2023-04-21 14:44:17 +00:00
{
"type" : "bundle" ,
"id" : "bundle--5b6d858f-6cb0-4a06-b826-57f5950d210f" ,
"objects" : [
{
"type" : "identity" ,
"spec_version" : "2.1" ,
"id" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-10-03T11:20:28.000Z" ,
"modified" : "2018-10-03T11:20:28.000Z" ,
"name" : "CIRCL" ,
"identity_class" : "organization"
} ,
{
"type" : "report" ,
"spec_version" : "2.1" ,
"id" : "report--5b6d858f-6cb0-4a06-b826-57f5950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-10-03T11:20:28.000Z" ,
"modified" : "2018-10-03T11:20:28.000Z" ,
"name" : "OSINT - Skygofree: Following in the footsteps of HackingTeam" ,
"published" : "2018-10-03T11:22:15Z" ,
"object_refs" : [
"observed-data--5b6d869f-b8cc-460b-99fa-a199950d210f" ,
"url--5b6d869f-b8cc-460b-99fa-a199950d210f" ,
"x-misp-attribute--5b6d8769-acd4-435a-a6d6-7e1e950d210f" ,
"observed-data--5b6d8809-0244-4327-9791-7cfd950d210f" ,
"url--5b6d8809-0244-4327-9791-7cfd950d210f" ,
"indicator--5b6d8916-d718-4b4a-8a41-57f5950d210f" ,
"indicator--5b6d8917-bcbc-4524-b1bc-57f5950d210f" ,
"indicator--5b6d8917-1438-4e0f-8fd5-57f5950d210f" ,
"indicator--5b6d8918-3c0c-4fca-a73b-57f5950d210f" ,
"indicator--5b6d8918-9248-4584-902d-57f5950d210f" ,
"indicator--5b6d8919-3f18-4f18-9ba5-57f5950d210f" ,
"indicator--5b6d8919-a254-4b06-b0ab-57f5950d210f" ,
"indicator--5b6d891a-f264-4f58-bab4-57f5950d210f" ,
"indicator--5b6d891a-c58c-46e2-8cc5-57f5950d210f" ,
"indicator--5b6d891a-3414-4db2-bca9-57f5950d210f" ,
"indicator--5b6d891b-ad98-4150-85ad-57f5950d210f" ,
"indicator--5b6d891c-2734-4ee8-9fc0-57f5950d210f" ,
"indicator--5b6d891e-fdc4-42d3-ba1a-57f5950d210f" ,
"indicator--5b6d891f-558c-4449-864e-57f5950d210f" ,
"indicator--5b6d8920-9a20-4b37-9365-57f5950d210f" ,
"indicator--5b6d8921-5af0-41ca-b69f-57f5950d210f" ,
"indicator--5b6d8923-6370-4714-ba67-57f5950d210f" ,
"indicator--5b6d8924-b234-44da-a068-57f5950d210f" ,
"indicator--5b6d8925-2c00-4026-82e3-57f5950d210f" ,
"indicator--5b6d8d91-1b94-4522-8633-cbfc950d210f" ,
"indicator--5b6d90f1-3bf4-4746-a265-4d62950d210f" ,
"indicator--5b6d9fab-3cf0-4839-8421-cc8c950d210f" ,
"indicator--5b6da192-aa4c-4141-9993-b712950d210f" ,
"indicator--5b6da23b-5980-40d9-b40e-fc18950d210f" ,
"indicator--5b6da2c9-e668-4985-a4c1-a1dd950d210f" ,
"indicator--5b6da343-5348-45c3-88f4-4756950d210f" ,
"indicator--5b6da485-3f88-4f5a-90e6-4750950d210f" ,
"indicator--5b6da4fd-d71c-4b44-883c-b711950d210f" ,
"indicator--5b6da52c-53d8-4052-832e-7cfd950d210f" ,
"indicator--5b6da574-aeb4-4d95-af75-7d0f950d210f" ,
"indicator--5b6da5a9-55e4-4e73-b66d-e737950d210f" ,
"indicator--5b6da5da-1b0c-41b0-b0d9-a198950d210f" ,
"indicator--5b6da61e-8dd4-4656-ba3b-cbf1950d210f" ,
"indicator--5b7e9771-afcc-4953-9591-a3d0950d210f" ,
"indicator--5b7ea118-b9ec-4598-b96a-49b7950d210f" ,
"indicator--5b7ea243-31a0-4e2b-bb58-4fbe950d210f" ,
"indicator--5b8d3a80-f2b8-475d-8b6d-4d87950d210f" ,
"indicator--5b8d3a82-73ec-481e-b96e-4136950d210f" ,
"indicator--5b8d3a86-ad44-4523-8f8a-49a7950d210f" ,
"indicator--5b8d3a8a-a3cc-42f1-8c76-4b5a950d210f" ,
"indicator--5b8d3a8f-57dc-43f8-87db-466b950d210f" ,
"indicator--5b8d3a93-9ca4-4dee-8a6d-4b53950d210f" ,
"indicator--5b8d3a98-2cf4-4a25-a3a9-4d8d950d210f" ,
"indicator--5b8d3a9c-86d4-4eab-afab-46a4950d210f" ,
"indicator--5b8d3aa0-c450-4c78-a711-4162950d210f" ,
"indicator--5b8d3aa5-59f8-40ba-bcfd-461a950d210f" ,
"indicator--5b8d3aa9-402c-476e-8a8f-41b7950d210f" ,
"indicator--5b8d3aad-c6b0-4bf4-b585-46e3950d210f" ,
"indicator--5b8d3ab2-e240-442e-b612-4ac6950d210f" ,
"indicator--5b8d3ab6-a73c-4f1d-982c-4590950d210f" ,
"indicator--5b8d3aba-54d0-4e0a-8721-42ce950d210f" ,
"observed-data--5bb4a4c2-13a4-458d-b7a8-45ffe387cbd9" ,
"network-traffic--5bb4a4c2-13a4-458d-b7a8-45ffe387cbd9" ,
"ipv4-addr--5bb4a4c2-13a4-458d-b7a8-45ffe387cbd9" ,
"observed-data--5bb4a4c4-0e38-4d3e-94b5-4f8fe387cbd9" ,
"network-traffic--5bb4a4c4-0e38-4d3e-94b5-4f8fe387cbd9" ,
"ipv4-addr--5bb4a4c4-0e38-4d3e-94b5-4f8fe387cbd9" ,
"observed-data--5bb4a4c5-0a94-411e-9ae8-4f03e387cbd9" ,
"network-traffic--5bb4a4c5-0a94-411e-9ae8-4f03e387cbd9" ,
"ipv4-addr--5bb4a4c5-0a94-411e-9ae8-4f03e387cbd9" ,
"observed-data--5bb4a4c9-5554-4bab-9ae0-4fbbe387cbd9" ,
"network-traffic--5bb4a4c9-5554-4bab-9ae0-4fbbe387cbd9" ,
"ipv4-addr--5bb4a4c9-5554-4bab-9ae0-4fbbe387cbd9" ,
"observed-data--5bb4a4ca-fe88-4bac-b21e-4a3ee387cbd9" ,
"network-traffic--5bb4a4ca-fe88-4bac-b21e-4a3ee387cbd9" ,
"ipv4-addr--5bb4a4ca-fe88-4bac-b21e-4a3ee387cbd9" ,
"observed-data--5bb4a4cb-d184-49ea-a5c8-42fae387cbd9" ,
"network-traffic--5bb4a4cb-d184-49ea-a5c8-42fae387cbd9" ,
"ipv4-addr--5bb4a4cb-d184-49ea-a5c8-42fae387cbd9" ,
"observed-data--5bb4a4cb-ceb0-47d2-a406-4886e387cbd9" ,
"network-traffic--5bb4a4cb-ceb0-47d2-a406-4886e387cbd9" ,
"ipv4-addr--5bb4a4cb-ceb0-47d2-a406-4886e387cbd9" ,
"observed-data--5bb4a4cc-c0d0-453d-ab9e-4ccde387cbd9" ,
"network-traffic--5bb4a4cc-c0d0-453d-ab9e-4ccde387cbd9" ,
"ipv4-addr--5bb4a4cc-c0d0-453d-ab9e-4ccde387cbd9" ,
"observed-data--5bb4a4cd-13f8-45ed-81a5-4fcee387cbd9" ,
"network-traffic--5bb4a4cd-13f8-45ed-81a5-4fcee387cbd9" ,
"ipv4-addr--5bb4a4cd-13f8-45ed-81a5-4fcee387cbd9" ,
"indicator--5b6d8b20-12a8-4910-aeae-57f5950d210f" ,
"indicator--5b6d8bac-aa38-4fd7-b277-7d0f950d210f" ,
"indicator--5b6d8c99-441c-4305-9431-4a6f950d210f" ,
"observed-data--5b6d908d-7b7c-48a2-9f5d-cc41950d210f" ,
"file--5b6d908d-7b7c-48a2-9f5d-cc41950d210f" ,
"directory--5b7e9b4a-76d0-4f5e-9f37-fc04950d210f" ,
"indicator--5b6d923b-1720-4be7-a432-cc41950d210f" ,
"indicator--5b6d92d3-3150-429c-8aaa-b711950d210f" ,
"indicator--5b6d9322-cf1c-4259-bed4-a179950d210f" ,
"indicator--5b6d9345-e134-4ff7-ae7d-cd92950d210f" ,
"indicator--5b6d93f0-8528-4aa3-b1ea-4666950d210f" ,
"indicator--5b6d942f-1c14-47ff-92c6-cc71950d210f" ,
"indicator--5b6d9459-7168-46b5-b31c-cc71950d210f" ,
"indicator--5b6d9480-6300-4946-a56c-cc54950d210f" ,
"indicator--5b6d94ae-15c4-4c52-a4b0-a1de950d210f" ,
"indicator--5b6d94fd-4258-4009-9aaf-cc71950d210f" ,
"indicator--5b6d952c-48a4-4f24-8b5f-7cfd950d210f" ,
"indicator--5b6d956a-4d40-426d-baaa-a197950d210f" ,
"indicator--5b6d9595-20e0-4fe6-add9-cc54950d210f" ,
"indicator--5b6d9b83-f57c-49d1-8d6e-cc8c950d210f" ,
"indicator--5b6d9c4f-7290-45f0-ac9e-cbf1950d210f" ,
"indicator--5b6d9d0f-9fbc-47c4-b8ef-fc06950d210f" ,
"indicator--5b6d9d6d-1848-48ca-8d1c-cd99950d210f" ,
"indicator--5b6d9e03-619c-4049-9557-7cfd950d210f" ,
"indicator--5b6d9e59-14a8-4925-a9c1-cc8c950d210f" ,
"indicator--5b6d9e85-048c-4c1a-ace7-fc06950d210f" ,
"indicator--5b6d9eae-1e14-48eb-95ae-e737950d210f" ,
"indicator--5b6d9ed4-4744-46d8-bf6b-cd92950d210f" ,
"indicator--5b6d9ef9-33e0-49f8-afc4-a1dd950d210f" ,
"indicator--5b6d9f15-302c-4528-b5b7-e737950d210f" ,
"observed-data--5b6da0bc-5908-45f0-a3cb-7d2f950d210f" ,
"file--5b6da0bc-5908-45f0-a3cb-7d2f950d210f" ,
"directory--5b7e9b99-3d00-433e-b666-441e950d210f" ,
"observed-data--5b6da202-2654-49e0-93dd-a1dd950d210f" ,
"file--5b6da202-2654-49e0-93dd-a1dd950d210f" ,
"observed-data--5b6da2a2-b7e0-4bec-ac25-7d2f950d210f" ,
"file--5b6da2a2-b7e0-4bec-ac25-7d2f950d210f" ,
"directory--5b7e9bd8-8ef0-40c5-b985-4835950d210f" ,
"observed-data--5b6da326-0c08-44a0-90be-fc18950d210f" ,
"file--5b6da326-0c08-44a0-90be-fc18950d210f" ,
"directory--5b7e99bd-a06c-44b8-85de-4dbd950d210f" ,
"vulnerability--5b7141f1-ca14-400c-879d-8bd7950d210f" ,
"indicator--5b7ea077-cfbc-4059-9ac0-4554950d210f" ,
"vulnerability--5b8d2e5e-fd90-47bd-941d-4e98950d210f" ,
"vulnerability--5b8d306d-ed34-4a9c-9350-49ca950d210f" ,
"vulnerability--5b8d34d9-a7ac-407e-8faf-4357950d210f" ,
"vulnerability--5b8d38fc-abb0-4860-8182-73ee950d210f" ,
"indicator--ef468365-addd-40d5-a24d-543722f12e93" ,
"x-misp-object--68dc24db-7625-4d35-b6d3-c6fb1283bf18" ,
"indicator--6ccf462a-1c20-452a-be71-cfe9936ed3ba" ,
"x-misp-object--d2f2004d-2309-4a22-99cd-031a09bde2f1" ,
"indicator--7d3abf61-6c8e-47c1-93eb-d9f5103a9d5e" ,
"x-misp-object--b822f813-8192-409c-8ccc-27c368ce781a" ,
"indicator--cacbd9c4-03d0-435d-ad3c-a31a568e8d8e" ,
"x-misp-object--60d09241-1457-4f27-8c62-a010c19eeb21" ,
"indicator--93f7c2d4-3eda-4a19-aba6-b3bdb34be6c6" ,
"x-misp-object--fa8c321e-5cde-45bb-a01c-7e2a2a09b969" ,
"indicator--6bf27c78-9d3b-4926-9c37-ec97cf90fee5" ,
"x-misp-object--22999236-217f-4117-ae67-135d962de74e" ,
"indicator--a4995eaf-38d1-4aed-a189-061d8ad9eb5b" ,
"x-misp-object--28a0ab9f-4372-42ba-bea6-9a437f2c55e6" ,
"indicator--19019d95-d653-45c4-a76a-e1d0514ea188" ,
"x-misp-object--a6f536ba-7227-4404-a445-3859005c2d85" ,
"indicator--dddd50b2-9d97-476a-864e-021d7986d6fb" ,
"x-misp-object--497f5b93-ac74-4869-b34e-e18258a06405" ,
"indicator--f43d2055-c298-4014-b16c-cb31bb84171b" ,
"x-misp-object--f9620a5e-f529-47ca-b57b-52959ee91051" ,
"indicator--aa457e4c-9f49-4f78-84ec-5d60a7c157a2" ,
"x-misp-object--8af76320-edcc-4b95-bdbd-bf638bd1e369" ,
"indicator--790fef27-93cc-4a9f-803a-b320db0dee95" ,
"x-misp-object--f234144d-1765-4cf4-b8ad-6d6f1a2b6472" ,
"indicator--6ff856c9-fa6e-454c-ba8c-0fc21d5cc864" ,
"x-misp-object--41755892-e078-4a46-87e8-1f5e2677e25c" ,
"indicator--09391239-3536-4168-8f87-72ae9d533bef" ,
"x-misp-object--d85d218a-03c1-40d8-9b3f-b88bb3f6e132" ,
"indicator--bd4d9903-64a2-48b5-9aca-8daaf2bcc0ee" ,
"x-misp-object--57bf09f8-10dd-40e1-b635-be7748f76773" ,
"indicator--1e7e2181-e880-4274-9ddf-f8daa44549c7" ,
"x-misp-object--084b441e-ce8b-4086-ad6c-0ef1e2b2c78b" ,
"indicator--43892c3f-9a1b-466c-9bee-8e397cfe7d99" ,
"x-misp-object--d57f6827-03ab-40da-9465-a87640bda410" ,
2024-08-07 08:13:15 +00:00
"relationship--a97497b8-7a83-4a47-a5e8-e4eff10d1e7a" ,
"relationship--5bd58753-f32d-4252-a2af-c3ec89c13add" ,
"relationship--7e6f345c-fe5a-4592-a548-65062c1877b9" ,
"relationship--80f29524-944c-4a23-95ba-cd5717d8b25d" ,
"relationship--acc4351d-b80e-4d1a-871a-f8bf46b5d43f" ,
"relationship--f2a95e94-0190-49d3-93c1-a0e6f5227a77" ,
"relationship--22521344-bb3a-45b0-b53d-0ddb465300bf" ,
"relationship--12b7af8b-34ec-4d11-aa66-a45a835380f5" ,
"relationship--a81b4b36-ee65-4f97-9144-e495c9101a5a" ,
"relationship--c2190276-b5c2-4a60-8584-75363511be51" ,
"relationship--40a87a6b-db91-4520-8e8f-c133ffacaf6e" ,
"relationship--8dd7f160-5ae3-4698-bb0b-ca659a6a03a3" ,
"relationship--9aa80da9-b1f0-4130-aff4-76f8b25b5ae0" ,
"relationship--382cd718-fe8f-4e31-a5fc-f8bf4600b123" ,
"relationship--3be94ff5-92d1-493a-9b3b-327875409c17" ,
"relationship--19b86e35-4e49-4b44-be00-6cf45c7d9768" ,
"relationship--af26ba1f-943c-4726-a8fb-6b7d8af73c43" ,
"relationship--5ebf4fa1-ca09-4070-b91d-66162de0469d" ,
"relationship--822bb641-ac05-476a-9d71-1899a61bd4cd" ,
"relationship--6911bfbc-e02e-4849-9274-25699dfcd560" ,
"relationship--430ebdb0-51d7-49cf-a098-309ab774063b" ,
"relationship--7d8f6d90-b6ba-436f-8c18-f37991ac9a56" ,
"relationship--cfb48e7b-f238-46cc-9482-6e38b1d9d0a5" ,
"relationship--3495e346-8dcf-4156-9608-4c18d962ae9f"
2023-04-21 14:44:17 +00:00
] ,
"labels" : [
"Threat-Report" ,
"misp:tool=\"MISP-STIX-Converter\"" ,
"osint:source-type=\"blog-post\"" ,
"misp-galaxy:android=\"Skygofree\"" ,
"Android Malware" ,
"ms-caro-malware:malware-platform=\"AndroidOS\"" ,
"ms-caro-malware-full:malware-platform=\"AndroidOS\""
] ,
"object_marking_refs" : [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--5b6d869f-b8cc-460b-99fa-a199950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-10T12:39:40.000Z" ,
"modified" : "2018-08-10T12:39:40.000Z" ,
"first_observed" : "2018-08-10T12:39:40Z" ,
"last_observed" : "2018-08-10T12:39:40Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--5b6d869f-b8cc-460b-99fa-a199950d210f"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\"" ,
"osint:source-type=\"blog-post\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--5b6d869f-b8cc-460b-99fa-a199950d210f" ,
"value" : "https://securelist.com/skygofree-following-in-the-footsteps-of-hackingteam/83603/"
} ,
{
"type" : "x-misp-attribute" ,
"spec_version" : "2.1" ,
