\nhash\r\n= \"bb188e1e92e2be8a1ff009fe22f58f7f\" \r\nversion = \"1.1\" \r\nstrings:\r\n$a1= \"Password.rcfg\" fullword\r\n$a2 = \"Password.rcfg\" wide fullword\r\n$b1= \"winspool.drv\" fullword\r\n$b2= \"killrms\" wide fullword\r\ncondition:\r\nuint16(0) == 0x5A4D\r\nand\r\nany of ($a*)\r\nand all of ($b*)\r\nand filesize < 100000 \r\n}]" ,
"pattern_type" : "yara" ,
2023-12-14 14:30:15 +00:00
"pattern_version" : "2.1" ,
2023-04-21 14:44:17 +00:00
"valid_from" : "2018-08-03T06:49:54Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Artifacts dropped"
}
] ,
"labels" : [
"misp:type=\"yara\"" ,
"misp:category=\"Artifacts dropped\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b63fb98-a0c0-42dd-910a-4ad602de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-03T06:52:08.000Z" ,
"modified" : "2018-08-03T06:52:08.000Z" ,
"description" : "Email addresses to which the malware sends messages" ,
"pattern" : "[email-message:to_refs[*].value = 'barinovbb2018@yandex.ru']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-08-03T06:52:08Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"email-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b63fb98-79a8-4232-9aed-470502de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-03T06:52:08.000Z" ,
"modified" : "2018-08-03T06:52:08.000Z" ,
"description" : "Email addresses to which the malware sends messages" ,
"pattern" : "[email-message:to_refs[*].value = 'drozd04m@gmail.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-08-03T06:52:08Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"email-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b63fb98-42f0-4c8a-956b-40f002de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-03T06:52:08.000Z" ,
"modified" : "2018-08-03T06:52:08.000Z" ,
"description" : "Email addresses to which the malware sends messages" ,
"pattern" : "[email-message:to_refs[*].value = 'barinovbb@yandex.ru']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-08-03T06:52:08Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"email-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b63fb98-23a8-48b4-b711-4e2802de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-03T06:52:08.000Z" ,
"modified" : "2018-08-03T06:52:08.000Z" ,
"description" : "Email addresses to which the malware sends messages" ,
"pattern" : "[email-message:to_refs[*].value = 'barinovbb101@yandex.ru']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-08-03T06:52:08Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"email-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b63fbff-76c4-4c00-a466-433802de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-03T06:53:51.000Z" ,
"modified" : "2018-08-03T06:53:51.000Z" ,
"description" : "The web resources listed below are not associated with any real - world organizations; the attackers chose some of the domain names to disguise their resources as the resources of well - known companies" ,
"pattern" : "[domain-name:value = 'rosatomgov.ru']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-08-03T06:53:51Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b63fbff-7078-4f05-a045-4d9502de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-03T06:53:51.000Z" ,
"modified" : "2018-08-03T06:53:51.000Z" ,
"description" : "The web resources listed below are not associated with any real - world organizations; the attackers chose some of the domain names to disguise their resources as the resources of well - known companies" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '81.177.141.15']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-08-03T06:53:51Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b63fc00-24f0-4eaa-a4ea-451f02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-03T06:53:52.000Z" ,
"modified" : "2018-08-03T06:53:52.000Z" ,
"description" : "The web resources listed below are not associated with any real - world organizations; the attackers chose some of the domain names to disguise their resources as the resources of well - known companies" ,
"pattern" : "[domain-name:value = 'micorsoft.info']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-08-03T06:53:52Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b63fc00-d590-4678-8fbb-4b0d02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-03T06:53:52.000Z" ,
"modified" : "2018-08-03T06:53:52.000Z" ,
"description" : "The web resources listed below are not associated with any real - world organizations; the attackers chose some of the domain names to disguise their resources as the resources of well - known companies" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '208.91.198.93']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-08-03T06:53:52Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b63fc01-0e4c-459d-9aa5-4b2802de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-03T06:53:53.000Z" ,
"modified" : "2018-08-03T06:53:53.000Z" ,
"description" : "The web resources listed below are not associated with any real - world organizations; the attackers chose some of the domain names to disguise their resources as the resources of well - known companies" ,
"pattern" : "[domain-name:value = 'buhuchetooo.ru']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-08-03T06:53:53Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b63fc01-36c8-42e1-b9bb-4f1d02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-03T06:53:53.000Z" ,
"modified" : "2018-08-03T06:53:53.000Z" ,
"description" : "The web resources listed below are not associated with any real - world organizations; the attackers chose some of the domain names to disguise their resources as the resources of well - known companies" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.51.247.125']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-08-03T06:53:53Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b63fc02-c7c4-4406-acbd-424302de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-03T06:53:54.000Z" ,
"modified" : "2018-08-03T06:53:54.000Z" ,
"description" : "The web resources listed below are not associated with any real - world organizations; the attackers chose some of the domain names to disguise their resources as the resources of well - known companies" ,
"pattern" : "[domain-name:value = 'barinovbb.had.su']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-08-03T06:53:54Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"hostname\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b63fc02-3994-454f-91a3-471e02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-03T06:53:54.000Z" ,
"modified" : "2018-08-03T06:53:54.000Z" ,
"description" : "The web resources listed below are not associated with any real - world organizations; the attackers chose some of the domain names to disguise their resources as the resources of well - known companies" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.51.247.169']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-08-03T06:53:54Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b63fc03-d9a4-487e-9f6a-434102de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-03T06:53:55.000Z" ,
"modified" : "2018-08-03T06:53:55.000Z" ,
"description" : "The web resources listed below are not associated with any real - world organizations; the attackers chose some of the domain names to disguise their resources as the resources of well - known companies" ,
"pattern" : "[domain-name:value = 'barinoh9.beget.tech']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-08-03T06:53:55Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"hostname\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b63fc03-23fc-4d52-ad37-4c3c02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-03T06:53:55.000Z" ,
"modified" : "2018-08-03T06:53:55.000Z" ,
"description" : "The web resources listed below are not associated with any real - world organizations; the attackers chose some of the domain names to disguise their resources as the resources of well - known companies" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '87.236.19.244']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-08-03T06:53:55Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b63fc04-be90-4410-b7a9-4d2302de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-03T06:53:56.000Z" ,
"modified" : "2018-08-03T06:53:56.000Z" ,
"description" : "The web resources listed below are not associated with any real - world organizations; the attackers chose some of the domain names to disguise their resources as the resources of well - known companies" ,