"id" : "x-misp-attribute--5b6d8769-acd4-435a-a6d6-7e1e950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-10T12:39:56.000Z" ,
"modified" : "2018-08-10T12:39:56.000Z" ,
"labels" : [
"misp:type=\"text\"" ,
"misp:category=\"External analysis\"" ,
"osint:source-type=\"blog-post\""
] ,
"x_misp_category" : "External analysis" ,
"x_misp_type" : "text" ,
"x_misp_value" : "At the beginning of October 2017, we discovered new Android spyware with several features previously unseen in the wild. In the course of further research, we found a number of related samples that point to a long-term development process. We believe the initial versions of this malware were created at least three years ago \u00e2\u20ac\u201c at the end of 2014. Since then, the implant\u00e2\u20ac\u2122s functionality has been improving and remarkable new features implemented, such as the ability to record audio surroundings via the microphone when an infected device is in a specified location; the stealing of WhatsApp messages via Accessibility Services; and the ability to connect an infected device to Wi-Fi networks controlled by cybercriminals.\r\nWe observed many web landing pages that mimic the sites of mobile operators and which are used to spread the Android implants. These domains have been registered by the attackers since 2015. According to our telemetry, that was the year the distribution campaign was at its most active. The activities continue: the most recently observed domain was registered on October 31, 2017. Based on our KSN statistics, there are several infected individuals, exclusively in Italy.\r\nMoreover, as we dived deeper into the investigation, we discovered several spyware tools for Windows that form an implant for exfiltrating sensitive data on a targeted machine. The version we found was built at the beginning of 2017, and at the moment we are not sure whether this implant has been used in the wild.We named the malware Skygofree, because we found the word in one of the domains*"
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--5b6d8809-0244-4327-9791-7cfd950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-10T12:42:12.000Z" ,
"modified" : "2018-08-10T12:42:12.000Z" ,
"first_observed" : "2018-08-10T12:42:12Z" ,
"last_observed" : "2018-08-10T12:42:12Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--5b6d8809-0244-4327-9791-7cfd950d210f"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\"" ,
"osint:source-type=\"technical-report\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--5b6d8809-0244-4327-9791-7cfd950d210f" ,
"value" : "https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2018/03/07164028/Skygofree_appendix_eng.pdf"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b6d8916-d718-4b4a-8a41-57f5950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-10T12:46:14.000Z" ,
"modified" : "2018-08-10T12:46:14.000Z" ,
"description" : "Domains related to distribution campaign" ,
"pattern" : "[domain-name:value = '119.network']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-08-10T12:46:14Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b6d8917-bcbc-4524-b1bc-57f5950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-10T12:46:15.000Z" ,
"modified" : "2018-08-10T12:46:15.000Z" ,
"description" : "Domains related to distribution campaign" ,
"pattern" : "[domain-name:value = '119.business']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-08-10T12:46:15Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b6d8917-1438-4e0f-8fd5-57f5950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-10T12:46:15.000Z" ,
"modified" : "2018-08-10T12:46:15.000Z" ,
"description" : "Domains related to distribution campaign" ,
"pattern" : "[domain-name:value = 'timbox.info']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-08-10T12:46:15Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b6d8918-3c0c-4fca-a73b-57f5950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-10T12:46:16.000Z" ,
"modified" : "2018-08-10T12:46:16.000Z" ,
"description" : "Domains related to distribution campaign" ,
"pattern" : "[domain-name:value = 'vodafoneinfinity.sytes.net']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-08-10T12:46:16Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b6d8918-9248-4584-902d-57f5950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-10T12:46:16.000Z" ,
"modified" : "2018-08-10T12:46:16.000Z" ,
"description" : "Domains related to distribution campaign" ,
"pattern" : "[domain-name:value = 'vodafone.press']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-08-10T12:46:16Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b6d8919-3f18-4f18-9ba5-57f5950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-10T12:46:17.000Z" ,
"modified" : "2018-08-10T12:46:17.000Z" ,
"description" : "Domains related to distribution campaign" ,
"pattern" : "[domain-name:value = 'voda.mobi']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-08-10T12:46:17Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b6d8919-a254-4b06-b0ab-57f5950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-10T12:46:17.000Z" ,
"modified" : "2018-08-10T12:46:17.000Z" ,
"description" : "Domains related to distribution campaign" ,
"pattern" : "[domain-name:value = '190.network']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-08-10T12:46:17Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b6d891a-f264-4f58-bab4-57f5950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-10T12:46:18.000Z" ,
"modified" : "2018-08-10T12:46:18.000Z" ,
"description" : "Domains related to distribution campaign" ,
"pattern" : "[domain-name:value = 'tre.support']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-08-10T12:46:18Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b6d891a-c58c-46e2-8cc5-57f5950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-10T12:46:18.000Z" ,
"modified" : "2018-08-10T12:46:18.000Z" ,
"description" : "Domains related to distribution campaign" ,
"pattern" : "[domain-name:value = '3g.mobi']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-08-10T12:46:18Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b6d891a-3414-4db2-bca9-57f5950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-10T12:46:18.000Z" ,
"modified" : "2018-08-10T12:46:18.000Z" ,
"description" : "Domains related to distribution campaign" ,
"pattern" : "[domain-name:value = 'h3g.co']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-08-10T12:46:18Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b6d891b-ad98-4150-85ad-57f5950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-10T12:46:19.000Z" ,
"modified" : "2018-08-10T12:46:19.000Z" ,
"description" : "Domains related to distribution campaign" ,
"pattern" : "[domain-name:value = 'h3g.info']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-08-10T12:46:19Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b6d891c-2734-4ee8-9fc0-57f5950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-10T12:46:20.000Z" ,
"modified" : "2018-08-10T12:46:20.000Z" ,
"description" : "Domains related to distribution campaign" ,
"pattern" : "[domain-name:value = '155wind.mobi']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-08-10T12:46:20Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b6d891e-fdc4-42d3-ba1a-57f5950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-10T12:46:22.000Z" ,
"modified" : "2018-08-10T12:46:22.000Z" ,
"description" : "Domains related to distribution campaign" ,
"pattern" : "[domain-name:value = 'wind.support']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-08-10T12:46:22Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b6d891f-558c-4449-864e-57f5950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-10T12:46:23.000Z" ,
"modified" : "2018-08-10T12:46:23.000Z" ,
"description" : "Domains related to distribution campaign" ,
"pattern" : "[domain-name:value = 'windupdate.serveftp.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-08-10T12:46:23Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b6d8920-9a20-4b37-9365-57f5950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-10T12:46:24.000Z" ,
"modified" : "2018-08-10T12:46:24.000Z" ,
"description" : "Domains related to distribution campaign" ,
"pattern" : "[domain-name:value = 'skygofree.sytes.net']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-08-10T12:46:24Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b6d8921-5af0-41ca-b69f-57f5950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-10T12:46:25.000Z" ,
"modified" : "2018-08-10T12:46:25.000Z" ,
"description" : "Domains related to distribution campaign" ,
"pattern" : "[domain-name:value = 'digimobil.mobi']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-08-10T12:46:25Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b6d8923-6370-4714-ba67-57f5950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-10T12:46:27.000Z" ,
"modified" : "2018-08-10T12:46:27.000Z" ,
"description" : "Domains related to distribution campaign" ,
"pattern" : "[domain-name:value = 'kenamobile.mobi']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-08-10T12:46:27Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b6d8924-b234-44da-a068-57f5950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-10T12:46:28.000Z" ,
"modified" : "2018-08-10T12:46:28.000Z" ,
"description" : "Domains related to distribution campaign" ,
"pattern" : "[domain-name:value = 'lycamobile.mobi']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-08-10T12:46:28Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b6d8925-2c00-4026-82e3-57f5950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-10T12:46:29.000Z" ,
"modified" : "2018-08-10T12:46:29.000Z" ,
"description" : "Domains related to distribution campaign" ,
"pattern" : "[domain-name:value = 'postemobile.help']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-08-10T12:46:29Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b6d8d91-1b94-4522-8633-cbfc950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-10T13:05:21.000Z" ,
"modified" : "2018-08-10T13:05:21.000Z" ,
"description" : "Platform Android, Comment and Control Server" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '217.194.13.133']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-08-10T13:05:21Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b6d90f1-3bf4-4746-a265-4d62950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-10-03T11:14:23.000Z" ,
"modified" : "2018-10-03T11:14:23.000Z" ,
"pattern" : "[mutex:name = 'mutex_var_AU']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-10-03T11:14:23Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Artifacts dropped"
}
] ,
"labels" : [
"misp:type=\"mutex\"" ,
"misp:category=\"Artifacts dropped\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b6d9fab-3cf0-4839-8421-cc8c950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-10-03T11:14:23.000Z" ,
"modified" : "2018-10-03T11:14:23.000Z" ,
"pattern" : "[mutex:name = 'mutex_var_K']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-10-03T11:14:23Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Artifacts dropped"
}
] ,
"labels" : [
"misp:type=\"mutex\"" ,
"misp:category=\"Artifacts dropped\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b6da192-aa4c-4141-9993-b712950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-10-03T11:14:23.000Z" ,
"modified" : "2018-10-03T11:14:23.000Z" ,
"pattern" : "[mutex:name = 'mutex_var_xboz']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-10-03T11:14:23Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Artifacts dropped"
}
] ,
"labels" : [
"misp:type=\"mutex\"" ,
"misp:category=\"Artifacts dropped\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b6da23b-5980-40d9-b40e-fc18950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-10-03T11:14:23.000Z" ,
"modified" : "2018-10-03T11:14:23.000Z" ,
"pattern" : "[mutex:name = 'mutex_var_SE']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-10-03T11:14:23Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Artifacts dropped"
}
] ,
"labels" : [
"misp:type=\"mutex\"" ,
"misp:category=\"Artifacts dropped\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b6da2c9-e668-4985-a4c1-a1dd950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-10-03T11:14:23.000Z" ,
"modified" : "2018-10-03T11:14:23.000Z" ,
"pattern" : "[mutex:name = 'mutex_var_scren']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-10-03T11:14:23Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Artifacts dropped"
}
] ,
"labels" : [
"misp:type=\"mutex\"" ,
"misp:category=\"Artifacts dropped\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b6da343-5348-45c3-88f4-4756950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-10-03T11:14:23.000Z" ,
"modified" : "2018-10-03T11:14:23.000Z" ,
"pattern" : "[mutex:name = 'mutex_var_Re_v_5']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-10-03T11:14:23Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Artifacts dropped"
}
] ,
"labels" : [
"misp:type=\"mutex\"" ,
"misp:category=\"Artifacts dropped\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b6da485-3f88-4f5a-90e6-4750950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-10T14:44:11.000Z" ,
"modified" : "2018-08-10T14:44:11.000Z" ,
"description" : "Platform Android, Comment and Control Server" ,
"pattern" : "[domain-name:value = 'url.plus']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-08-10T14:44:11Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b6da4fd-d71c-4b44-883c-b711950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-10T14:45:17.000Z" ,
"modified" : "2018-08-10T14:45:17.000Z" ,
"description" : "Platform Android, Comment and Control Server" ,
"pattern" : "[domain-name:value = 'negg.ddns.net']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-08-10T14:45:17Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b6da52c-53d8-4052-832e-7cfd950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-10T14:46:35.000Z" ,
"modified" : "2018-08-10T14:46:35.000Z" ,
"description" : "Platform Android, Comment and Control Server" ,
"pattern" : "[domain-name:value = 'negg1.ddns.net']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-08-10T14:46:35Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b6da574-aeb4-4d95-af75-7d0f950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-10T14:47:16.000Z" ,
"modified" : "2018-08-10T14:47:16.000Z" ,
"description" : "Platform Android, Comment and Control Server" ,
"pattern" : "[domain-name:value = 'negg2.ddns.net']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-08-10T14:47:16Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b6da5a9-55e4-4e73-b66d-e737950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-10T14:48:09.000Z" ,
"modified" : "2018-08-10T14:48:09.000Z" ,
"description" : "Platform Android, Comment and Control Server" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '79.3.197.89']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-08-10T14:48:09Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b6da5da-1b0c-41b0-b0d9-a198950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-10T14:48:58.000Z" ,
"modified" : "2018-08-10T14:48:58.000Z" ,
"description" : "Platforms Android and Windows, Comment and Control Server" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '54.67.109.199']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-08-10T14:48:58Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b6da61e-8dd4-4656-ba3b-cbf1950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-10T14:50:06.000Z" ,
"modified" : "2018-08-10T14:50:06.000Z" ,
"description" : "Platform Windows, Comment and Control Server" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '80.21.172.8']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-08-10T14:50:06Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b7e9771-afcc-4953-9591-a3d0950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-23T11:16:01.000Z" ,
"modified" : "2018-08-23T11:16:01.000Z" ,
"description" : "Address to download the parser payload" ,
"pattern" : "[url:value = 'http://url.plus/Updates/tt/parser.apk']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-08-23T11:16:01Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b7ea118-b9ec-4598-b96a-49b7950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-23T11:57:44.000Z" ,
"modified" : "2018-08-23T11:57:44.000Z" ,
"description" : "After launch of skype_sync2.exe it downloads a codec for MP3 encoding directly from this address." ,
"pattern" : "[url:value = 'http://54.67.109.199/skype_resource/libmp3lame.dll']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-08-23T11:57:44Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b7ea243-31a0-4e2b-bb58-4fbe950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-23T12:03:08.000Z" ,
"modified" : "2018-08-23T12:03:08.000Z" ,
"description" : "The skype_sync2.exe module has the following PDB string:" ,
"pattern" : "[file:name = '\\\\\\\\vmware-host\\\\Shared Folders\\\\dati\\\\Backup\\\\Projects\\\\REcodin_2\\\\REcodin_2\\\\obj\\\\x86\\\\Release\\\\REcodin_2.pdb']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-08-23T12:03:08Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b8d3a80-f2b8-475d-8b6d-4d87950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-09-03T13:43:28.000Z" ,
"modified" : "2018-09-03T13:43:28.000Z" ,
"pattern" : "[url:value = 'http://217.194.13.133/tre/internet/Configuratore_3.apk']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-09-03T13:43:28Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b8d3a82-73ec-481e-b96e-4136950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-09-03T13:43:30.000Z" ,
"modified" : "2018-09-03T13:43:30.000Z" ,
"pattern" : "[url:value = 'http://217.194.13.133/tre/internet/']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-09-03T13:43:30Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b8d3a86-ad44-4523-8f8a-49a7950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-09-03T13:43:34.000Z" ,
"modified" : "2018-09-03T13:43:34.000Z" ,
"pattern" : "[url:value = 'http://217.194.13.133/appPro_AC.apk']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-09-03T13:43:34Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b8d3a8a-a3cc-42f1-8c76-4b5a950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-09-03T13:43:38.000Z" ,
"modified" : "2018-09-03T13:43:38.000Z" ,
"pattern" : "[url:value = 'http://217.194.13.133/190/configurazione/vodafone/smartphone/VODAFONE\\\\%20Configuratore\\\\%20v5_4_2.apk']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-09-03T13:43:38Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b8d3a8f-57dc-43f8-87db-466b950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-09-03T13:43:43.000Z" ,
"modified" : "2018-09-03T13:43:43.000Z" ,
"pattern" : "[url:value = 'http://217.194.13.133/190/configurazione/vodafone/smartphone/index.html']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-09-03T13:43:43Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b8d3a93-9ca4-4dee-8a6d-4b53950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-09-03T13:43:47.000Z" ,
"modified" : "2018-09-03T13:43:47.000Z" ,
"pattern" : "[url:value = 'http://217.194.13.133/190/configurazione/vodafone/smartphone/Vodafone\\\\%20Configuratore.apk']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-09-03T13:43:47Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b8d3a98-2cf4-4a25-a3a9-4d8d950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-09-03T13:43:52.000Z" ,
"modified" : "2018-09-03T13:43:52.000Z" ,
"pattern" : "[url:value = 'http://vodafoneinfinity.sytes.net/tim/internet/Configuratore_TIM.apk']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-09-03T13:43:52Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b8d3a9c-86d4-4eab-afab-46a4950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-09-03T13:43:56.000Z" ,
"modified" : "2018-09-03T13:43:56.000Z" ,
"pattern" : "[url:value = 'http://vodafoneinfinity.sytes.net/tim/internet/']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-09-03T13:43:56Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b8d3aa0-c450-4c78-a711-4162950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-09-03T13:44:00.000Z" ,
"modified" : "2018-09-03T13:44:00.000Z" ,
"pattern" : "[url:value = 'http://vodafoneinfinity.sytes.net/190/configurazione/vodafone/smartphone/VODAFONE\\\\%20Configuratore\\\\%20v5_4_2.apk']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-09-03T13:44:00Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b8d3aa5-59f8-40ba-bcfd-461a950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-09-03T13:44:05.000Z" ,
"modified" : "2018-09-03T13:44:05.000Z" ,
"pattern" : "[url:value = 'http://vodafoneinfinity.sytes.net/190/configurazione/vodafone/smartphone/']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-09-03T13:44:05Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b8d3aa9-402c-476e-8a8f-41b7950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-09-03T13:44:09.000Z" ,
"modified" : "2018-09-03T13:44:09.000Z" ,
"pattern" : "[url:value = 'http://windupdate.serveftp.com/wind/LTE/WIND\\\\%20Configuratore\\\\%20v5_4_2.apk']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-09-03T13:44:09Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b8d3aad-c6b0-4bf4-b585-46e3950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-09-03T13:44:13.000Z" ,
"modified" : "2018-09-03T13:44:13.000Z" ,
"pattern" : "[url:value = 'http://windupdate.serveftp.com/wind/LTE/']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-09-03T13:44:13Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b8d3ab2-e240-442e-b612-4ac6950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-09-03T13:44:18.000Z" ,
"modified" : "2018-09-03T13:44:18.000Z" ,
"pattern" : "[url:value = 'http://119.network/lte/Internet-TIM-4G-LTE.apk']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-09-03T13:44:18Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b8d3ab6-a73c-4f1d-982c-4590950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-09-03T13:44:22.000Z" ,
"modified" : "2018-09-03T13:44:22.000Z" ,
"pattern" : "[url:value = 'http://119.network/lte/download.html']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-09-03T13:44:22Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b8d3aba-54d0-4e0a-8721-42ce950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-09-03T13:44:26.000Z" ,
"modified" : "2018-09-03T13:44:26.000Z" ,
"pattern" : "[url:value = 'http://119.network/lte/Configuratore_TIM.apk']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-09-03T13:44:26Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--5bb4a4c2-13a4-458d-b7a8-45ffe387cbd9" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-10-03T11:15:14.000Z" ,
"modified" : "2018-10-03T11:15:14.000Z" ,
"first_observed" : "2018-10-03T11:15:14Z" ,
"last_observed" : "2018-10-03T11:15:14Z" ,
"number_observed" : 1 ,
"object_refs" : [
"network-traffic--5bb4a4c2-13a4-458d-b7a8-45ffe387cbd9" ,
"ipv4-addr--5bb4a4c2-13a4-458d-b7a8-45ffe387cbd9"
] ,
"labels" : [
"misp:type=\"ip-src\"" ,
"misp:category=\"Network activity\""
]
} ,
{
"type" : "network-traffic" ,
"spec_version" : "2.1" ,
"id" : "network-traffic--5bb4a4c2-13a4-458d-b7a8-45ffe387cbd9" ,
"src_ref" : "ipv4-addr--5bb4a4c2-13a4-458d-b7a8-45ffe387cbd9" ,
"protocols" : [
"tcp"
]
} ,
{
"type" : "ipv4-addr" ,
"spec_version" : "2.1" ,
"id" : "ipv4-addr--5bb4a4c2-13a4-458d-b7a8-45ffe387cbd9" ,
"value" : "52.88.53.237"
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--5bb4a4c4-0e38-4d3e-94b5-4f8fe387cbd9" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-10-03T11:15:16.000Z" ,
"modified" : "2018-10-03T11:15:16.000Z" ,
"first_observed" : "2018-10-03T11:15:16Z" ,