"pattern" : "[domain-name:value = 'papaninili.temp.swtest.ru']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-08-03T06:53:56Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b63fc04-ed58-450f-b839-41da02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-03T06:53:56.000Z" ,
"modified" : "2018-08-03T06:53:56.000Z" ,
"description" : "The web resources listed below are not associated with any real - world organizations; the attackers chose some of the domain names to disguise their resources as the resources of well - known companies" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '77.222.57.247']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-08-03T06:53:56Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b63fc04-6064-4772-a747-462602de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-03T06:53:56.000Z" ,
"modified" : "2018-08-03T06:53:56.000Z" ,
"description" : "The web resources listed below are not associated with any real - world organizations; the attackers chose some of the domain names to disguise their resources as the resources of well - known companies" ,
"pattern" : "[domain-name:value = 'mts2015stm.myjino.ru']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-08-03T06:53:56Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"hostname\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b63fc05-d124-4f85-b57d-42eb02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-03T06:53:57.000Z" ,
"modified" : "2018-08-03T06:53:57.000Z" ,
"description" : "The web resources listed below are not associated with any real - world organizations; the attackers chose some of the domain names to disguise their resources as the resources of well - known companies" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '81.177.135.151']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-08-03T06:53:57Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b63fc05-ed94-4549-adbc-45d502de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-03T06:53:57.000Z" ,
"modified" : "2018-08-03T06:53:57.000Z" ,
"description" : "The web resources listed below are not associated with any real - world organizations; the attackers chose some of the domain names to disguise their resources as the resources of well - known companies" ,
"pattern" : "[domain-name:value = 'document-buh.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-08-03T06:53:57Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b63fc06-97d0-4776-947b-435202de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-03T06:53:58.000Z" ,
"modified" : "2018-08-03T06:53:58.000Z" ,
"description" : "The web resources listed below are not associated with any real - world organizations; the attackers chose some of the domain names to disguise their resources as the resources of well - known companies" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '191.101.245.101']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-08-03T06:53:58Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b63fc97-9664-44ad-b08f-449d02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-03T06:56:23.000Z" ,
"modified" : "2018-08-03T06:56:23.000Z" ,
"description" : "AzoRult" ,
"pattern" : "[file:hashes.MD5 = '3463d4a1dea003b9904674f21904f04b']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-08-03T06:56:23Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b63fc97-0a8c-495d-bacc-484d02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-03T06:56:23.000Z" ,
"modified" : "2018-08-03T06:56:23.000Z" ,
"description" : "BabylonRAT" ,
"pattern" : "[file:hashes.MD5 = '075ff2fb2e33a319e56a8955fade154e']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-08-03T06:56:23Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b63fc98-824c-429d-acd0-463902de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-03T06:56:24.000Z" ,
"modified" : "2018-08-03T06:56:24.000Z" ,
"description" : "BabylonRAT" ,
"pattern" : "[file:hashes.MD5 = 'aa6797ec4d23a39f91ddd222a31ddd1e']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-08-03T06:56:24Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b63fc98-1bb4-4b68-9353-4cd302de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-03T06:56:24.000Z" ,
"modified" : "2018-08-03T06:56:24.000Z" ,
"description" : "Betabot" ,
"pattern" : "[file:hashes.MD5 = 'ba9747658aa8263b446bc29b99c0071f']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-08-03T06:56:24Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b63fc99-34ac-43a7-83aa-40c202de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-03T06:56:25.000Z" ,
"modified" : "2018-08-03T06:56:25.000Z" ,
"description" : "AzoRult" ,
"pattern" : "[file:hashes.MD5 = '61aecb3e037e01bc0ad1062e6ff557e6']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-08-03T06:56:25Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b63fc99-4c68-452a-a241-4e2602de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-03T06:56:25.000Z" ,
"modified" : "2018-08-03T06:56:25.000Z" ,
"description" : "AzoRult" ,
"pattern" : "[file:hashes.MD5 = '4fd16e0e8bf3ae4ff155e461b2eccb79']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-08-03T06:56:25Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b63fc99-1b1c-4342-abd2-4ee502de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-03T06:56:25.000Z" ,
"modified" : "2018-08-03T06:56:25.000Z" ,
"description" : "Betabot" ,
"pattern" : "[file:hashes.MD5 = 'db0954a2f9c95737d1e54a1f9cf01404']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-08-03T06:56:25Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b63fc9a-cf44-4116-be6e-40ec02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-03T06:56:26.000Z" ,
"modified" : "2018-08-03T06:56:26.000Z" ,
"description" : "Delphi Keylogger" ,
"pattern" : "[file:hashes.MD5 = 'ccb184bbb7d257f02e2f69790d33f3b6']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-08-03T06:56:26Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b63fc9a-922c-4066-9966-464b02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-03T06:56:26.000Z" ,
"modified" : "2018-08-03T06:56:26.000Z" ,
"description" : "BabylonRAT" ,
"pattern" : "[file:hashes.MD5 = '5f19025a2ac2afeb331d4a0971507131']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-08-03T06:56:26Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b63fc9b-f500-4352-acb2-49f802de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-03T06:56:27.000Z" ,
"modified" : "2018-08-03T06:56:27.000Z" ,
"description" : "Betabot" ,
"pattern" : "[file:hashes.MD5 = '579a5233fe9580e83fb20c2addb1a303']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-08-03T06:56:27Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b63fc9b-2dcc-4b46-92f2-456202de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-03T06:56:27.000Z" ,
"modified" : "2018-08-03T06:56:27.000Z" ,
"description" : "Hallaj PRO Rat" ,
"pattern" : "[file:hashes.MD5 = '567157989551a5c6926c375eb0652804']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-08-03T06:56:27Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b63fc9c-b8b0-4a56-ba31-4a0a02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-03T06:56:28.000Z" ,
"modified" : "2018-08-03T06:56:28.000Z" ,
"description" : "AzoRult" ,
"pattern" : "[file:hashes.MD5 = '5a610962baf6081eb809a9e460599871']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-08-03T06:56:28Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b63fd66-cdb8-4bc0-a818-470002de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-03T06:59:50.000Z" ,
"modified" : "2018-08-03T06:59:50.000Z" ,
"description" : "\u00d0\u017e\u00d1\u201a\u00d1\u20ac\u00d0\u00b0\u00d1\u0081\u00d0\u00bb\u00d0\u00b5\u00d0\u00b2\u00d0\u00b0\u00d1\u008f \u00d0\u00bf\u00d1\u20ac\u00d0\u00be\u00d0\u00b3\u00d1\u20ac\u00d0\u00b0\u00d0\u00bc\u00d0\u00bc\u00d0\u00b0 \u00d0\u00b7\u00d0\u00b0\u00d0\u00ba\u00d1\u0192\u00d0\u00bf\u00d0\u00be\u00d0\u00ba \u00d0\u0178\u00d0\u0090\u00d0\u017e \u00d0\u00a0\u00d0\u017e\u00d0\u00a1\u00d0\u0090\u00d0\u00a2\u00d0\u017e\u00d0\u0153.exe" ,
"pattern" : "[file:hashes.MD5 = '34a1e9fcc84adc4ab2ec364845f64220']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-08-03T06:59:50Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b63fd67-eefc-4c2f-9ce5-49a102de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-03T06:59:51.000Z" ,
"modified" : "2018-08-03T06:59:51.000Z" ,