"last_observed" : "2018-10-03T11:15:16Z" ,
"number_observed" : 1 ,
"object_refs" : [
"network-traffic--5bb4a4c4-0e38-4d3e-94b5-4f8fe387cbd9" ,
"ipv4-addr--5bb4a4c4-0e38-4d3e-94b5-4f8fe387cbd9"
] ,
"labels" : [
"misp:type=\"ip-src\"" ,
"misp:category=\"Network activity\""
]
} ,
{
"type" : "network-traffic" ,
"spec_version" : "2.1" ,
"id" : "network-traffic--5bb4a4c4-0e38-4d3e-94b5-4f8fe387cbd9" ,
"src_ref" : "ipv4-addr--5bb4a4c4-0e38-4d3e-94b5-4f8fe387cbd9" ,
"protocols" : [
"tcp"
]
} ,
{
"type" : "ipv4-addr" ,
"spec_version" : "2.1" ,
"id" : "ipv4-addr--5bb4a4c4-0e38-4d3e-94b5-4f8fe387cbd9" ,
"value" : "184.168.221.13"
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--5bb4a4c5-0a94-411e-9ae8-4f03e387cbd9" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-10-03T11:15:17.000Z" ,
"modified" : "2018-10-03T11:15:17.000Z" ,
"first_observed" : "2018-10-03T11:15:17Z" ,
"last_observed" : "2018-10-03T11:15:17Z" ,
"number_observed" : 1 ,
"object_refs" : [
"network-traffic--5bb4a4c5-0a94-411e-9ae8-4f03e387cbd9" ,
"ipv4-addr--5bb4a4c5-0a94-411e-9ae8-4f03e387cbd9"
] ,
"labels" : [
"misp:type=\"ip-src\"" ,
"misp:category=\"Network activity\""
]
} ,
{
"type" : "network-traffic" ,
"spec_version" : "2.1" ,
"id" : "network-traffic--5bb4a4c5-0a94-411e-9ae8-4f03e387cbd9" ,
"src_ref" : "ipv4-addr--5bb4a4c5-0a94-411e-9ae8-4f03e387cbd9" ,
"protocols" : [
"tcp"
]
} ,
{
"type" : "ipv4-addr" ,
"spec_version" : "2.1" ,
"id" : "ipv4-addr--5bb4a4c5-0a94-411e-9ae8-4f03e387cbd9" ,
"value" : "184.168.221.21"
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--5bb4a4c9-5554-4bab-9ae0-4fbbe387cbd9" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-10-03T11:15:21.000Z" ,
"modified" : "2018-10-03T11:15:21.000Z" ,
"first_observed" : "2018-10-03T11:15:21Z" ,
"last_observed" : "2018-10-03T11:15:21Z" ,
"number_observed" : 1 ,
"object_refs" : [
"network-traffic--5bb4a4c9-5554-4bab-9ae0-4fbbe387cbd9" ,
"ipv4-addr--5bb4a4c9-5554-4bab-9ae0-4fbbe387cbd9"
] ,
"labels" : [
"misp:type=\"ip-src\"" ,
"misp:category=\"Network activity\""
]
} ,
{
"type" : "network-traffic" ,
"spec_version" : "2.1" ,
"id" : "network-traffic--5bb4a4c9-5554-4bab-9ae0-4fbbe387cbd9" ,
"src_ref" : "ipv4-addr--5bb4a4c9-5554-4bab-9ae0-4fbbe387cbd9" ,
"protocols" : [
"tcp"
]
} ,
{
"type" : "ipv4-addr" ,
"spec_version" : "2.1" ,
"id" : "ipv4-addr--5bb4a4c9-5554-4bab-9ae0-4fbbe387cbd9" ,
"value" : "184.168.221.12"
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--5bb4a4ca-fe88-4bac-b21e-4a3ee387cbd9" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-10-03T11:15:22.000Z" ,
"modified" : "2018-10-03T11:15:22.000Z" ,
"first_observed" : "2018-10-03T11:15:22Z" ,
"last_observed" : "2018-10-03T11:15:22Z" ,
"number_observed" : 1 ,
"object_refs" : [
"network-traffic--5bb4a4ca-fe88-4bac-b21e-4a3ee387cbd9" ,
"ipv4-addr--5bb4a4ca-fe88-4bac-b21e-4a3ee387cbd9"
] ,
"labels" : [
"misp:type=\"ip-src\"" ,
"misp:category=\"Network activity\""
]
} ,
{
"type" : "network-traffic" ,
"spec_version" : "2.1" ,
"id" : "network-traffic--5bb4a4ca-fe88-4bac-b21e-4a3ee387cbd9" ,
"src_ref" : "ipv4-addr--5bb4a4ca-fe88-4bac-b21e-4a3ee387cbd9" ,
"protocols" : [
"tcp"
]
} ,
{
"type" : "ipv4-addr" ,
"spec_version" : "2.1" ,
"id" : "ipv4-addr--5bb4a4ca-fe88-4bac-b21e-4a3ee387cbd9" ,
"value" : "208.109.232.108"
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--5bb4a4cb-d184-49ea-a5c8-42fae387cbd9" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-10-03T11:15:23.000Z" ,
"modified" : "2018-10-03T11:15:23.000Z" ,
"first_observed" : "2018-10-03T11:15:23Z" ,
"last_observed" : "2018-10-03T11:15:23Z" ,
"number_observed" : 1 ,
"object_refs" : [
"network-traffic--5bb4a4cb-d184-49ea-a5c8-42fae387cbd9" ,
"ipv4-addr--5bb4a4cb-d184-49ea-a5c8-42fae387cbd9"
] ,
"labels" : [
"misp:type=\"ip-src\"" ,
"misp:category=\"Network activity\""
]
} ,
{
"type" : "network-traffic" ,
"spec_version" : "2.1" ,
"id" : "network-traffic--5bb4a4cb-d184-49ea-a5c8-42fae387cbd9" ,
"src_ref" : "ipv4-addr--5bb4a4cb-d184-49ea-a5c8-42fae387cbd9" ,
"protocols" : [
"tcp"
]
} ,
{
"type" : "ipv4-addr" ,
"spec_version" : "2.1" ,
"id" : "ipv4-addr--5bb4a4cb-d184-49ea-a5c8-42fae387cbd9" ,
"value" : "184.168.221.61"
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--5bb4a4cb-ceb0-47d2-a406-4886e387cbd9" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-10-03T11:15:23.000Z" ,
"modified" : "2018-10-03T11:15:23.000Z" ,
"first_observed" : "2018-10-03T11:15:23Z" ,
"last_observed" : "2018-10-03T11:15:23Z" ,
"number_observed" : 1 ,
"object_refs" : [
"network-traffic--5bb4a4cb-ceb0-47d2-a406-4886e387cbd9" ,
"ipv4-addr--5bb4a4cb-ceb0-47d2-a406-4886e387cbd9"
] ,
"labels" : [
"misp:type=\"ip-src\"" ,
"misp:category=\"Network activity\""
]
} ,
{
"type" : "network-traffic" ,
"spec_version" : "2.1" ,
"id" : "network-traffic--5bb4a4cb-ceb0-47d2-a406-4886e387cbd9" ,
"src_ref" : "ipv4-addr--5bb4a4cb-ceb0-47d2-a406-4886e387cbd9" ,
"protocols" : [
"tcp"
]
} ,
{
"type" : "ipv4-addr" ,
"spec_version" : "2.1" ,
"id" : "ipv4-addr--5bb4a4cb-ceb0-47d2-a406-4886e387cbd9" ,
"value" : "50.63.202.56"
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--5bb4a4cc-c0d0-453d-ab9e-4ccde387cbd9" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-10-03T11:15:24.000Z" ,
"modified" : "2018-10-03T11:15:24.000Z" ,
"first_observed" : "2018-10-03T11:15:24Z" ,
"last_observed" : "2018-10-03T11:15:24Z" ,
"number_observed" : 1 ,
"object_refs" : [
"network-traffic--5bb4a4cc-c0d0-453d-ab9e-4ccde387cbd9" ,
"ipv4-addr--5bb4a4cc-c0d0-453d-ab9e-4ccde387cbd9"
] ,
"labels" : [
"misp:type=\"ip-src\"" ,
"misp:category=\"Network activity\""
]
} ,
{
"type" : "network-traffic" ,
"spec_version" : "2.1" ,
"id" : "network-traffic--5bb4a4cc-c0d0-453d-ab9e-4ccde387cbd9" ,
"src_ref" : "ipv4-addr--5bb4a4cc-c0d0-453d-ab9e-4ccde387cbd9" ,
"protocols" : [
"tcp"
]
} ,
{
"type" : "ipv4-addr" ,
"spec_version" : "2.1" ,
"id" : "ipv4-addr--5bb4a4cc-c0d0-453d-ab9e-4ccde387cbd9" ,
"value" : "184.168.221.23"
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--5bb4a4cd-13f8-45ed-81a5-4fcee387cbd9" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-10-03T11:15:25.000Z" ,
"modified" : "2018-10-03T11:15:25.000Z" ,
"first_observed" : "2018-10-03T11:15:25Z" ,
"last_observed" : "2018-10-03T11:15:25Z" ,
"number_observed" : 1 ,
"object_refs" : [
"network-traffic--5bb4a4cd-13f8-45ed-81a5-4fcee387cbd9" ,
"ipv4-addr--5bb4a4cd-13f8-45ed-81a5-4fcee387cbd9"
] ,
"labels" : [
"misp:type=\"ip-src\"" ,
"misp:category=\"Network activity\""
]
} ,
{
"type" : "network-traffic" ,
"spec_version" : "2.1" ,
"id" : "network-traffic--5bb4a4cd-13f8-45ed-81a5-4fcee387cbd9" ,
"src_ref" : "ipv4-addr--5bb4a4cd-13f8-45ed-81a5-4fcee387cbd9" ,
"protocols" : [
"tcp"
]
} ,
{
"type" : "ipv4-addr" ,
"spec_version" : "2.1" ,
"id" : "ipv4-addr--5bb4a4cd-13f8-45ed-81a5-4fcee387cbd9" ,
"value" : "144.217.82.94"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b6d8b20-12a8-4910-aeae-57f5950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-10T12:54:56.000Z" ,
"modified" : "2018-08-10T12:54:56.000Z" ,
"description" : "Android" ,
"pattern" : "[file:hashes.MD5 = '0bc28ac5f2cadd524e7f443e06ad2a2b' AND file:x_misp_state = 'Malicious']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-08-10T12:54:56Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b6d8bac-aa38-4fd7-b277-7d0f950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-10T12:57:16.000Z" ,
"modified" : "2018-08-10T12:57:16.000Z" ,
"description" : "Android" ,
"pattern" : "[file:hashes.MD5 = '39fca709b416d8da592de3a3f714dce8' AND file:x_misp_state = 'Malicious']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-08-10T12:57:16Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b6d8c99-441c-4305-9431-4a6f950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-10T13:01:13.000Z" ,
"modified" : "2018-08-10T13:01:13.000Z" ,
"description" : "Android payload" ,
"pattern" : "[file:hashes.MD5 = '6964866106c0a353a7b91b580933c5d6' AND file:name = 'update_reb.zip' AND file:x_misp_state = 'Malicious']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-08-10T13:01:13Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--5b6d908d-7b7c-48a2-9f5d-cc41950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-23T11:32:29.000Z" ,
"modified" : "2018-08-23T11:32:29.000Z" ,
"first_observed" : "2018-08-23T11:32:29Z" ,
"last_observed" : "2018-08-23T11:32:29Z" ,
"number_observed" : 1 ,
"object_refs" : [
"file--5b6d908d-7b7c-48a2-9f5d-cc41950d210f" ,
"directory--5b7e9b4a-76d0-4f5e-9f37-fc04950d210f"
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"False\""
]
} ,
{
"type" : "file" ,
"spec_version" : "2.1" ,
"id" : "file--5b6d908d-7b7c-48a2-9f5d-cc41950d210f" ,
"name" : "system.exe" ,
"parent_directory_ref" : "directory--5b7e9b4a-76d0-4f5e-9f37-fc04950d210f" ,
"x_misp_state" : "Malicious"
} ,
{
"type" : "directory" ,
"spec_version" : "2.1" ,
"id" : "directory--5b7e9b4a-76d0-4f5e-9f37-fc04950d210f" ,
"path" : "%APPDATA%/myupd/aud/"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b6d923b-1720-4be7-a432-cc41950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-10T13:25:15.000Z" ,
"modified" : "2018-08-10T13:25:15.000Z" ,
"description" : "Android" ,
"pattern" : "[file:hashes.MD5 = '70a937b2504b3ad6c623581424c7e53d' AND file:x_misp_state = 'Malicious']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-08-10T13:25:15Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b6d92d3-3150-429c-8aaa-b711950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-10T13:27:47.000Z" ,
"modified" : "2018-08-10T13:27:47.000Z" ,
"description" : "Android" ,
"pattern" : "[file:hashes.MD5 = 'c091489a82263899d02b363b289a37f6' AND file:x_misp_state = 'Malicious']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-08-10T13:27:47Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b6d9322-cf1c-4259-bed4-a179950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-10T13:29:06.000Z" ,
"modified" : "2018-08-10T13:29:06.000Z" ,
"pattern" : "[file:hashes.MD5 = 'e12b9af5df1c638ef5a099961ffbe344' AND file:x_misp_state = 'Malicious']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-08-10T13:29:06Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b6d9345-e134-4ff7-ae7d-cd92950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-10T13:29:41.000Z" ,
"modified" : "2018-08-10T13:29:41.000Z" ,
"pattern" : "[file:hashes.MD5 = '708445b8d358c254e861effffd4f819b' AND file:x_misp_state = 'Malicious']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-08-10T13:29:41Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b6d93f0-8528-4aa3-b1ea-4666950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-10T13:32:32.000Z" ,
"modified" : "2018-08-10T13:32:32.000Z" ,
"description" : "Android" ,
"pattern" : "[file:hashes.MD5 = '3f0e8a3ad9fab04377b8e9a57a26f972' AND file:x_misp_state = 'Malicious']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-08-10T13:32:32Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b6d942f-1c14-47ff-92c6-cc71950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-10T13:33:35.000Z" ,
"modified" : "2018-08-10T13:33:35.000Z" ,
"description" : "Android" ,
"pattern" : "[file:hashes.MD5 = 'd574d0049f797611589803643a8aa3c3' AND file:x_misp_state = 'Malicious']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-08-10T13:33:35Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b6d9459-7168-46b5-b31c-cc71950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-10T13:34:17.000Z" ,
"modified" : "2018-08-10T13:34:17.000Z" ,
"description" : "Android" ,
"pattern" : "[file:hashes.MD5 = '6414f4bfbdd08d70c40b107e86276dbb' AND file:x_misp_state = 'Malicious']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-08-10T13:34:17Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b6d9480-6300-4946-a56c-cc54950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-10T13:34:56.000Z" ,