"description" : "\u00d0\u017e\u00d1\u201a\u00d1\u20ac\u00d0\u00b0\u00d1\u0081\u00d0\u00bb\u00d0\u00b5\u00d0\u00b2\u00d0\u00b0\u00d1\u008f \u00d0\u00bf\u00d1\u20ac\u00d0\u00be\u00d0\u00b3\u00d1\u20ac\u00d0\u00b0\u00d0\u00bc\u00d0\u00bc\u00d0\u00b0 \u00d0\u00b7\u00d0\u00b0\u00d0\u00ba\u00d1\u0192\u00d0\u00bf\u00d0\u00be\u00d0\u00ba \u00d0\u0178\u00d0\u0090\u00d0\u017e \u00d0\u00a0\u00d0\u017e\u00d0\u00a1\u00d0\u0090\u00d0\u00a2\u00d0\u017e\u00d0\u0153 (\u00d0\u00ba\u00d0\u00be\u00d0\u00b4 917815).rar" ,
"pattern" : "[file:hashes.MD5 = '59e172ec7d73a5c41d4dbb218ca1af66']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-08-03T06:59:51Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b63fd67-2da4-4702-9b89-4d4402de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-03T06:59:51.000Z" ,
"modified" : "2018-08-03T06:59:51.000Z" ,
"description" : "OPLATA REESTR skrin dogovor.doc.com doc.pdf.oplat 27.12.2017.rar 1\u00d1\u0081 \u00d0\u00bf\u00d0\u00bf.pdf" ,
"pattern" : "[file:hashes.MD5 = 'ddcd67b7b83e73426b4d35881789e7dc']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-08-03T06:59:51Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b63fd67-b584-4a05-8b22-480702de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-03T06:59:51.000Z" ,
"modified" : "2018-08-03T06:59:51.000Z" ,
"description" : "(No 444.pdf.com" ,
"pattern" : "[file:hashes.MD5 = '2374c93efbe32199b177eb12f96b6166']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-08-03T06:59:51Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b63fd68-a048-457f-bd35-437202de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-03T06:59:52.000Z" ,
"modified" : "2018-08-03T06:59:52.000Z" ,
"description" : "\u00d0\u00bd\u00d0\u00be\u00d0\u00b2\u00d1\u2039\u00d0\u00b9 \u00d1\u201a\u00d0\u00b5\u00d0\u00ba\u00d1\u0081\u00d1\u201a\u00d0\u00be\u00d0\u00b2\u00d1\u2039\u00d0\u00b9.txt.com - oplata022018rm.rar" ,
"pattern" : "[file:hashes.MD5 = 'c531c45b08b692d84cf0699ef92f0134']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-08-03T06:59:52Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b63fd68-63cc-4a17-b1b6-403002de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-03T06:59:52.000Z" ,
"modified" : "2018-08-03T06:59:52.000Z" ,
"description" : "oplata 1\u00d1\u0081_2 scan.pdf.com - reestr oplat 1c \u00d0\u00be\u00d1\u201a 01.12.2017.rar" ,
"pattern" : "[file:hashes.MD5 = 'e5562389a49680c25e67b750b2c368eb']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-08-03T06:59:52Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b63fd69-6dc4-4a45-9a9c-4d4102de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-03T06:59:53.000Z" ,
"modified" : "2018-08-03T06:59:53.000Z" ,
"description" : "1C tshetim.rar" ,
"pattern" : "[file:hashes.MD5 = '3a636038a3d893e441f25696bcbf2c73']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-08-03T06:59:53Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b63fd69-3470-4837-89db-49bc02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-03T06:59:53.000Z" ,
"modified" : "2018-08-03T06:59:53.000Z" ,
"description" : "1C kopiya No5.pdf.scr" ,
"pattern" : "[file:hashes.MD5 = 'f9b14393b995a655e72731c8b6ce78fd']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-08-03T06:59:53Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b63fd6a-0fbc-47b7-aad6-471102de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-03T06:59:54.000Z" ,
"modified" : "2018-08-03T06:59:54.000Z" ,
"description" : "WinRAR pp.rar" ,
"pattern" : "[file:hashes.MD5 = '6e10bc85be5d330e9aed5b5c87ccee38']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-08-03T06:59:54Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b63fd6a-b0c4-4cd1-9769-46ea02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-03T06:59:54.000Z" ,
"modified" : "2018-08-03T06:59:54.000Z" ,
"description" : "kopiya WinRAR.docx.scr" ,
"pattern" : "[file:hashes.MD5 = 'f8ec2d059d937723becd92eae050a097']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-08-03T06:59:54Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b63fd6a-9b48-4aa5-9970-4b8b02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-03T06:59:54.000Z" ,
"modified" : "2018-08-03T06:59:54.000Z" ,
"description" : "act sverki 09.10.2017 crbarin.pdf.com" ,
"pattern" : "[file:hashes.MD5 = '21089b34d8f9cb7910f521e30aa55908']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-08-03T06:59:54Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--5b63fdfa-9d30-4d83-9783-40d402de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-03T07:02:18.000Z" ,
"modified" : "2018-08-03T07:02:18.000Z" ,
"first_observed" : "2018-08-03T07:02:18Z" ,
"last_observed" : "2018-08-03T07:02:18Z" ,
"number_observed" : 1 ,
"object_refs" : [
"file--5b63fdfa-9d30-4d83-9783-40d402de0b81" ,
"artifact--5b63fdfa-9d30-4d83-9783-40d402de0b81"
] ,
"labels" : [
"misp:type=\"attachment\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "file" ,
"spec_version" : "2.1" ,
"id" : "file--5b63fdfa-9d30-4d83-9783-40d402de0b81" ,
"name" : "TV_RMS_IoC_eng.pdf" ,
"content_ref" : "artifact--5b63fdfa-9d30-4d83-9783-40d402de0b81"
} ,
{
"type" : "artifact" ,
"spec_version" : "2.1" ,
"id" : "artifact--5b63fdfa-9d30-4d83-9783-40d402de0b81" ,
"payload_bin" : " J V B E R i 0 x L j U N C i W 1 t b W 1 D Q o x I D A g b 2 J q D Q o 8 P C 9 U e X B l L 0 N h d G F s b 2 c v U G F n Z X M g M i A w I F I v T G F u Z y h y d S 1 S V S k g P j 4 N C m V u Z G 9 i a g 0 K M i A w I G 9 i a g 0 K P D w v V H l w Z S 9 Q Y W d l c y 9 D b 3 V u d C A 1 L 0 t p Z H N b I D M g M C B S I D I z I D A g U i A y N S A w I F I g M j c g M C B S I D M z I D A g U l 0 g P j 4 N C m V u Z G 9 i a g 0 K M y A w I G 9 i a g 0 K P D w v V H l w Z S 9 Q Y W d l L 1 B h c m V u d C A y I D A g U i 9 S Z X N v d X J j Z X M 8 P C 9 G b 250 P D w v R j E g N S A w I F I v R j I g O S A w I F I v R j M g M T Q g M C B S L 0 Y 0 I D E 2 I D A g U i 9 G N S A x O C A w I F I + P i 9 F e H R H U 3 R h d G U 8 P C 9 H U z c g N y A w I F I v R 1 M 4 I D g g M C B S P j 4 v U H J v Y 1 N l d F s v U E R G L 1 R l e H Q v S W 1 h Z 2 V C L 0 l t Y W d l Q y 9 J b W F n Z U l d I D 4 + L 0 1 l Z G l h Q m 94 W y A w I D A g N T k 1 L j M y I D g 0 M S 45 M l 0 g L 0 N v b n R l b n R z I D Q g M C B S L 0 d y b 3 V w P D w v V H l w Z S 9 H c m 91 c C 9 T L 1 R y Y W 5 z c G F y Z W 5 j e S 9 D U y 9 E Z X Z p Y 2 V S R 0 I + P i 9 U Y W J z L 1 M + P g 0 K Z W 5 k b 2 J q D Q o 0 I D A g b 2 J q D Q o 8 P C 9 G a W x 0 Z X I v R m x h d G V E Z W N v Z G U v T G V u Z 3 R o I D U 2 M D I + P g 0 K c 3 R y Z W F t D Q p 4 n N 1 d W W 8 k N 5 J + b 6 D / Q 70 M o B p A O T y T m Y A h o F S S B r t z 2 T 0 N + M H e B 1 W V 1 B b c U m k k e W Z 6 f / 1 G 8 E p m J Y N 5 a J 7 W h k t 5 R A a D Q c Y X E b x 8 + f n j h z / c 8 J V Q q 8 / 3 H z / w F Y N / + U r W K 2 P q i s H T R y D 449 / N 6 s v r x w / w s l L C w K + U c v X y x b 5 q M q 8 + / f H j h 5 / O N s / P d 0 + H h 38 D w / X / r D 7 / 98 c P 11 D c p S 1 S n B b J t a p M W u p P 3 z F 2 K S 5 O P x z I y u u m M q r 35 d l p e Z H W q A H t f 4 G I + 9 u 348 v r 6 n i / 2 h 4 f n 1 + O a 3 X 2 + P C 6 P h d n d w Q n J V W l D F 3 q P z 5 + + C G I L F d c D N S r e a X d h 6 g 6 A R S s 4 j W 3 W u 0 / c c r M M 0 85 S l n V t R f l 5 o j C f z 3 c r c / 1 G d R s / w J V g h t 5 d o s / b + v G 3 R 3 w Z w V 3 O 7 z 4 t u b s b P W G l 7 / g z 114 + 7 g + r 92 X X / + 15 s p d v l C 6 E U x V 3 P Q F o n S j V p x b D Z 6 o h z e d e q x G r B J + t / l + f a 7 O v g e R r j Y o w + e 1 P t v 8 j p C j l Z U G 1 g m v n 85 + / p k i N p W q T 4 g / o T 6 O t 48 P o L y n L 1 S f k n U l x M R S u I I 2 b f r E f 8 W m + r z m 9 d m f 1 / X Z c X 8 L p X 2 F / z b P W M P n K 3 y N z 95 u K X 1 z W Y m 2 z 3 S 8 u z B Z s d A 6 y / S a c h j V a 0 o 8 S 6 + T S g l 6 T Y m d N t e c n w W N X t 2 + Q b 3 w z u u c Y N b q q t Z 9 Z q P 6 r B s D + P U O d a Y M x r S Z 0 s 5 R 5 q Q y v C 5 T W q q L B o U W 9 Z g y m g O R d a 0 r 2 c y A y L + s P b x 9 R V 3 s H 46 / I f q 9 r m 7 x z 9 v b 2 k P Y / h e 4 s o h m 8e0 J 7 t 5 e S Y + h G + w E i S y 5 S s A v K h g a B n R n z E q A M 1 M A b S 3 + v t x 9 / P D j 71 d P p 2 S N I 9 M D M h o Z u R K V x M / b q r X C g N J e 0 O e C 95 S r f / X B 8 g b U 8 e A b 6 g 7 b b v W 0 5 g 3 o A A D 80 T q A r h q D O i w R r o E P 6 o n C r Q a F / x A u R M v R f Q R V K l O 1 J q f K l K 6 h 6 G h x F X g p 3 U 4 U 9 y 9 o y m v B z v R A 7 v e K I X R l + D u 1 Z m k k M M K e y t D S I R p r 3 A 8 K c f / 78 d e u 7 d 1 r 3 / Y 9 