"modified" : "2018-08-10T13:34:56.000Z" ,
"description" : "Android" ,
"pattern" : "[file:hashes.MD5 = '90f26adb324a8b36d2cafdd755aa1e61' AND file:x_misp_state = 'Malicious']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-08-10T13:34:56Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b6d94ae-15c4-4c52-a4b0-a1de950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-10T13:35:42.000Z" ,
"modified" : "2018-08-10T13:35:42.000Z" ,
"description" : "Android" ,
"pattern" : "[file:hashes.MD5 = 'a2a8e8ac6f5fa5801395252e11afb356' AND file:x_misp_state = 'Malicious']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-08-10T13:35:42Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b6d94fd-4258-4009-9aaf-cc71950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-10T13:37:01.000Z" ,
"modified" : "2018-08-10T13:37:01.000Z" ,
"description" : "Android" ,
"pattern" : "[file:hashes.MD5 = 'ce241b48377ca216d8f2017991c1cef0' AND file:x_misp_state = 'Malicious']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-08-10T13:37:01Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b6d952c-48a4-4f24-8b5f-7cfd950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-10T13:37:48.000Z" ,
"modified" : "2018-08-10T13:37:48.000Z" ,
"description" : "Android" ,
"pattern" : "[file:hashes.MD5 = '0be2b5394dafb76efc54bd6113ac8689' AND file:x_misp_state = 'Malicious']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-08-10T13:37:48Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b6d956a-4d40-426d-baaa-a197950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-10T13:38:50.000Z" ,
"modified" : "2018-08-10T13:38:50.000Z" ,
"description" : "Android" ,
"pattern" : "[file:hashes.MD5 = 'd99a3c4348c88cdfa59e90d1b3b94fc3' AND file:x_misp_state = 'Malicious']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-08-10T13:38:50Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b6d9595-20e0-4fe6-add9-cc54950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-10T13:39:33.000Z" ,
"modified" : "2018-08-10T13:39:33.000Z" ,
"description" : "Android" ,
"pattern" : "[file:hashes.MD5 = 'a287a434a0d40833d3ebf5808950b858' AND file:x_misp_state = 'Malicious']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-08-10T13:39:33Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b6d9b83-f57c-49d1-8d6e-cc8c950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-10T14:08:42.000Z" ,
"modified" : "2018-08-10T14:08:42.000Z" ,
"description" : "Android" ,
"pattern" : "[file:hashes.MD5 = '7e6cb66a3623258444639d1fc2fd533f' AND file:name = 'update_set.zip' AND file:x_misp_state = 'Malicious']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-08-10T14:08:42Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b6d9c4f-7290-45f0-ac9e-cbf1950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-10T14:08:15.000Z" ,
"modified" : "2018-08-10T14:08:15.000Z" ,
"description" : "Android" ,
"pattern" : "[file:hashes.MD5 = 'd9c7349e807e0f12eaa67b2de522954f' AND file:name = 'update_set.zip' AND file:x_misp_state = 'Malicious']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-08-10T14:08:15Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b6d9d0f-9fbc-47c4-b8ef-fc06950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-10T14:11:27.000Z" ,
"modified" : "2018-08-10T14:11:27.000Z" ,
"description" : "Android" ,
"pattern" : "[file:hashes.MD5 = '2c21f61a8df19d07fd0f42b631151517' AND file:name = 'update_dev.zip' AND file:x_misp_state = 'Malicious']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-08-10T14:11:27Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b6d9d6d-1848-48ca-8d1c-cd99950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-10T14:13:01.000Z" ,
"modified" : "2018-08-10T14:13:01.000Z" ,
"description" : "Android" ,
"pattern" : "[file:hashes.MD5 = '4f76bdfc40529984bf8e8a05d665cef8' AND file:name = 'parser.apk' AND file:x_misp_state = 'Malicious']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-08-10T14:13:01Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b6d9e03-619c-4049-9557-7cfd950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-10T14:15:31.000Z" ,
"modified" : "2018-08-10T14:15:31.000Z" ,
"description" : "Android" ,
"pattern" : "[file:hashes.MD5 = 'e2d6f1263000086e3146d5b5a3b78038' AND file:name = 'startup.arm64-v8a.zip' AND file:name = 'startup.armeabi.zip' AND file:name = 'startup.armeabi-v7a.zip' AND file:x_misp_state = 'Malicious']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-08-10T14:15:31Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b6d9e59-14a8-4925-a9c1-cc8c950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-23T11:19:46.000Z" ,
"modified" : "2018-08-23T11:19:46.000Z" ,
"description" : "Windows" ,
"pattern" : "[file:hashes.MD5 = '55fb01048b6287eadcbd9a0f86d21adf' AND file:name = 'msconf.exe' AND file:x_misp_state = 'Malicious']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-08-23T11:19:46Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b6d9e85-048c-4c1a-ace7-fc06950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-10T14:17:41.000Z" ,
"modified" : "2018-08-10T14:17:41.000Z" ,
"description" : "Windows" ,
"pattern" : "[file:hashes.MD5 = 'f673bb1d519138ced7659484c0b66c5b' AND file:x_misp_state = 'Malicious']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-08-10T14:17:41Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b6d9eae-1e14-48eb-95ae-e737950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-10T14:18:22.000Z" ,
"modified" : "2018-08-10T14:18:22.000Z" ,
"description" : "Windows" ,
"pattern" : "[file:hashes.MD5 = 'd3baa45ed342fbc5a56d974d36d5f73f' AND file:x_misp_state = 'Malicious']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-08-10T14:18:22Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b6d9ed4-4744-46d8-bf6b-cd92950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-10T14:19:00.000Z" ,
"modified" : "2018-08-10T14:19:00.000Z" ,
"description" : "Windows" ,
"pattern" : "[file:hashes.MD5 = '395f9f87df728134b5e3c1ca4d48e9fa' AND file:x_misp_state = 'Malicious']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-08-10T14:19:00Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b6d9ef9-33e0-49f8-afc4-a1dd950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-10T14:19:37.000Z" ,
"modified" : "2018-08-10T14:19:37.000Z" ,
"description" : "Windows" ,
"pattern" : "[file:hashes.MD5 = '16311b16fd48c1c87c6476a455093e7a' AND file:x_misp_state = 'Malicious']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-08-10T14:19:37Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b6d9f15-302c-4528-b5b7-e737950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-10T14:20:05.000Z" ,
"modified" : "2018-08-10T14:20:05.000Z" ,
"description" : "Windows" ,
"pattern" : "[file:hashes.MD5 = '6bcc3559d7405f25ea403317353d905f' AND file:x_misp_state = 'Malicious']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-08-10T14:20:05Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--5b6da0bc-5908-45f0-a3cb-7d2f950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-23T11:33:47.000Z" ,
"modified" : "2018-08-23T11:33:47.000Z" ,
"first_observed" : "2018-08-23T11:33:47Z" ,
"last_observed" : "2018-08-23T11:33:47Z" ,
"number_observed" : 1 ,
"object_refs" : [
"file--5b6da0bc-5908-45f0-a3cb-7d2f950d210f" ,
"directory--5b7e9b99-3d00-433e-b666-441e950d210f"
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"False\""
]
} ,
{
"type" : "file" ,
"spec_version" : "2.1" ,
"id" : "file--5b6da0bc-5908-45f0-a3cb-7d2f950d210f" ,
"name" : "update.exe" ,
"parent_directory_ref" : "directory--5b7e9b99-3d00-433e-b666-441e950d210f" ,
"x_misp_state" : "Malicious"
} ,
{
"type" : "directory" ,
"spec_version" : "2.1" ,
"id" : "directory--5b7e9b99-3d00-433e-b666-441e950d210f" ,
"path" : "%APPDATA%/myupd/txt/"
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--5b6da202-2654-49e0-93dd-a1dd950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-10T14:34:20.000Z" ,
"modified" : "2018-08-10T14:34:20.000Z" ,
"first_observed" : "2018-08-10T14:34:20Z" ,
"last_observed" : "2018-08-10T14:34:20Z" ,
"number_observed" : 1 ,
"object_refs" : [
"file--5b6da202-2654-49e0-93dd-a1dd950d210f"
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"False\""
]
} ,
{
"type" : "file" ,
"spec_version" : "2.1" ,
"id" : "file--5b6da202-2654-49e0-93dd-a1dd950d210f" ,
"name" : "network.exe" ,
"x_misp_state" : "Malicious"
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--5b6da2a2-b7e0-4bec-ac25-7d2f950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-23T11:34:50.000Z" ,
"modified" : "2018-08-23T11:34:50.000Z" ,
"first_observed" : "2018-08-23T11:34:50Z" ,
"last_observed" : "2018-08-23T11:34:50Z" ,
"number_observed" : 1 ,
"object_refs" : [
"file--5b6da2a2-b7e0-4bec-ac25-7d2f950d210f" ,
"directory--5b7e9bd8-8ef0-40c5-b985-4835950d210f"
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"False\""
]
} ,
{
"type" : "file" ,
"spec_version" : "2.1" ,
"id" : "file--5b6da2a2-b7e0-4bec-ac25-7d2f950d210f" ,
"name" : "wow.exe" ,
"parent_directory_ref" : "directory--5b7e9bd8-8ef0-40c5-b985-4835950d210f" ,
"x_misp_state" : "Malicious"
} ,
{
"type" : "directory" ,
"spec_version" : "2.1" ,
"id" : "directory--5b7e9bd8-8ef0-40c5-b985-4835950d210f" ,
"path" : "%APPDATA%/myupd/scr/"
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--5b6da326-0c08-44a0-90be-fc18950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-23T11:25:51.000Z" ,
"modified" : "2018-08-23T11:25:51.000Z" ,
"first_observed" : "2018-08-23T11:25:51Z" ,
"last_observed" : "2018-08-23T11:25:51Z" ,
"number_observed" : 1 ,
"object_refs" : [
"file--5b6da326-0c08-44a0-90be-fc18950d210f" ,
"directory--5b7e99bd-a06c-44b8-85de-4dbd950d210f"
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"False\""
]
} ,
{
"type" : "file" ,
"spec_version" : "2.1" ,
"id" : "file--5b6da326-0c08-44a0-90be-fc18950d210f" ,
"name" : "msconf.exe" ,
"parent_directory_ref" : "directory--5b7e99bd-a06c-44b8-85de-4dbd950d210f" ,
"x_misp_state" : "Malicious"
} ,
{
"type" : "directory" ,
"spec_version" : "2.1" ,
"id" : "directory--5b7e99bd-a06c-44b8-85de-4dbd950d210f" ,
"path" : "%APPDATA%/myupd/gen/"
} ,
{
"type" : "vulnerability" ,
"spec_version" : "2.1" ,
"id" : "vulnerability--5b7141f1-ca14-400c-879d-8bd7950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-10-03T11:18:33.000Z" ,
"modified" : "2018-10-03T11:18:33.000Z" ,
"name" : "CVE-2013-2094" ,
"description" : "The perf_swevent_init function in kernel/events/core.c in the Linux kernel before 3.8.9 uses an incorrect integer data type, which allows local users to gain privileges via a crafted perf_event_open system call." ,
"labels" : [
"misp:name=\"vulnerability\"" ,
"misp:meta-category=\"vulnerability\"" ,
"misp:to_ids=\"False\""
] ,
"external_references" : [
{
"source_name" : "cve" ,
"external_id" : "CVE-2013-2094"
} ,
{
"source_name" : "url" ,
"url" : "https://cve.circl.lu/cve/CVE-2013-2094"
} ,
{
"source_name" : "url" ,
"url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=8176cced706b5e5d15887584150764894e94e02f"
} ,
{
"source_name" : "url" ,
"url" : "http://lists.centos.org/pipermail/centos-announce/2013-May/019729.html"
} ,
{
"source_name" : "url" ,
"url" : "http://lists.centos.org/pipermail/centos-announce/2013-May/019733.html"
} ,
{
"source_name" : "url" ,
"url" : "http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00008.html"
} ,
{
"source_name" : "url" ,
"url" : "http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00018.html"
}
] ,
"x_misp_cvss_score" : "7.2" ,
"x_misp_modified" : "2017-01-06T21:59:00" ,
"x_misp_published" : "2013-05-14T16:55:00" ,
"x_misp_state" : "Published" ,
"x_misp_vulnerable_configuration" : "Linux Kernel 3.8.8\r\nLinux Kernel 3.8.4\r\nLinux Kernel 3.8.1\r\nLinux Kernel 3.8.0\r\nLinux Kernel 3.8.2"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b7ea077-cfbc-4059-9ac0-4554950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-08-23T11:58:58.000Z" ,