A t G y q m 5 T B o z x U x K n C s / E q a J H o W V b c d V n o m a T + K o 4 j d s 3 n b 5 T U T s C F L V P E 4 p J a d Q J T W c S g l W N H j d r J K v L l q N z f Y B X + D H 0 g O Y 0 5 P m O i c s r J s X N x b n 4 D v 5 u m W T w n 8 B n 8 k L B I 15 f a P j D b u w d 29 o / i u M f B v d S b N x n o g F a F l h c S O S m L b H / 4 z 613 / D N x b l 2 j 7 i l 4 E x K 7 k X Y O F 7 w D G n F 5 c 1 F C 1 J u l J U U H l 0 0 c L t l 9 l Z s u X u 1 t c L a R 5 e b C 86 A k W 4 u z u E Z 59 d Y A b 6 t b Z l 4 S + D S B O 3 m L E w Y U 0 H z 5 / U 7 B Y h 8448 C k Z d v L g K I t o a k i Z J P o o 9 S + L N Z t 2 c c L 64 x p m n x C i F + u w U X 3 D g q c 7 a 5 w q v t m o e P L g U 8 v d 5 K + L g O R J F a B y Y 13 F h 6 p B Z 4 w U i g W 1 h N B c 3 Q U t 2 c b I b O 1 G U H W m j N J 7 h l C R L Y S k k S O J A 94 O o T R R i X K X S l N A l m y B 4 y 9 Q R y E j s t F c C p I 6 D B K a U h w U l D f K V i z C F F 1 b Q 6 h 0 4 p n U a 6 l s 2 B J 85 C N P z / H Z 4 C l T T X F q E s f y u f u u D S y j C A q B / m K j p r I q h o D X C g 24 G B W H v n Y J 0 G L x q 4 s F i g 4 e L n N W Y b F c S x L 7 c v R F C 3 W C b I T m p B S j W O n q F g Z 1 G 53 k k R T p U w 4 C e k a 5 I P J L Q Q 17 r R D N 0 p U I Q n k C A K 9 + g A E G k v p B s n U e 5 b S 6 C C v g 8 K v j n s 4 H Y H 5 C I 0 i k V U S I u 0 o 8 K P 76E9 E F Z r C k g X V 1 j V j U X S f I V H k B Q g R T Z F K H U U I 1 j a s S m B q W d V R t O U F Q W n X l d W 7 E R T i U Q J B X 5 + Q u T L 6 h G p U 6 L O W G p T 6 f F w L y W b E 5 A 4 M z d 1 V Z t B 6 / 3 t + z 9 j t r r 5 v E E n v / p 0 j Z m 3 d f h / D w M J n 3 B E 7 h X v f k W 7 f 3 n A D v q 0 s r 3 z C K + + H P H B P 4 H y + I I P K 6 Q 6 H P f Q X + 3 l / o j s H i m g W F g p w X X F W q p a E 3 B C G M y D f F / R b S W a P E w U 6 U Z R Q m u Q T w 7 k u 7 K j b N s r 1 J w N k y w Q X G I Y 5 a 4 a 0 J 7 F h W s D N i 1 D A G U B o I 60 N o S 6 s q Q + u G o C O P S g u 42 c r r Y k P C y s q G q g e w m q o m V 0 0E1 d t W 0 J H T x F G R 0 S N g V 0 C K y K 6 N B j R a K D 67 N 0 s J U Q k M F W j 4 Y O t k D a W i b Q I E U W G h I y P S A b g 4 Z 804 E J V + B X n g / Q b e 6 d x 4 e f I w 7 / P X 9 F 1 / O 2 E t i L s V t h M M B D P G / p 8 I L 1 O q I N G N a N d V Z k 2 L C w H j g p I + q F n R A a g p n Y C U 3 b n o 5 S e I q u E / Z o k j Z n J u 2 E P a q k 1 Z l J + 1 e / P C e R 0 0 K h f 3 U E d P 9 K a e j + 5 a 1 + r H 8 l Z F S 7 k K G 8 B h 5 m E D h A n H t 9 d X F u A + + r J D b f 2 F g c k v U a k v O m h Q R 9 c 2 H g U j R E n j 5 F t l y f a S A 2 F J R 0 Y 30 G l M t 1 E b g c x Q h w d W x y w J W 0 J N d j m O S 0 U O g z H Q H d Z 1 I a u s 8 w g z 53 N F x J y G a P T m k O r T K I / 5 M c 6 b K 2 e R H n c H 3 D X D + C v y a 5 z f Y h + 3 E c C g J N m C v L h B t N 9 a 8 J 9 c h i E l c W k 7 I 1 m R K h + H L H x o H K d O M R S l 4 + 4 T I T j 90 q j v K 0 M W O 5 x o G c y 2 t 8 K A P 0 c 5 f 9 + I j j k t s U x / O 4 t i E L j 9 k Q f t 7 a h A V J a z v a 5 O / o H G Z h X R V O x M 9 t i s 6 w h C y 6 B 0 c x 4 h 46 N j n 3 k A R h I h 0 P y v q Q l B X p Q 5 y m A h 7 o e i B Q R + D x I K E J J a U 0 6 o Q m G o j C C b f x 9 C U l m 40 H C j p r M 4 j z 0 X f U 3 o c 0 O O j D p N w y y b c O G 3 D U F 4 e K k n E h O 7 R i R 5 D w E / c p u 3 H D O v 5 T i w 4 I H O 3 G P o 8 j x e 0 G 3 y F q W N a A H A X U m F L b L G p o g / M Q + f p O Q A 0 F A U Y T e x A 0 o 6 y z q F G m G 0 U N h X H y 0 G t u t Q y R 4 F a B R d u c 5 J L B V R O t v I 0 I c G W f + 5 H g 7 Q 18 y Z z 1 e / x o P c x w l X x k b 2 N k 6 T M j A i 6 W V l I Z j b M 0 R C V H 8 A J s h r d F v H A U I 3 j R s S n h h W d V x o u U F Y U X v r / S 8 U N C Q M Y P P R o y f g i t M o Y X C d n s 4 Q 5 l o O n 0 o O m O P n O 5 D d l J M v / g v R d 2 y J d H 6 I s 2 j a F H O J e K x y U D V 0 T I V + 5 a q F 5 h S l G n p y h H n Q m b Q t T Z o 6 K i T q + E Q q / p C O h e k 9 L Q v Q b 7 O B / v N Q n Z f C 8 D 4 M s G + a O H e o w j 6 x v G m b j w 3 g A v j Z 8 j w F x G u 1 x G G j / j e H 1 t H Q y + 5 y 1 z T g V D T v i M 47 W p r b N R / 4 E g d U q 18 + 5 G V b o h K j 7 F 3 U A s 0 t Y p w r Z 5 d y M s Q U L X z I p S s X 5 s 6 A 9 x R F 27 e Q n v O G L c 2 k Q P Y l e g q B C Z 1 s H I W R x t F 5 E D 8 q t D w L r z 0 a t 2 + O C f i P i Z D G U 24 d M d 6 Y i W V l 8 Z g Y v s i O q P w A X Y l d Q l T + Q p y p 4 o Y V P w R I F V 0 R P 1 W J G e y H X l A q Z 0 B D S m p D Q 0 p v j e 22 G K y W K K b 73 O u O o 5 o C I N j l Q P Q a X Z 4 u o D u w I B 7 b 51 a a s F l m b r U M P h j s O B 2 k 5 p I n g o R 2 V j X N G N o y B S u H G U B u c g Q + i L Z H h 7 v X X h L l C b D l 7 C r c c q n z T H W / j I J C M 1 N z L 91 t a A C f x L w d I U z e U X d 9 W
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--76d54bf8-8a5c-4d15-99a5-60099d75f33c" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-03T07:04:29.000Z" ,
"modified" : "2018-08-03T07:04:29.000Z" ,
"pattern" : "[file:hashes.MD5 = 'f8ec2d059d937723becd92eae050a097' AND file:hashes.SHA1 = '3ac6e16b8c127575cfc73bc94e519fc3a58fa7b5' AND file:hashes.SHA256 = 'b785a79bb13d88e0ba3b704d626d4ee66070ca4ddfab095315bc3d75e4783d72']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-08-03T07:04:29Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--85c6f32f-13fd-45fc-b553-04eea230334d" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-03T07:04:28.000Z" ,
"modified" : "2018-08-03T07:04:28.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2018-05-16T08:12:04" ,
"category" : "Other" ,
"uuid" : "610f905b-3e22-476b-b85d-fa2950cd9e9f"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/b785a79bb13d88e0ba3b704d626d4ee66070ca4ddfab095315bc3d75e4783d72/analysis/1526458324/" ,
"category" : "External analysis" ,
"uuid" : "04078969-96c3-4849-b011-4443f045c926"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "15/66" ,
"category" : "Other" ,
"uuid" : "ffd3d4b5-ffc4-47f1-b6fb-29115afa07ae"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--8fbcce78-3cbc-4071-b67d-dfe531d27c00" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-03T07:04:32.000Z" ,
"modified" : "2018-08-03T07:04:32.000Z" ,
"pattern" : "[file:hashes.MD5 = '6e10bc85be5d330e9aed5b5c87ccee38' AND file:hashes.SHA1 = '63d796f57f7e72ac85766034320ef01863f4a22e' AND file:hashes.SHA256 = '31553b0529512139e1cb22feb71885a6fb9b3dcc55418f874dd64162e5bb2557']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-08-03T07:04:32Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--19c2defe-70e2-4b45-9834-a0d0c63c4611" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-03T07:04:31.000Z" ,
"modified" : "2018-08-03T07:04:31.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2018-07-09T11:24:58" ,
"category" : "Other" ,
"uuid" : "c186b0ec-baf5-41f5-9fe1-abf706268da3"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/31553b0529512139e1cb22feb71885a6fb9b3dcc55418f874dd64162e5bb2557/analysis/1531135498/" ,
"category" : "External analysis" ,
"uuid" : "c8b29c08-2711-4f6c-bef9-e7e4d4c29548"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "20/61" ,
"category" : "Other" ,
"uuid" : "e873be03-a3dd-417a-8531-219d41271e1d"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--18222cee-2ac0-47a1-8791-6744df043aad" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-03T07:04:35.000Z" ,
"modified" : "2018-08-03T07:04:35.000Z" ,
"pattern" : "[file:hashes.MD5 = '3463d4a1dea003b9904674f21904f04b' AND file:hashes.SHA1 = 'ea09ca011157ff09743e07f2273291c91e81e925' AND file:hashes.SHA256 = 'd89168411b7d7bfa9fb402978c553d88ff50bcbbbb10c06a15cbbe6b48ab852f']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-08-03T07:04:35Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--89416cc5-db81-4f92-9523-398c9f71e800" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-03T07:04:33.000Z" ,
"modified" : "2018-08-03T07:04:33.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2018-07-28T21:30:50" ,
"category" : "Other" ,
"uuid" : "38fe2f48-7f55-46b6-8a8b-9be8a5c6ea62"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/d89168411b7d7bfa9fb402978c553d88ff50bcbbbb10c06a15cbbe6b48ab852f/analysis/1532813450/" ,
"category" : "External analysis" ,
"uuid" : "ef4a3a56-dbdb-45f2-a922-fcf3954be4ce"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "51/68" ,
"category" : "Other" ,
"uuid" : "0434626c-bef4-45f0-97b3-921d7637fb62"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--0e9b4bd9-14db-4902-9991-a206bcacc6f1" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-03T07:04:37.000Z" ,
"modified" : "2018-08-03T07:04:37.000Z" ,
"pattern" : "[file:hashes.MD5 = 'ba9747658aa8263b446bc29b99c0071f' AND file:hashes.SHA1 = 'a67eeb92cee5691eb022b0583c33684f3a893e48' AND file:hashes.SHA256 = 'dbd77affbcef98e8814411a7fb713254f06c21fe5fe7697e75824c60a7ebcbcd']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-08-03T07:04:37Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--b0a6a50d-3304-4eaf-9802-eb197d2ad89d" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-03T07:04:36.000Z" ,
"modified" : "2018-08-03T07:04:36.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2018-07-20T21:20:18" ,
"category" : "Other" ,
"uuid" : "2fdc44f1-fb8a-4844-9997-79a94b8e0b8b"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/dbd77affbcef98e8814411a7fb713254f06c21fe5fe7697e75824c60a7ebcbcd/analysis/1532121618/" ,
"category" : "External analysis" ,
"uuid" : "e0252f8c-f6bf-4562-afdf-649685561b34"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "49/68" ,
"category" : "Other" ,
"uuid" : "4d5f0a98-9bed-4300-8c25-064eae706677"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--d4cb5445-b513-432b-97e4-b95f612ab3d4" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-03T07:04:40.000Z" ,
"modified" : "2018-08-03T07:04:40.000Z" ,
"pattern" : "[file:hashes.MD5 = '2374c93efbe32199b177eb12f96b6166' AND file:hashes.SHA1 = 'ca948caa972a756d57260a2bd3f0b3bc7c8cf5da' AND file:hashes.SHA256 = '50833fa57ef4bbb0d8f516df8d7b8419df1d81bd1166f2c6846590d5f6c45c41']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-08-03T07:04:40Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--2b6f9fe6-6e77-420e-ad70-57285e0091df" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-03T07:04:39.000Z" ,
"modified" : "2018-08-03T07:04:39.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2018-01-26T15:44:18" ,
"category" : "Other" ,
"uuid" : "c339bb60-e470-4bac-bd9d-27485a79a6c0"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/50833fa57ef4bbb0d8f516df8d7b8419df1d81bd1166f2c6846590d5f6c45c41/analysis/1516981458/" ,
"category" : "External analysis" ,
"uuid" : "d656dce0-c353-44d4-963d-c38b1d4ebd2d"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "23/65" ,
"category" : "Other" ,
"uuid" : "f77f523a-23dd-4882-bc54-3180141cca05"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--7c801ac7-ea1e-463d-91c4-d0cbd23b3109" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-03T07:04:43.000Z" ,
"modified" : "2018-08-03T07:04:43.000Z" ,
"pattern" : "[file:hashes.MD5 = '579a5233fe9580e83fb20c2addb1a303' AND file:hashes.SHA1 = '713d542f516b7ec679f7d3a4090a7d9e07e137ef' AND file:hashes.SHA256 = '8250a6d411738754452284f21e7db1cb3228bcd128a7867023d19509aedbc18b']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-08-03T07:04:43Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--f3f2eb44-2a5c-4d1c-b9bd-1edfe18dfc2d" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-03T07:04:42.000Z" ,
"modified" : "2018-08-03T07:04:42.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2017-11-18T02:11:25" ,
"category" : "Other" ,
"uuid" : "6ea8c0c4-cd43-48de-b920-40a6206e20a2"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/8250a6d411738754452284f21e7db1cb3228bcd128a7867023d19509aedbc18b/analysis/1510971085/" ,
"category" : "External analysis" ,
"uuid" : "734c6a95-e688-431b-b864-a2309cc8c1ea"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "53/67" ,
"category" : "Other" ,
"uuid" : "863452d8-d122-4270-aa19-d3cc9cc82be3"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--7afe7225-8811-485e-8937-ab7bad8e74f0" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-03T07:04:46.000Z" ,
"modified" : "2018-08-03T07:04:46.000Z" ,
"pattern" : "[file:hashes.MD5 = '3a636038a3d893e441f25696bcbf2c73' AND file:hashes.SHA1 = 'b331c97c29abde694cde08850ec0dae039f2101b' AND file:hashes.SHA256 = '267f7279400b61335e940b1312026dbd6e3cdc900efe0d8ba88ffd470030cfa2']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-08-03T07:04:46Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--7d927d9b-6bc5-4668-9595-b58885c9cc0b" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-03T07:04:44.000Z" ,
"modified" : "2018-08-03T07:04:44.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2018-05-30T00:06:21" ,
"category" : "Other" ,
"uuid" : "f7afa361-998b-4276-9212-d7781cb0d73e"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/267f7279400b61335e940b1312026dbd6e3cdc900efe0d8ba88ffd470030cfa2/analysis/1527638781/" ,
"category" : "External analysis" ,
"uuid" : "87df4eca-62ab-41ee-adbe-0d6c6e819db1"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "30/60" ,
"category" : "Other" ,
"uuid" : "e2d8429a-4bae-4223-96cc-02a05cf8d5e4"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--294d1429-59cd-4ad7-95d9-fc5b3661475a" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-03T07:04:48.000Z" ,
"modified" : "2018-08-03T07:04:48.000Z" ,
"pattern" : "[file:hashes.MD5 = '4fd16e0e8bf3ae4ff155e461b2eccb79' AND file:hashes.SHA1 = '19eae97bb8ceac18bb02bcd3450458ed0e59c406' AND file:hashes.SHA256 = '863ee32ff078261823874c12e38e8b76d0cd5bfc6d0edaad010db9d618136c4c']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-08-03T07:04:48Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--240a9164-aac0-4a1d-9f8c-ac58688889dd" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-03T07:04:47.000Z" ,
"modified" : "2018-08-03T07:04:47.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2018-07-23T00:12:21" ,
"category" : "Other" ,
"uuid" : "5697742a-38ef-4e5f-8b5b-c4f1264b5c50"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/863ee32ff078261823874c12e38e8b76d0cd5bfc6d0edaad010db9d618136c4c/analysis/1532304741/" ,
"category" : "External analysis" ,
"uuid" : "31aab7a7-f01b-4d9a-b9dd-09c8c2e7b0b9"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "53/68" ,
"category" : "Other" ,
"uuid" : "8a7c447f-f278-4541-bca7-37bef818c827"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--0bf17bb7-e694-4e30-ae93-44dad8b167dc" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-03T07:04:51.000Z" ,
"modified" : "2018-08-03T07:04:51.000Z" ,
"pattern" : "[file:hashes.MD5 = '61aecb3e037e01bc0ad1062e6ff557e6' AND file:hashes.SHA1 = '9bbd38502f32dccf4ec8f5c6b0a52a96f2b7825b' AND file:hashes.SHA256 = 'ec6c35822895fd3f431d4b56552fbcdfff6a336dfd8fb086688a50f354edab54']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-08-03T07:04:51Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--f600d536-ac39-4588-9ff8-63621d6d372b" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-03T07:04:50.000Z" ,
"modified" : "2018-08-03T07:04:50.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2017-11-17T07:51:06" ,
"category" : "Other" ,
"uuid" : "48756df7-573d-42ac-85cd-8fe3c5788ee6"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/ec6c35822895fd3f431d4b56552fbcdfff6a336dfd8fb086688a50f354edab54/analysis/1510905066/" ,
"category" : "External analysis" ,
"uuid" : "282bfdc9-157e-4210-bb84-0a1777506956"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "40/61" ,
"category" : "Other" ,
"uuid" : "43993ef1-d625-4106-82d4-d6118f0c4cfd"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--95ac7141-73a2-4887-a57b-703e4ae18c8f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-03T07:04:54.000Z" ,
"modified" : "2018-08-03T07:04:54.000Z" ,
"pattern" : "[file:hashes.MD5 = 'ddcd67b7b83e73426b4d35881789e7dc' AND file:hashes.SHA1 = 'bf3eac9a7808d3ee75e8018397cde1d8d6628b43' AND file:hashes.SHA256 = 'cd6d64e96821f0d1e3e19e0da8403298e69dbcb5c0f44c83d04ca2d0e2ae80a1']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-08-03T07:04:54Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--8afbb632-1a98-404c-bde5-89b01c882fda" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-03T07:04:53.000Z" ,
"modified" : "2018-08-03T07:04:53.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2018-01-08T11:15:14" ,
"category" : "Other" ,
"uuid" : "463f05bc-f341-41db-85db-1bb6014384bc"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/cd6d64e96821f0d1e3e19e0da8403298e69dbcb5c0f44c83d04ca2d0e2ae80a1/analysis/1515410114/" ,
"category" : "External analysis" ,
"uuid" : "7a4b99ac-2a67-44e8-88a7-10beb23f0bb3"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "25/66" ,
"category" : "Other" ,
"uuid" : "920a9729-3f24-4669-a705-32bb7a85aac1"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--1b004d6a-4eaa-4144-80db-7ddfed3e1672" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-03T07:04:58.000Z" ,