"modified" : "2018-08-23T11:58:58.000Z" ,
"description" : "Main purpose of this module is to exfiltrate Skype call recordings. Written in .Net. " ,
"pattern" : "[file:hashes.MD5 = '6bcc3559d7405f25ea403317353d905f' AND file:name = 'skype_sync2.exe' AND file:parent_directory_ref.path = '\\\\%APPDATA\\\\%/myupd/skype/' AND file:x_misp_state = 'Malicious']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-08-23T11:58:58Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "vulnerability" ,
"spec_version" : "2.1" ,
"id" : "vulnerability--5b8d2e5e-fd90-47bd-941d-4e98950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-09-03T12:51:42.000Z" ,
"modified" : "2018-09-03T12:51:42.000Z" ,
"name" : "CVE-2013-2595" ,
"description" : "The device-initialization functionality in the MSM camera driver for the Linux kernel 2.6.x and 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, enables MSM_CAM_IOCTL_SET_MEM_MAP_INFO ioctl calls for an unrestricted mmap interface, which allows attackers to gain privileges via a crafted application." ,
"labels" : [
"misp:name=\"vulnerability\"" ,
"misp:meta-category=\"vulnerability\"" ,
"misp:to_ids=\"False\""
] ,
"external_references" : [
{
"source_name" : "cve" ,
"external_id" : "CVE-2013-2595"
} ,
{
"source_name" : "url" ,
"url" : "https://www.codeaurora.org/projects/security-advisories/uncontrolled-memory-mapping-camera-driver-cve-2013-2595"
} ,
{
"source_name" : "url" ,
"url" : "http://cve.circl.lu/cve/CVE-2013-2595"
}
] ,
"x_misp_cvss_score" : "7.2" ,
"x_misp_cvss_string" : "7.2 (as of 02-09-2014 - 14:41)" ,
"x_misp_modified" : "2014-02-09T14:41:00" ,
"x_misp_published" : "2014-08-31T06:55:00" ,
"x_misp_state" : "Published"
} ,
{
"type" : "vulnerability" ,
"spec_version" : "2.1" ,
"id" : "vulnerability--5b8d306d-ed34-4a9c-9350-49ca950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-09-03T13:00:29.000Z" ,
"modified" : "2018-09-03T13:00:29.000Z" ,
"name" : "CVE-2013-6282" ,
"description" : "Linux Kernel < 3.4.5 - Local Root Exploit (ARM - Android 4.2.2 / 4.4) Local exploit for arm platform" ,
"labels" : [
"misp:name=\"vulnerability\"" ,
"misp:meta-category=\"vulnerability\"" ,
"misp:to_ids=\"False\""
] ,
"external_references" : [
{
"source_name" : "cve" ,
"external_id" : "CVE-2013-6282"
} ,
{
"source_name" : "url" ,
"url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=8404663f81d212918ff85f493649a7991209fa04"
} ,
{
"source_name" : "url" ,
"url" : "http://www.codeaurora.org/projects/security-advisories/missing-access-checks-putusergetuser-kernel-api-cve-2013-6282"
} ,
{
"source_name" : "url" ,
"url" : "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.5.5"
} ,
{
"source_name" : "url" ,
"url" : "http://www.openwall.com/lists/oss-security/2013/11/14/11"
} ,
{
"source_name" : "url" ,
"url" : "http://www.securityfocus.com/bid/63734"
} ,
{
"source_name" : "url" ,
"url" : "http://www.ubuntu.com/usn/USN-2067-1"
} ,
{
"source_name" : "url" ,
"url" : "https://github.com/torvalds/linux/commit/8404663f81d212918ff85f493649a7991209fa04"
} ,
{
"source_name" : "url" ,
"url" : "https://www.exploit-db.com/exploits/40975/"
} ,
{
"source_name" : "url" ,
"url" : "http://cve.circl.lu/cve/CVE-2013-6282"
}
] ,
"x_misp_cvss_score" : "7.2" ,
"x_misp_cvss_string" : "7.2 (as of 20-11-2013 - 10:35)" ,
"x_misp_modified" : "2017-02-09T21:29:00" ,
"x_misp_published" : "2013-11-20T08:19:00" ,
"x_misp_state" : "Published" ,
"x_misp_summary" : "The (1) get_user and (2) put_user API functions in the Linux kernel before 3.5.5 on the v6k and v7 ARM platforms do not validate certain addresses, which allows attackers to read or modify the contents of arbitrary kernel memory locations via a crafted application, as exploited in the wild against Android devices in October and November 2013."
} ,
{
"type" : "vulnerability" ,
"spec_version" : "2.1" ,
"id" : "vulnerability--5b8d34d9-a7ac-407e-8faf-4357950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-09-03T13:23:41.000Z" ,
"modified" : "2018-09-03T13:23:41.000Z" ,
"name" : "CVE-2014-3153" ,
"description" : "The futex_requeue function in kernel/futex.c in the Linux kernel through 3.14.5 does not ensure that calls have two different futex addresses, which allows local users to gain privileges via a crafted FUTEX_REQUEUE command that facilitates unsafe waiter modification." ,
"labels" : [
"misp:name=\"vulnerability\"" ,
"misp:meta-category=\"vulnerability\"" ,
"misp:to_ids=\"False\""
] ,
"external_references" : [
{
"source_name" : "cve" ,
"external_id" : "CVE-2014-3153"
} ,
{
"source_name" : "url" ,
"url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=e9c243a5a6de0be8e584c604d353412584b592f8"
} ,
{
"source_name" : "url" ,
"url" : "http://linux.oracle.com/errata/ELSA-2014-0771.html"
} ,
{
"source_name" : "url" ,
"url" : "http://linux.oracle.com/errata/ELSA-2014-3037.html"
} ,
{
"source_name" : "url" ,
"url" : "http://linux.oracle.com/errata/ELSA-2014-3038.html"
} ,
{
"source_name" : "url" ,
"url" : "http://linux.oracle.com/errata/ELSA-2014-3039.html"
} ,
{
"source_name" : "url" ,
"url" : "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00014.html"
} ,
{
"source_name" : "url" ,
"url" : "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00018.html"
} ,
{
"source_name" : "url" ,
"url" : "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00025.html"
} ,
{
"source_name" : "url" ,
"url" : "http://lists.opensuse.org/opensuse-security-announce/2014-07/msg00006.html"
} ,
{
"source_name" : "url" ,
"url" : "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00006.html"
} ,
{
"source_name" : "url" ,
"url" : "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00007.html"
} ,
{
"source_name" : "url" ,
"url" : "http://openwall.com/lists/oss-security/2014/06/05/24"
} ,
{
"source_name" : "url" ,
"url" : "http://openwall.com/lists/oss-security/2014/06/06/20"
} ,
{
"source_name" : "url" ,
"url" : "http://rhn.redhat.com/errata/RHSA-2014-0800.html"
} ,
{
"source_name" : "url" ,
"url" : "http://www.debian.org/security/2014/dsa-2949"
} ,
{
"source_name" : "url" ,
"url" : "http://www.exploit-db.com/exploits/35370"
} ,
{
"source_name" : "url" ,
"url" : "http://www.openwall.com/lists/oss-security/2014/06/05/22"
} ,
{
"source_name" : "url" ,
"url" : "http://www.securityfocus.com/bid/67906"
} ,
{
"source_name" : "url" ,
"url" : "http://www.securitytracker.com/id/1030451"
} ,
{
"source_name" : "url" ,
"url" : "http://www.ubuntu.com/usn/USN-2237-1"
} ,
{
"source_name" : "url" ,
"url" : "http://www.ubuntu.com/usn/USN-2240-1"
} ,
{
"source_name" : "url" ,
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1103626"
} ,
{
"source_name" : "url" ,
"url" : "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=13fbca4c6ecd96ec1a1cfa2e4f2ce191fe928a5e"
} ,
{
"source_name" : "url" ,
"url" : "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=54a217887a7b658e2650c3feff22756ab80c7339"
} ,
{
"source_name" : "url" ,
"url" : "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b3eaa9fc5cd0a4d74b18f6b8dc617aeaf1873270"
} ,
{
"source_name" : "url" ,
"url" : "https://github.com/torvalds/linux/commit/e9c243a5a6de0be8e584c604d353412584b592f8"
} ,
{
"source_name" : "url" ,
"url" : "http://cve.circl.lu/cve/CVE-2014-3153"
}
] ,
"x_misp_cvss_score" : "7.2" ,
"x_misp_modified" : "2017-12-28T21:29:00" ,
"x_misp_published" : "2014-07-06T10:55:00" ,
"x_misp_state" : "Published" ,
"x_misp_vulnerable_configuration" : [
"Linux Kernel 3.14" ,
"Linux Kernel 3.14 release candidate 1 cpe:2.3:o:linux:linux_kernel:3.14:rc1" ,
"Linux Kernel 3.14 release candidate 2 cpe:2.3:o:linux:linux_kernel:3.14:rc2" ,
"Linux Kernel 3.14 release candidate 3 cpe:2.3:o:linux:linux_kernel:3.14:rc3" ,
"Linux Kernel 3.14 release candidate 4 cpe:2.3:o:linux:linux_kernel:3.14:rc4" ,
"Linux Kernel 3.14 release candidate 5 cpe:2.3:o:linux:linux_kernel:3.14:rc5" ,
"Linux Kernel 3.14 release candidate 6 cpe:2.3:o:linux:linux_kernel:3.14:rc6" ,
"Linux Kernel 3.14 release candidate 7 cpe:2.3:o:linux:linux_kernel:3.14:rc7" ,
"Linux Kernel 3.14 release candidate 8 cpe:2.3:o:linux:linux_kernel:3.14:rc8" ,
"Linux Kernel 3.14.1 cpe:2.3:o:linux:linux_kernel:3.14.1" ,
"Linux Kernel 3.14.2 cpe:2.3:o:linux:linux_kernel:3.14.2" ,
"Linux Kernel 3.14.3 cpe:2.3:o:linux:linux_kernel:3.14.3" ,
"Linux Kernel 3.14.4 cpe:2.3:o:linux:linux_kernel:3.14.4" ,
"Linux Kernel 3.14.5 cpe:2.3:o:linux:linux_kernel:3.14.5" ,
"RedHat Enterprise MRG 2.0 cpe:2.3:a:redhat:enterprise_mrg:2.0" ,
"Red Hat Enterprise Linux 6 cpe:2.3:o:redhat:enterprise_linux:6"
]
} ,
{
"type" : "vulnerability" ,
"spec_version" : "2.1" ,
"id" : "vulnerability--5b8d38fc-abb0-4860-8182-73ee950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-09-03T13:37:00.000Z" ,
"modified" : "2018-09-03T13:37:00.000Z" ,
"name" : "CVE-2015-3636" ,
"description" : "The ping_unhash function in net/ipv4/ping.c in the Linux kernel before 4.0.3 does not initialize a certain list data structure during an unhash operation, which allows local users to gain privileges or cause a denial of service (use-after-free and system crash) by leveraging the ability to make a SOCK_DGRAM socket system call for the IPPROTO_ICMP or IPPROTO_ICMPV6 protocol, and then making a connect system call after a disconnect." ,
"labels" : [
"misp:name=\"vulnerability\"" ,
"misp:meta-category=\"vulnerability\"" ,
"misp:to_ids=\"False\""
] ,
"external_references" : [
{
"source_name" : "cve" ,
"external_id" : "CVE-2015-3636"
} ,
{
"source_name" : "url" ,
"url" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=a134f083e79fb4c3d0a925691e732c56911b4326"
} ,
{
"source_name" : "url" ,
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157788.html"
} ,
{
"source_name" : "url" ,
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157897.html"
} ,
{
"source_name" : "url" ,
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/158804.html"
} ,
{
"source_name" : "url" ,
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00023.html"
} ,
{
"source_name" : "url" ,
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00011.html"
} ,
{
"source_name" : "url" ,
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00004.html"
} ,
{
"source_name" : "url" ,
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00007.html"
} ,
{
"source_name" : "url" ,
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00009.html"
} ,
{
"source_name" : "url" ,
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00008.html"
} ,
{
"source_name" : "url" ,
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00011.html"
} ,
{
"source_name" : "url" ,
"url" : "http://rhn.redhat.com/errata/RHSA-2015-1221.html"
} ,
{
"source_name" : "url" ,
"url" : "http://rhn.redhat.com/errata/RHSA-2015-1534.html"
} ,
{
"source_name" : "url" ,
"url" : "http://rhn.redhat.com/errata/RHSA-2015-1564.html"
} ,
{
"source_name" : "url" ,
"url" : "http://rhn.redhat.com/errata/RHSA-2015-1583.html"
} ,
{
"source_name" : "url" ,
"url" : "http://rhn.redhat.com/errata/RHSA-2015-1643.html"
} ,
{
"source_name" : "url" ,
"url" : "http://www.debian.org/security/2015/dsa-3290"
} ,
{
"source_name" : "url" ,
"url" : "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.0.3"
} ,
{
"source_name" : "url" ,
"url" : "http://www.openwall.com/lists/oss-security/2015/05/02/5"
} ,
{
"source_name" : "url" ,
"url" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"
} ,
{
"source_name" : "url" ,
"url" : "http://www.securityfocus.com/bid/74450"
} ,
{
"source_name" : "url" ,
"url" : "http://www.securitytracker.com/id/1033186"
} ,
{
"source_name" : "url" ,
"url" : "http://www.ubuntu.com/usn/USN-2631-1"
} ,
{
"source_name" : "url" ,
"url" : "http://www.ubuntu.com/usn/USN-2632-1"
} ,
{
"source_name" : "url" ,
"url" : "http://www.ubuntu.com/usn/USN-2633-1"
} ,
{
"source_name" : "url" ,
"url" : "http://www.ubuntu.com/usn/USN-2634-1"
} ,
{
"source_name" : "url" ,