"modified" : "2018-08-03T07:04:58.000Z" ,
"pattern" : "[file:hashes.MD5 = 'db0954a2f9c95737d1e54a1f9cf01404' AND file:hashes.SHA1 = '4533f0c5b799f92fcecda88bf2c94b16eb554878' AND file:hashes.SHA256 = 'dfb34ac6b3a5242a7c35e074bd1348e24f4e31b58bd6e901a639838524d0760b']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-08-03T07:04:58Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--1f8e9d51-4bc9-466f-ad49-357294ada4d8" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-03T07:04:56.000Z" ,
"modified" : "2018-08-03T07:04:56.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2017-11-14T18:51:32" ,
"category" : "Other" ,
"uuid" : "00e0002d-aad3-4985-8589-b123f93e726d"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/dfb34ac6b3a5242a7c35e074bd1348e24f4e31b58bd6e901a639838524d0760b/analysis/1510685492/" ,
"category" : "External analysis" ,
"uuid" : "ae882f60-63c1-4df4-bd99-5b54ba427c6a"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "35/60" ,
"category" : "Other" ,
"uuid" : "b29f8bde-8a2d-4d09-9b0c-c270df68e58f"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--764f0fcd-1ab1-4784-8f89-476df01f9e82" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-03T07:05:00.000Z" ,
"modified" : "2018-08-03T07:05:00.000Z" ,
"pattern" : "[file:hashes.MD5 = '075ff2fb2e33a319e56a8955fade154e' AND file:hashes.SHA1 = 'ec11b96059609d9e253b5ec977a2bc358f82db44' AND file:hashes.SHA256 = '1de36f02cfb965b411465afe6299d4e6696a3bdc8b4f41417847da1ee7edc52e']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-08-03T07:05:00Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--4d24cad3-2421-48ad-9b73-2624715cd5dd" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-03T07:04:59.000Z" ,
"modified" : "2018-08-03T07:04:59.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2017-11-21T09:17:59" ,
"category" : "Other" ,
"uuid" : "9f65d903-d08d-4947-9754-6f9a1c667fd4"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/1de36f02cfb965b411465afe6299d4e6696a3bdc8b4f41417847da1ee7edc52e/analysis/1511255879/" ,
"category" : "External analysis" ,
"uuid" : "0089de46-5fe9-4655-9b15-ccc24ce0d162"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "50/68" ,
"category" : "Other" ,
"uuid" : "0a1f957d-dbb3-4f70-bfa6-3bdce0a9309a"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--d5094d86-5aa2-4930-be67-590b666faf24" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-03T07:05:03.000Z" ,
"modified" : "2018-08-03T07:05:03.000Z" ,
"pattern" : "[file:hashes.MD5 = '567157989551a5c6926c375eb0652804' AND file:hashes.SHA1 = 'e9d03f2e60ba16636291bf1e75ed088caf9c0e23' AND file:hashes.SHA256 = 'c3fd90b9152952b04e9b991710f31e235f41027c32fcc90a1809bd80e1326d46']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-08-03T07:05:03Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--68f98b66-dfff-4879-a93e-23798294887a" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-03T07:05:04.000Z" ,
"modified" : "2018-08-03T07:05:04.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2018-07-22T16:30:27" ,
"category" : "Other" ,
"uuid" : "ef1c04a8-d4b6-4ea6-b2ea-52902c39abee"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/c3fd90b9152952b04e9b991710f31e235f41027c32fcc90a1809bd80e1326d46/analysis/1532277027/" ,
"category" : "External analysis" ,
"uuid" : "211bf203-36e3-42c8-9ff8-3f8c7de10da2"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "59/68" ,
"category" : "Other" ,
"uuid" : "1e55e3b2-8535-47ce-83e0-db826ea05c79"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--52674802-1516-419a-bc3b-01dae5b5746f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-03T07:05:08.000Z" ,
"modified" : "2018-08-03T07:05:08.000Z" ,
"pattern" : "[file:hashes.MD5 = 'aa6797ec4d23a39f91ddd222a31ddd1e' AND file:hashes.SHA1 = '3d38d65a1306d9d85514585c8b01f347c1067a79' AND file:hashes.SHA256 = '7cf208b9fdfe820f9d9224f42183d5d62fd3c6a2a3662931cb399f55eed5a699']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-08-03T07:05:08Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--2b1648e9-577e-46f9-bdb3-f70186927dc3" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-03T07:05:06.000Z" ,
"modified" : "2018-08-03T07:05:06.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2018-06-23T06:30:59" ,
"category" : "Other" ,
"uuid" : "eb279efe-855d-4375-87c6-b02ad41efcd1"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/7cf208b9fdfe820f9d9224f42183d5d62fd3c6a2a3662931cb399f55eed5a699/analysis/1529735459/" ,
"category" : "External analysis" ,
"uuid" : "6f700c7e-96f3-41e7-8a0f-24053157b240"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "54/68" ,
"category" : "Other" ,
"uuid" : "53125897-66d9-42fd-bf74-3885aaed354f"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--096da749-1936-41dd-96f3-cbdd247f2548" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-03T07:05:11.000Z" ,
"modified" : "2018-08-03T07:05:11.000Z" ,
"pattern" : "[file:hashes.MD5 = '21089b34d8f9cb7910f521e30aa55908' AND file:hashes.SHA1 = '5e0d7f6a8f88decf4ed2107adeeb0f2d805dbc6d' AND file:hashes.SHA256 = 'a60254d5a636021fdd9d71a88c10d8cca7889f96acf80cd81098b0015c96a79a']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-08-03T07:05:11Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--bee97d03-cf53-441d-b24e-be6fe5aff6fe" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-03T07:05:09.000Z" ,
"modified" : "2018-08-03T07:05:09.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2018-01-31T06:44:56" ,
"category" : "Other" ,
"uuid" : "1a37dc13-68a5-419e-8593-c80aad983a0f"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/a60254d5a636021fdd9d71a88c10d8cca7889f96acf80cd81098b0015c96a79a/analysis/1517381096/" ,
"category" : "External analysis" ,
"uuid" : "dbdf7ee7-d96e-43df-99ec-f1a7d56df6c4"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "24/66" ,
"category" : "Other" ,
"uuid" : "0e6c3ab0-31fe-4ac6-861a-86117f7610eb"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--fe9ff2db-3990-4476-af1f-4ea5fd9455ec" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-03T07:05:14.000Z" ,
"modified" : "2018-08-03T07:05:14.000Z" ,
"pattern" : "[file:hashes.MD5 = '59e172ec7d73a5c41d4dbb218ca1af66' AND file:hashes.SHA1 = 'f116b6360951036814e9ce2a35fcdf467307d2c6' AND file:hashes.SHA256 = '21fa492145115aef1fb2fc686ad09e5769b6730764eea1d9a90c1ca64ac8f5a0']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-08-03T07:05:14Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--3a3d31fe-1599-4535-8de1-073d022ac421" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-03T07:05:13.000Z" ,
"modified" : "2018-08-03T07:05:13.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2018-08-01T11:55:50" ,
"category" : "Other" ,
"uuid" : "730fa964-2173-4469-80e6-038e28bd3b6f"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/21fa492145115aef1fb2fc686ad09e5769b6730764eea1d9a90c1ca64ac8f5a0/analysis/1533124550/" ,
"category" : "External analysis" ,
"uuid" : "434cb613-2d0b-4e78-ad7d-15cf7bc2c0b9"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "0/59" ,
"category" : "Other" ,
"uuid" : "9ae1bfb8-ee0a-42a2-b254-cd8d65cee0b6"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--2c0a000b-4cb5-444e-b6e8-f5ce047774bc" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-03T07:05:17.000Z" ,
"modified" : "2018-08-03T07:05:17.000Z" ,
"pattern" : "[file:hashes.MD5 = 'c531c45b08b692d84cf0699ef92f0134' AND file:hashes.SHA1 = 'fc1ee56c51e8367e07c7d382b2251f460292b3cf' AND file:hashes.SHA256 = '3998b264f947f3e70986c831a1f776790f96b0d8c72685a9ca3c6dea6f14bf6e']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-08-03T07:05:17Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--6a699fff-9d42-4ebc-835c-7063f752908c" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-03T07:05:16.000Z" ,
"modified" : "2018-08-03T07:05:16.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2018-03-01T07:21:24" ,
"category" : "Other" ,
"uuid" : "62d26141-e9b0-4349-a720-5ed0d4d7e834"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/3998b264f947f3e70986c831a1f776790f96b0d8c72685a9ca3c6dea6f14bf6e/analysis/1519888884/" ,
"category" : "External analysis" ,
"uuid" : "786c71b7-e87c-44d1-97e0-932131116732"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "11/68" ,
"category" : "Other" ,
"uuid" : "aded9a20-962a-4e46-a2c5-c26f10d0334d"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--b41fba7b-7e99-46be-b244-3749274d6511" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-03T07:05:20.000Z" ,