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1218074"
} ,
{
"source_name" : "url" ,
"url" : "https://github.com/torvalds/linux/commit/a134f083e79fb4c3d0a925691e732c56911b4326"
} ,
{
"source_name" : "url" ,
"url" : "http://cve.circl.lu/cve/CVE-2015-3636"
}
] ,
"x_misp_cvss_score" : "4.9" ,
"x_misp_cvss_string" : "4.9 (as of 21-06-2016 - 15:09)" ,
"x_misp_modified" : "2018-04-01T21:30:00" ,
"x_misp_published" : "2015-05-08T21:59:00" ,
"x_misp_state" : "Published" ,
"x_misp_vulnerable_configuration" : [
"Linux Kernel 4.0.2 cpe:2.3:o:linux:linux_kernel:4.0.2" ,
"Debian Linux 7.0 cpe:2.3:o:debian:debian_linux:7.0" ,
"Red Hat Enterprise Linux 6 cpe:2.3:o:redhat:enterprise_linux:6" ,
"Canonical Ubuntu Linux 12.04 LTS cpe:2.3:o:canonical:ubuntu_linux:12.04:-:-:-:lts"
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--ef468365-addd-40d5-a24d-543722f12e93" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-09-04T07:15:47.000Z" ,
"modified" : "2018-09-04T07:15:47.000Z" ,
"pattern" : "[file:hashes.MD5 = '16311b16fd48c1c87c6476a455093e7a' AND file:hashes.SHA1 = 'b467ff02b2a3ed5c902a8e76316527ae79dd80fe' AND file:hashes.SHA256 = '5f567844bd0da47426d14426d8acbfefad6426c1139648969e3b0dd5352d3ed5']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-09-04T07:15:47Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--68dc24db-7625-4d35-b6d3-c6fb1283bf18" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-09-04T07:15:46.000Z" ,
"modified" : "2018-09-04T07:15:46.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2018-08-10T04:22:44" ,
"category" : "Other" ,
"uuid" : "2866c689-6723-4b41-90d7-9ca6b8550254"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/5f567844bd0da47426d14426d8acbfefad6426c1139648969e3b0dd5352d3ed5/analysis/1533874964/" ,
"category" : "External analysis" ,
"uuid" : "5fed8734-d371-4581-88cd-f6fd4e8d47a4"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "40/67" ,
"category" : "Other" ,
"uuid" : "e92dcd5e-0717-4da4-97fc-f503e9efb0a6"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--6ccf462a-1c20-452a-be71-cfe9936ed3ba" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-09-04T07:15:50.000Z" ,
"modified" : "2018-09-04T07:15:50.000Z" ,
"pattern" : "[file:hashes.MD5 = '6964866106c0a353a7b91b580933c5d6' AND file:hashes.SHA1 = 'dbfcd7c45371a6bcbfe1e570b9fa4f0480c24796' AND file:hashes.SHA256 = '943e1c57294a3163fb77235122143c05919baad0b93cc74c52210b90c9d0d0c9']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-09-04T07:15:50Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--d2f2004d-2309-4a22-99cd-031a09bde2f1" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-09-04T07:15:48.000Z" ,
"modified" : "2018-09-04T07:15:48.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2018-07-18T23:58:40" ,
"category" : "Other" ,
"uuid" : "f5e87f4e-d258-4a0e-ad5c-45867585d02b"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/943e1c57294a3163fb77235122143c05919baad0b93cc74c52210b90c9d0d0c9/analysis/1531958320/" ,
"category" : "External analysis" ,
"uuid" : "a82685eb-fbba-4863-b744-6b35093d87d4"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "15/61" ,
"category" : "Other" ,
"uuid" : "457681d3-47a8-4c88-b363-e89ce44576bd"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--7d3abf61-6c8e-47c1-93eb-d9f5103a9d5e" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-09-04T07:15:53.000Z" ,
"modified" : "2018-09-04T07:15:53.000Z" ,
"pattern" : "[file:hashes.MD5 = 'f673bb1d519138ced7659484c0b66c5b' AND file:hashes.SHA1 = 'deec3985f31f5372ce314e581154450bb51037a3' AND file:hashes.SHA256 = '012966cc1b714531790dd3f5f6cc040b2232fea98b0dbe56a24b13ae72160be5']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-09-04T07:15:53Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--b822f813-8192-409c-8ccc-27c368ce781a" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-09-04T07:15:52.000Z" ,
"modified" : "2018-09-04T07:15:52.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2018-08-10T04:25:00" ,
"category" : "Other" ,
"uuid" : "faf32260-f5de-46e2-a4e6-3f38108b822f"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/012966cc1b714531790dd3f5f6cc040b2232fea98b0dbe56a24b13ae72160be5/analysis/1533875100/" ,
"category" : "External analysis" ,
"uuid" : "af58aa64-2487-4d3c-9c28-b4e889a1bd73"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "39/68" ,
"category" : "Other" ,
"uuid" : "68eaf88d-92e3-4bd5-8784-d8ed85864f53"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--cacbd9c4-03d0-435d-ad3c-a31a568e8d8e" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-09-04T07:15:56.000Z" ,
"modified" : "2018-09-04T07:15:56.000Z" ,
"pattern" : "[file:hashes.MD5 = 'd574d0049f797611589803643a8aa3c3' AND file:hashes.SHA1 = '6cd604721a280103938173420ff6164896ac51c9' AND file:hashes.SHA256 = 'f241af9ba7501e28974729c229b445ee709a7ef438448b6e9f88ff7ff7228cb2']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-09-04T07:15:56Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--60d09241-1457-4f27-8c62-a010c19eeb21" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-09-04T07:15:55.000Z" ,
"modified" : "2018-09-04T07:15:55.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2018-01-19T10:25:00" ,
"category" : "Other" ,
"uuid" : "c532b896-fa38-417d-b84d-34e261beca8c"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/f241af9ba7501e28974729c229b445ee709a7ef438448b6e9f88ff7ff7228cb2/analysis/1516357500/" ,
"category" : "External analysis" ,
"uuid" : "c387dc9e-3e90-48cd-9864-0b0816f6208c"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "26/60" ,
"category" : "Other" ,
"uuid" : "0217ee93-1f1c-46c9-b098-75007bc65581"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--93f7c2d4-3eda-4a19-aba6-b3bdb34be6c6" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-09-04T07:15:59.000Z" ,
"modified" : "2018-09-04T07:15:59.000Z" ,
"pattern" : "[file:hashes.MD5 = 'a287a434a0d40833d3ebf5808950b858' AND file:hashes.SHA1 = '0068a8e61fe75213738ecf9ad4927cb7a533886b' AND file:hashes.SHA256 = 'bf20c17881ff3c4b0bf121cc56c6e79d2ce8ecb4c08cc719e5835e6c74f339a0']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-09-04T07:15:59Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--fa8c321e-5cde-45bb-a01c-7e2a2a09b969" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-09-04T07:15:57.000Z" ,
"modified" : "2018-09-04T07:15:57.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2018-01-25T04:39:04" ,
"category" : "Other" ,
"uuid" : "6fcb1e6c-ec15-4884-88db-247a51dfc5b0"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/bf20c17881ff3c4b0bf121cc56c6e79d2ce8ecb4c08cc719e5835e6c74f339a0/analysis/1516855144/" ,
"category" : "External analysis" ,
"uuid" : "e0465689-cbe2-4691-bab3-95b3b960ec31"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "27/60" ,
"category" : "Other" ,
"uuid" : "76f4af1a-a82f-42e4-ac27-526c258e1f50"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--6bf27c78-9d3b-4926-9c37-ec97cf90fee5" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-09-04T07:16:01.000Z" ,
"modified" : "2018-09-04T07:16:01.000Z" ,
"pattern" : "[file:hashes.MD5 = 'a2a8e8ac6f5fa5801395252e11afb356' AND file:hashes.SHA1 = '640b42bc0b054458631877c8de46028528e4ac3e' AND file:hashes.SHA256 = '91fa0d2414e029c042eb78d4f53010c3af161edb815e97a021c24f8a03033a07']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-09-04T07:16:01Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--22999236-217f-4117-ae67-135d962de74e" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-09-04T07:16:00.000Z" ,
"modified" : "2018-09-04T07:16:00.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2018-07-04T09:04:20" ,
"category" : "Other" ,
"uuid" : "051f2ef5-b025-4238-9141-06d9400fe8d2"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/91fa0d2414e029c042eb78d4f53010c3af161edb815e97a021c24f8a03033a07/analysis/1530695060/" ,
"category" : "External analysis" ,
"uuid" : "731ed6fb-d0ab-4ebe-abf1-1795a4be554a"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "33/58" ,
"category" : "Other" ,
"uuid" : "be591f16-c971-48ba-bb88-67faee3866c8"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--a4995eaf-38d1-4aed-a189-061d8ad9eb5b" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-09-04T07:16:04.000Z" ,
"modified" : "2018-09-04T07:16:04.000Z" ,
"pattern" : "[file:hashes.MD5 = '3f0e8a3ad9fab04377b8e9a57a26f972' AND file:hashes.SHA1 = '018085fac80c537ec80c292e2b10f48259d4764a' AND file:hashes.SHA256 = '2d087d89364b22d180a7e8e923a6dca5fd6d131dad12db9dd2a2ae5c4b9d9675']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-09-04T07:16:04Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--28a0ab9f-4372-42ba-bea6-9a437f2c55e6" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-09-04T07:16:02.000Z" ,
"modified" : "2018-09-04T07:16:02.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2018-07-27T15:55:19" ,
"category" : "Other" ,
"uuid" : "1345557f-678e-446a-ad9e-ead4683b8e06"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/2d087d89364b22d180a7e8e923a6dca5fd6d131dad12db9dd2a2ae5c4b9d9675/analysis/1532706919/" ,
"category" : "External analysis" ,
"uuid" : "5ce5ac4b-a328-43de-9a26-772f3d643fe7"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "33/62" ,
"category" : "Other" ,
"uuid" : "181a8e99-3d23-4157-ac33-803c5fd7b2c6"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--19019d95-d653-45c4-a76a-e1d0514ea188" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-09-04T07:16:06.000Z" ,
"modified" : "2018-09-04T07:16:06.000Z" ,
"pattern" : "[file:hashes.MD5 = '70a937b2504b3ad6c623581424c7e53d' AND file:hashes.SHA1 = '23912d8a28324ae6c5fe5acd518045a2cf4d339f' AND file:hashes.SHA256 = '9722d16ec5d19edca0c6f53ba7d5ca2df650fd6892ed5c2a7b279b2299487b0a']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-09-04T07:16:06Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--a6f536ba-7227-4404-a445-3859005c2d85" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-09-04T07:16:05.000Z" ,
"modified" : "2018-09-04T07:16:05.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2018-07-02T19:56:42" ,
"category" : "Other" ,
"uuid" : "b857d04b-c991-4d6e-8b5c-66e76a7ee423"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/9722d16ec5d19edca0c6f53ba7d5ca2df650fd6892ed5c2a7b279b2299487b0a/analysis/1530561402/" ,
"category" : "External analysis" ,
"uuid" : "06527aee-c15a-45f2-8952-2a9ed26ae858"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "32/56" ,
"category" : "Other" ,
"uuid" : "bf5444cf-5f02-4ea6-af87-9a085f8fdde0"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--dddd50b2-9d97-476a-864e-021d7986d6fb" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-09-04T07:16:09.000Z" ,
"modified" : "2018-09-04T07:16:09.000Z" ,
"pattern" : "[file:hashes.MD5 = '6bcc3559d7405f25ea403317353d905f' AND file:hashes.SHA1 = '5e7a6a62db26fe16be4e0851d5801397d591bed6' AND file:hashes.SHA256 = 'c74108a74a9afd47eee894921784fd1ea26a80627afd2fe2103b388abafdc2cc']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-09-04T07:16:09Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--497f5b93-ac74-4869-b34e-e18258a06405" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-09-04T07:16:07.000Z" ,
"modified" : "2018-09-04T07:16:07.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2018-08-10T13:16:08" ,
"category" : "Other" ,
"uuid" : "0f6adb2c-3165-41f9-a980-917261bfebe1"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/c74108a74a9afd47eee894921784fd1ea26a80627afd2fe2103b388abafdc2cc/analysis/1533906968/" ,
"category" : "External analysis" ,
"uuid" : "75510a63-1046-43b6-8e41-66d6d4de0375"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "46/68" ,
"category" : "Other" ,
"uuid" : "4456fe6b-aff2-4621-9265-61ed1523a5ff"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--f43d2055-c298-4014-b16c-cb31bb84171b" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-09-04T07:16:11.000Z" ,