"modified" : "2018-08-03T07:05:20.000Z" ,
"pattern" : "[file:hashes.MD5 = '34a1e9fcc84adc4ab2ec364845f64220' AND file:hashes.SHA1 = '7ef53e5a9a67e7f932ad53bf3a85c2ae91026f34' AND file:hashes.SHA256 = '65e062b0ad6af49772988645f07d9bf890ed1310cf76630e6536762943115529']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-08-03T07:05:20Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--2643e936-cbd4-4080-bf24-897926886b9c" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-03T07:05:19.000Z" ,
"modified" : "2018-08-03T07:05:19.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2018-08-01T11:55:11" ,
"category" : "Other" ,
"uuid" : "d6cc19a3-2f99-4d78-8fe2-7bf2bcfb4d90"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/65e062b0ad6af49772988645f07d9bf890ed1310cf76630e6536762943115529/analysis/1533124511/" ,
"category" : "External analysis" ,
"uuid" : "08b25fe3-52e6-4aa1-a598-efb51d3856be"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "39/66" ,
"category" : "Other" ,
"uuid" : "76b329b7-f2f5-472a-b3aa-39a5e8896201"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--4024aa3c-18df-4452-a3b9-9f3e62fa105c" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-03T07:05:23.000Z" ,
"modified" : "2018-08-03T07:05:23.000Z" ,
"pattern" : "[file:hashes.MD5 = '5f19025a2ac2afeb331d4a0971507131' AND file:hashes.SHA1 = '1b58d0832448414d830bfb065b9f020d3c5fe64b' AND file:hashes.SHA256 = 'b2ebda9b727b66fc5538b90745328a5b4fb26135e7254e2c0ddcc2d3b43d1882']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-08-03T07:05:23Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--242889dc-9946-48f0-bb16-b6044a619b37" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-03T07:05:21.000Z" ,
"modified" : "2018-08-03T07:05:21.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2018-07-23T22:35:44" ,
"category" : "Other" ,
"uuid" : "bc6de473-2ba3-4e5c-81f2-9b43c4129c97"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/b2ebda9b727b66fc5538b90745328a5b4fb26135e7254e2c0ddcc2d3b43d1882/analysis/1532385344/" ,
"category" : "External analysis" ,
"uuid" : "fd14bb8e-738c-47f7-a804-16e0358c56e6"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "51/68" ,
"category" : "Other" ,
"uuid" : "1f4d5c0d-7cf0-45a5-b727-e53dad1d2436"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--818160f4-21c2-45b6-be21-dd9eec574074" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-03T07:05:25.000Z" ,
"modified" : "2018-08-03T07:05:25.000Z" ,
"pattern" : "[file:hashes.MD5 = '5a610962baf6081eb809a9e460599871' AND file:hashes.SHA1 = '6290a0dca10e063fc8913cfccc7057356e082e3b' AND file:hashes.SHA256 = 'bc598b8327d9bbffdf96e2f972f2be0794e4e994771c6b0c84d9326921604db7']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-08-03T07:05:25Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--250c1137-3bfa-446e-b1e3-9ac17421a058" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-03T07:05:24.000Z" ,
"modified" : "2018-08-03T07:05:24.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2018-07-25T17:57:11" ,
"category" : "Other" ,
"uuid" : "0f7f6908-09c7-4a86-b090-1fbf58b67e96"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/bc598b8327d9bbffdf96e2f972f2be0794e4e994771c6b0c84d9326921604db7/analysis/1532541431/" ,
"category" : "External analysis" ,
"uuid" : "46ad717a-4b50-42b1-bedd-6cdd7e03a1e8"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "53/68" ,
"category" : "Other" ,
"uuid" : "cd23483c-b1f7-4346-a0da-5544b45f3f8e"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--1267f609-b45b-4b55-a0d1-ea1ae7db562d" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-03T07:05:28.000Z" ,
"modified" : "2018-08-03T07:05:28.000Z" ,
"pattern" : "[file:hashes.MD5 = 'ccb184bbb7d257f02e2f69790d33f3b6' AND file:hashes.SHA1 = '69b016cdcbbdbee85333fe04d2d81f8c1bc76f11' AND file:hashes.SHA256 = 'e93cc654eb2b17bbd4b760e27d45fc0078c0a8f9b7be6b7a2c11cc78114f31aa']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-08-03T07:05:28Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--df4f13dc-e7db-4896-a560-3f428553d305" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-03T07:05:27.000Z" ,
"modified" : "2018-08-03T07:05:27.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2018-08-02T20:47:19" ,
"category" : "Other" ,
"uuid" : "6497fe78-a309-4e69-9687-96c6c24db053"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/e93cc654eb2b17bbd4b760e27d45fc0078c0a8f9b7be6b7a2c11cc78114f31aa/analysis/1533242839/" ,
"category" : "External analysis" ,
"uuid" : "8fd07da2-cc82-42ed-9fa4-a9ce5dad548e"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "47/67" ,
"category" : "Other" ,
"uuid" : "d358f6e8-44d6-4401-839b-d5f52d134dcc"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--6745208f-c8c8-4274-b672-890fb2779a26" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-03T07:05:31.000Z" ,
"modified" : "2018-08-03T07:05:31.000Z" ,
"pattern" : "[file:hashes.MD5 = 'e5562389a49680c25e67b750b2c368eb' AND file:hashes.SHA1 = '962574ed4d0aaa3479d24d44dcf77ea4ed558bb9' AND file:hashes.SHA256 = '32275a574511f28ebe2efebb9f9830f30219ca42f438428da04243ccbe76d477']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-08-03T07:05:31Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--5f713e33-c562-4370-87c0-17a7a79034be" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-03T07:05:29.000Z" ,
"modified" : "2018-08-03T07:05:29.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2018-01-08T11:14:25" ,
"category" : "Other" ,
"uuid" : "f53903a9-0918-41d3-9e5f-c001c2fa17d4"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/32275a574511f28ebe2efebb9f9830f30219ca42f438428da04243ccbe76d477/analysis/1515410065/" ,
"category" : "External analysis" ,
"uuid" : "a1fc6f3d-377c-4ed9-bcad-5cbcbebd14f4"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "28/67" ,
"category" : "Other" ,
"uuid" : "9ce6141a-8d24-4744-923b-38704f43271b"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--7d5de9ae-0701-4641-b1dd-6db94f8b0ad6" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-03T07:05:34.000Z" ,
"modified" : "2018-08-03T07:05:34.000Z" ,
"pattern" : "[file:hashes.MD5 = 'f9b14393b995a655e72731c8b6ce78fd' AND file:hashes.SHA1 = 'fa9ab8fe04781041f49597c218324f358fc8d661' AND file:hashes.SHA256 = 'b82535078c14e1ce98a2e2461af8fb378e56bb2625056fe1dd5a316b3f0365f8']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-08-03T07:05:34Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--d9a9cd7a-cc40-41c7-ab06-8ca0b166726f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-03T07:05:32.000Z" ,
"modified" : "2018-08-03T07:05:32.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2018-03-22T02:30:18" ,
"category" : "Other" ,
"uuid" : "ed7c1a62-02d3-41ff-a561-8a97c33a37ad"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/b82535078c14e1ce98a2e2461af8fb378e56bb2625056fe1dd5a316b3f0365f8/analysis/1521685818/" ,
"category" : "External analysis" ,
"uuid" : "af4be266-5fb0-4cb9-88db-918da4d6e9bf"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "9/62" ,
"category" : "Other" ,
"uuid" : "a54ba07e-36cd-4fbd-9ec5-9d613d889d00"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2024-08-07 08:13:15 +00:00
"id" : "relationship--119f2a76-d43a-4a18-bad2-9b60a35bdbf3" ,
2023-04-21 14:44:17 +00:00
"created" : "2018-08-03T07:05:33.000Z" ,
"modified" : "2018-08-03T07:05:33.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "indicator--76d54bf8-8a5c-4d15-99a5-60099d75f33c" ,
"target_ref" : "x-misp-object--85c6f32f-13fd-45fc-b553-04eea230334d"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2024-08-07 08:13:15 +00:00
"id" : "relationship--58852f7a-4364-4562-96b7-f7d12dd03a97" ,
2023-04-21 14:44:17 +00:00
"created" : "2018-08-03T07:05:33.000Z" ,
"modified" : "2018-08-03T07:05:33.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "indicator--8fbcce78-3cbc-4071-b67d-dfe531d27c00" ,
"target_ref" : "x-misp-object--19c2defe-70e2-4b45-9834-a0d0c63c4611"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2024-08-07 08:13:15 +00:00
"id" : "relationship--63f344da-93e7-4349-a0b6-9b62d1a63936" ,
2023-04-21 14:44:17 +00:00
"created" : "2018-08-03T07:05:34.000Z" ,
"modified" : "2018-08-03T07:05:34.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "indicator--18222cee-2ac0-47a1-8791-6744df043aad" ,
"target_ref" : "x-misp-object--89416cc5-db81-4f92-9523-398c9f71e800"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2024-08-07 08:13:15 +00:00
"id" : "relationship--fcdf7045-6063-40c5-b290-df3f992bf95e" ,
2023-04-21 14:44:17 +00:00
"created" : "2018-08-03T07:05:34.000Z" ,
"modified" : "2018-08-03T07:05:34.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "indicator--0e9b4bd9-14db-4902-9991-a206bcacc6f1" ,
"target_ref" : "x-misp-object--b0a6a50d-3304-4eaf-9802-eb197d2ad89d"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2024-08-07 08:13:15 +00:00
"id" : "relationship--7c572f60-8e76-4e4e-9871-db795105216e" ,
2023-04-21 14:44:17 +00:00
"created" : "2018-08-03T07:05:34.000Z" ,
"modified" : "2018-08-03T07:05:34.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "indicator--d4cb5445-b513-432b-97e4-b95f612ab3d4" ,
"target_ref" : "x-misp-object--2b6f9fe6-6e77-420e-ad70-57285e0091df"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2024-08-07 08:13:15 +00:00
"id" : "relationship--03e9518b-d63a-4414-baaa-ecd66a3a7683" ,
2023-04-21 14:44:17 +00:00
"created" : "2018-08-03T07:05:34.000Z" ,
"modified" : "2018-08-03T07:05:34.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "indicator--7c801ac7-ea1e-463d-91c4-d0cbd23b3109" ,
"target_ref" : "x-misp-object--f3f2eb44-2a5c-4d1c-b9bd-1edfe18dfc2d"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2024-08-07 08:13:15 +00:00
"id" : "relationship--80726698-1170-4ddd-832a-0b1e043b881e" ,
2023-04-21 14:44:17 +00:00
"created" : "2018-08-03T07:05:34.000Z" ,
"modified" : "2018-08-03T07:05:34.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "indicator--7afe7225-8811-485e-8937-ab7bad8e74f0" ,
"target_ref" : "x-misp-object--7d927d9b-6bc5-4668-9595-b58885c9cc0b"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2024-08-07 08:13:15 +00:00
"id" : "relationship--95c9ece5-fb00-457f-baa2-8483ce8515c7" ,
2023-04-21 14:44:17 +00:00
"created" : "2018-08-03T07:05:34.000Z" ,
"modified" : "2018-08-03T07:05:34.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "indicator--294d1429-59cd-4ad7-95d9-fc5b3661475a" ,
"target_ref" : "x-misp-object--240a9164-aac0-4a1d-9f8c-ac58688889dd"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2024-08-07 08:13:15 +00:00
"id" : "relationship--ca56f12b-7a7b-4c8e-819c-c9d2bdd86084" ,
2023-04-21 14:44:17 +00:00
"created" : "2018-08-03T07:05:34.000Z" ,
"modified" : "2018-08-03T07:05:34.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "indicator--0bf17bb7-e694-4e30-ae93-44dad8b167dc" ,
"target_ref" : "x-misp-object--f600d536-ac39-4588-9ff8-63621d6d372b"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2024-08-07 08:13:15 +00:00
"id" : "relationship--bdd0aac3-300c-4db9-8a5e-3878ac64b520" ,
2023-04-21 14:44:17 +00:00
"created" : "2018-08-03T07:05:34.000Z" ,
"modified" : "2018-08-03T07:05:34.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "indicator--95ac7141-73a2-4887-a57b-703e4ae18c8f" ,
"target_ref" : "x-misp-object--8afbb632-1a98-404c-bde5-89b01c882fda"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2024-08-07 08:13:15 +00:00
"id" : "relationship--45480b25-62ef-4033-8450-7c5b29dcd594" ,
2023-04-21 14:44:17 +00:00
"created" : "2018-08-03T07:05:34.000Z" ,
"modified" : "2018-08-03T07:05:34.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "indicator--1b004d6a-4eaa-4144-80db-7ddfed3e1672" ,
"target_ref" : "x-misp-object--1f8e9d51-4bc9-466f-ad49-357294ada4d8"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2024-08-07 08:13:15 +00:00
"id" : "relationship--a6673616-5aa4-4e72-a8e5-ef6898fc493c" ,
2023-04-21 14:44:17 +00:00
"created" : "2018-08-03T07:05:34.000Z" ,
"modified" : "2018-08-03T07:05:34.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "indicator--764f0fcd-1ab1-4784-8f89-476df01f9e82" ,
"target_ref" : "x-misp-object--4d24cad3-2421-48ad-9b73-2624715cd5dd"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2024-08-07 08:13:15 +00:00
"id" : "relationship--67881442-fe9d-409c-b6c7-e3a32e211dd4" ,
2023-04-21 14:44:17 +00:00
"created" : "2018-08-03T07:05:34.000Z" ,
"modified" : "2018-08-03T07:05:34.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "indicator--d5094d86-5aa2-4930-be67-590b666faf24" ,
"target_ref" : "x-misp-object--68f98b66-dfff-4879-a93e-23798294887a"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2024-08-07 08:13:15 +00:00
"id" : "relationship--b700b0e8-fd36-4934-8d3d-3355e3a39c96" ,
2023-04-21 14:44:17 +00:00
"created" : "2018-08-03T07:05:34.000Z" ,
"modified" : "2018-08-03T07:05:34.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "indicator--52674802-1516-419a-bc3b-01dae5b5746f" ,
"target_ref" : "x-misp-object--2b1648e9-577e-46f9-bdb3-f70186927dc3"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2024-08-07 08:13:15 +00:00
"id" : "relationship--bac7b5fd-1801-4d39-89d8-c92ff199de60" ,
2023-04-21 14:44:17 +00:00
"created" : "2018-08-03T07:05:34.000Z" ,
"modified" : "2018-08-03T07:05:34.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "indicator--096da749-1936-41dd-96f3-cbdd247f2548" ,
"target_ref" : "x-misp-object--bee97d03-cf53-441d-b24e-be6fe5aff6fe"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2024-08-07 08:13:15 +00:00
"id" : "relationship--7ee12c78-a0ee-46ee-9675-7298def5cfed" ,
2023-04-21 14:44:17 +00:00
"created" : "2018-08-03T07:05:34.000Z" ,
"modified" : "2018-08-03T07:05:34.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "indicator--fe9ff2db-3990-4476-af1f-4ea5fd9455ec" ,
"target_ref" : "x-misp-object--3a3d31fe-1599-4535-8de1-073d022ac421"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2024-08-07 08:13:15 +00:00
"id" : "relationship--91135903-f818-4ce5-b49e-8a1b7b4af543" ,
2023-04-21 14:44:17 +00:00
"created" : "2018-08-03T07:05:34.000Z" ,
"modified" : "2018-08-03T07:05:34.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "indicator--2c0a000b-4cb5-444e-b6e8-f5ce047774bc" ,
"target_ref" : "x-misp-object--6a699fff-9d42-4ebc-835c-7063f752908c"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2024-08-07 08:13:15 +00:00
"id" : "relationship--b06cc5f7-a2f5-4b01-b75b-0f2c1dce1290" ,
2023-04-21 14:44:17 +00:00
"created" : "2018-08-03T07:05:34.000Z" ,
"modified" : "2018-08-03T07:05:34.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "indicator--b41fba7b-7e99-46be-b244-3749274d6511" ,
"target_ref" : "x-misp-object--2643e936-cbd4-4080-bf24-897926886b9c"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2024-08-07 08:13:15 +00:00
"id" : "relationship--44a46da7-247e-415a-8a9c-64619a270e19" ,
2023-04-21 14:44:17 +00:00
"created" : "2018-08-03T07:05:34.000Z" ,
"modified" : "2018-08-03T07:05:34.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "indicator--4024aa3c-18df-4452-a3b9-9f3e62fa105c" ,
"target_ref" : "x-misp-object--242889dc-9946-48f0-bb16-b6044a619b37"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2024-08-07 08:13:15 +00:00
"id" : "relationship--23046ab1-1306-4248-a361-a255f2b21407" ,
2023-04-21 14:44:17 +00:00
"created" : "2018-08-03T07:05:34.000Z" ,
"modified" : "2018-08-03T07:05:34.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "indicator--818160f4-21c2-45b6-be21-dd9eec574074" ,
"target_ref" : "x-misp-object--250c1137-3bfa-446e-b1e3-9ac17421a058"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2024-08-07 08:13:15 +00:00
"id" : "relationship--1889e57f-2a63-435e-aa9d-9a5d1851c08f" ,
2023-04-21 14:44:17 +00:00
"created" : "2018-08-03T07:05:35.000Z" ,
"modified" : "2018-08-03T07:05:35.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "indicator--1267f609-b45b-4b55-a0d1-ea1ae7db562d" ,
"target_ref" : "x-misp-object--df4f13dc-e7db-4896-a560-3f428553d305"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2024-08-07 08:13:15 +00:00
"id" : "relationship--0527993d-c18f-4bf5-8bf4-56839d319deb" ,
2023-04-21 14:44:17 +00:00
"created" : "2018-08-03T07:05:35.000Z" ,
"modified" : "2018-08-03T07:05:35.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "indicator--6745208f-c8c8-4274-b672-890fb2779a26" ,
"target_ref" : "x-misp-object--5f713e33-c562-4370-87c0-17a7a79034be"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2024-08-07 08:13:15 +00:00
"id" : "relationship--35a81de7-b9f4-4d76-a581-8bc84876604c" ,
2023-04-21 14:44:17 +00:00
"created" : "2018-08-03T07:05:35.000Z" ,
"modified" : "2018-08-03T07:05:35.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "indicator--7d5de9ae-0701-4641-b1dd-6db94f8b0ad6" ,
"target_ref" : "x-misp-object--d9a9cd7a-cc40-41c7-ab06-8ca0b166726f"
} ,
{
"type" : "marking-definition" ,
"spec_version" : "2.1" ,
"id" : "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ,
"created" : "2017-01-20T00:00:00.000Z" ,
"definition_type" : "tlp" ,
"name" : "TLP:WHITE" ,
"definition" : {
"tlp" : "white"
}
}
]
}