"modified" : "2018-09-04T07:16:11.000Z" ,
"pattern" : "[file:hashes.MD5 = '39fca709b416d8da592de3a3f714dce8' AND file:hashes.SHA1 = '90320997c7dac34d4261eb38eb548910efc2b983' AND file:hashes.SHA256 = 'e6aba7629608a525b020f4e76e4694d6d478dd9561d934813004b6903d66e44c']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-09-04T07:16:11Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--f9620a5e-f529-47ca-b57b-52959ee91051" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-09-04T07:16:10.000Z" ,
"modified" : "2018-09-04T07:16:10.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2018-08-18T09:47:32" ,
"category" : "Other" ,
"uuid" : "26e7365b-c650-4b23-9ac4-d76ed6016811"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/e6aba7629608a525b020f4e76e4694d6d478dd9561d934813004b6903d66e44c/analysis/1534585652/" ,
"category" : "External analysis" ,
"uuid" : "e63f2789-3b7b-421f-bff5-dbc2cc417ab5"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "37/62" ,
"category" : "Other" ,
"uuid" : "104d1f87-4293-4bf5-85f7-9dcb05ddcbd4"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--aa457e4c-9f49-4f78-84ec-5d60a7c157a2" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-09-04T07:16:14.000Z" ,
"modified" : "2018-09-04T07:16:14.000Z" ,
"pattern" : "[file:hashes.MD5 = '708445b8d358c254e861effffd4f819b' AND file:hashes.SHA1 = 'd190b480942ac732f282c61a540e9138a3e764b5' AND file:hashes.SHA256 = 'af848999a4b8df0e33f5a05a618c83d1f3052d4026ab77b2acf66def71df754e']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-09-04T07:16:14Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--8af76320-edcc-4b95-bdbd-bf638bd1e369" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-09-04T07:16:12.000Z" ,
"modified" : "2018-09-04T07:16:12.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2018-08-25T12:52:29" ,
"category" : "Other" ,
"uuid" : "76c45898-d592-4b3b-98f7-f21727ec10d7"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/af848999a4b8df0e33f5a05a618c83d1f3052d4026ab77b2acf66def71df754e/analysis/1535201549/" ,
"category" : "External analysis" ,
"uuid" : "8da17835-8e60-4ffa-92b6-7da88f623d95"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "25/60" ,
"category" : "Other" ,
"uuid" : "d782b423-3f90-48ee-8600-3b6502d59692"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--790fef27-93cc-4a9f-803a-b320db0dee95" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-09-04T07:16:16.000Z" ,
"modified" : "2018-09-04T07:16:16.000Z" ,
"pattern" : "[file:hashes.MD5 = 'd9c7349e807e0f12eaa67b2de522954f' AND file:hashes.SHA1 = '5f37de1ced07e35444ce4ea015084b92bc1baabf' AND file:hashes.SHA256 = '255be8e830c9b43928b11a8e1b531a94826d30919e7f739a5ed07141d6a70bb7']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-09-04T07:16:16Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--f234144d-1765-4cf4-b8ad-6d6f1a2b6472" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-09-04T07:16:15.000Z" ,
"modified" : "2018-09-04T07:16:15.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2018-07-19T00:11:55" ,
"category" : "Other" ,
"uuid" : "88e2183e-9edb-463f-ae3c-a86be7e7ae59"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/255be8e830c9b43928b11a8e1b531a94826d30919e7f739a5ed07141d6a70bb7/analysis/1531959115/" ,
"category" : "External analysis" ,
"uuid" : "f0445432-dab0-46e8-a8f5-455d9a6645d3"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "31/61" ,
"category" : "Other" ,
"uuid" : "a030e69a-a20f-475f-b2c1-066595ff0684"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--6ff856c9-fa6e-454c-ba8c-0fc21d5cc864" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-09-04T07:16:19.000Z" ,
"modified" : "2018-09-04T07:16:19.000Z" ,
"pattern" : "[file:hashes.MD5 = '395f9f87df728134b5e3c1ca4d48e9fa' AND file:hashes.SHA1 = 'ab0debc27d171ac15a235910847faee6ae1f053d' AND file:hashes.SHA256 = '48477ffcc2cf57e34fbc45599efa830620dc18139dbbb8dfe59d56fd87728b25']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-09-04T07:16:19Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--41755892-e078-4a46-87e8-1f5e2677e25c" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-09-04T07:16:17.000Z" ,
"modified" : "2018-09-04T07:16:17.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2018-08-10T04:37:28" ,
"category" : "Other" ,
"uuid" : "40fcc649-7ce9-4874-a2a6-98fb47cab457"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/48477ffcc2cf57e34fbc45599efa830620dc18139dbbb8dfe59d56fd87728b25/analysis/1533875848/" ,
"category" : "External analysis" ,
"uuid" : "1ab545b6-d270-4a3c-bc5d-95dcd354c48f"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "43/68" ,
"category" : "Other" ,
"uuid" : "f4ed9f04-016d-486c-8992-a3d99bce65b5"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--09391239-3536-4168-8f87-72ae9d533bef" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-09-04T07:16:21.000Z" ,
"modified" : "2018-09-04T07:16:21.000Z" ,
"pattern" : "[file:hashes.MD5 = '0bc28ac5f2cadd524e7f443e06ad2a2b' AND file:hashes.SHA1 = '13c2cf52c2d97c50b5d10300911e15b52a9f5bc4' AND file:hashes.SHA256 = 'accd05c00951ef568594efebd5c30bdce2e63cee9b2cdd88cb705776e0a4ca70']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-09-04T07:16:21Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--d85d218a-03c1-40d8-9b3f-b88bb3f6e132" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-09-04T07:16:20.000Z" ,
"modified" : "2018-09-04T07:16:20.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2018-01-24T10:54:09" ,
"category" : "Other" ,
"uuid" : "96807bd6-ba7b-436f-a02b-a2173383a39a"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/accd05c00951ef568594efebd5c30bdce2e63cee9b2cdd88cb705776e0a4ca70/analysis/1516791249/" ,
"category" : "External analysis" ,
"uuid" : "b2059571-77ea-48f7-8cb2-6f05e670e267"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "27/60" ,
"category" : "Other" ,
"uuid" : "63871844-c633-4cb4-a641-c2ecd075c6e6"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--bd4d9903-64a2-48b5-9aca-8daaf2bcc0ee" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-09-04T07:16:24.000Z" ,
"modified" : "2018-09-04T07:16:24.000Z" ,
"pattern" : "[file:hashes.MD5 = '7e6cb66a3623258444639d1fc2fd533f' AND file:hashes.SHA1 = '79741484c3c59e6b15b14be4853128edb7fd2f4a' AND file:hashes.SHA256 = 'e9722d22967068c74f4c149c29bc4988d6178dda7b15fd72f488bbefed4faf28']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-09-04T07:16:24Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--57bf09f8-10dd-40e1-b635-be7748f76773" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-09-04T07:16:22.000Z" ,
"modified" : "2018-09-04T07:16:22.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2018-01-17T07:52:11" ,
"category" : "Other" ,
"uuid" : "b3ea6da3-525d-4014-83f7-b0b4e482b79e"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/e9722d22967068c74f4c149c29bc4988d6178dda7b15fd72f488bbefed4faf28/analysis/1516175531/" ,
"category" : "External analysis" ,
"uuid" : "439ccd4e-59c1-49ff-8d89-5c34f9bb064b"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "15/60" ,
"category" : "Other" ,
"uuid" : "c30149ef-276a-48cc-8e0b-c497bd7a2f62"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--1e7e2181-e880-4274-9ddf-f8daa44549c7" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-09-04T07:16:26.000Z" ,
"modified" : "2018-09-04T07:16:26.000Z" ,
"pattern" : "[file:hashes.MD5 = 'd3baa45ed342fbc5a56d974d36d5f73f' AND file:hashes.SHA1 = '54f88d82f3468bde37abeb6c209348401de02999' AND file:hashes.SHA256 = '74b1d9c27313dd8a266bf3011896cc9673653a84c2475bed483fa72a1dfb9361']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-09-04T07:16:26Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--084b441e-ce8b-4086-ad6c-0ef1e2b2c78b" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-09-04T07:16:25.000Z" ,
"modified" : "2018-09-04T07:16:25.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2018-08-10T04:42:30" ,
"category" : "Other" ,
"uuid" : "f16ae11a-12b4-4626-b5ac-96166c0d8f99"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/74b1d9c27313dd8a266bf3011896cc9673653a84c2475bed483fa72a1dfb9361/analysis/1533876150/" ,
"category" : "External analysis" ,
"uuid" : "b30e9b63-6c0d-4eb2-a712-2c27f8886e82"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "38/68" ,
"category" : "Other" ,
"uuid" : "1856e87d-a719-48f9-9c0b-d57b633eb969"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--43892c3f-9a1b-466c-9bee-8e397cfe7d99" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-09-04T07:16:29.000Z" ,
"modified" : "2018-09-04T07:16:29.000Z" ,
"pattern" : "[file:hashes.MD5 = '55fb01048b6287eadcbd9a0f86d21adf' AND file:hashes.SHA1 = 'd7e22fdecd2cc533852b5a662039dfcb99a13487' AND file:hashes.SHA256 = '7a35a20bb3fc5d879b99a71d9c5c5475752b900a3082aa5c4f2d6d23aa78dee2']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-09-04T07:16:29Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--d57f6827-03ab-40da-9465-a87640bda410" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-09-04T07:16:27.000Z" ,
"modified" : "2018-09-04T07:16:27.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2018-08-29T00:19:01" ,
"category" : "Other" ,
"uuid" : "3183fed9-2981-4063-9f5e-78d811d9b601"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/7a35a20bb3fc5d879b99a71d9c5c5475752b900a3082aa5c4f2d6d23aa78dee2/analysis/1535501941/" ,
"category" : "External analysis" ,
"uuid" : "23b507c2-0f42-4e17-b3dc-90ceaeb84866"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "40/67" ,
"category" : "Other" ,
"uuid" : "f2cf6afa-89ee-4cac-9353-eb7c910b3948"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2024-08-07 08:13:15 +00:00
"id" : "relationship--a97497b8-7a83-4a47-a5e8-e4eff10d1e7a" ,
2023-04-21 14:44:17 +00:00
"created" : "2018-08-10T13:20:40.000Z" ,
"modified" : "2018-08-10T13:20:40.000Z" ,
"relationship_type" : "related-to" ,
"source_ref" : "observed-data--5b6d908d-7b7c-48a2-9f5d-cc41950d210f" ,
"target_ref" : "indicator--5b6d90f1-3bf4-4746-a265-4d62950d210f"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2024-08-07 08:13:15 +00:00
"id" : "relationship--5bd58753-f32d-4252-a2af-c3ec89c13add" ,
2023-04-21 14:44:17 +00:00
"created" : "2018-08-10T14:30:01.000Z" ,
"modified" : "2018-08-10T14:30:01.000Z" ,
"relationship_type" : "related-to" ,
"source_ref" : "observed-data--5b6da0bc-5908-45f0-a3cb-7d2f950d210f" ,
"target_ref" : "indicator--5b6d9fab-3cf0-4839-8421-cc8c950d210f"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2024-08-07 08:13:15 +00:00
"id" : "relationship--7e6f345c-fe5a-4592-a548-65062c1877b9" ,
2023-04-21 14:44:17 +00:00
"created" : "2018-08-10T14:31:16.000Z" ,
"modified" : "2018-08-10T14:31:16.000Z" ,
"relationship_type" : "related-to" ,
"source_ref" : "observed-data--5b6da0bc-5908-45f0-a3cb-7d2f950d210f" ,
"target_ref" : "indicator--5b6da192-aa4c-4141-9993-b712950d210f"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2024-08-07 08:13:15 +00:00
"id" : "relationship--80f29524-944c-4a23-95ba-cd5717d8b25d" ,
2023-04-21 14:44:17 +00:00
"created" : "2018-08-10T14:34:17.000Z" ,
"modified" : "2018-08-10T14:34:17.000Z" ,
"relationship_type" : "related-to" ,
"source_ref" : "observed-data--5b6da202-2654-49e0-93dd-a1dd950d210f" ,
"target_ref" : "indicator--5b6da23b-5980-40d9-b40e-fc18950d210f"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2024-08-07 08:13:15 +00:00
"id" : "relationship--acc4351d-b80e-4d1a-871a-f8bf46b5d43f" ,
2023-04-21 14:44:17 +00:00
"created" : "2018-08-10T14:36:20.000Z" ,
"modified" : "2018-08-10T14:36:20.000Z" ,
"relationship_type" : "related-to" ,
"source_ref" : "observed-data--5b6da2a2-b7e0-4bec-ac25-7d2f950d210f" ,
"target_ref" : "indicator--5b6da2c9-e668-4985-a4c1-a1dd950d210f"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2024-08-07 08:13:15 +00:00
"id" : "relationship--f2a95e94-0190-49d3-93c1-a0e6f5227a77" ,
2023-04-21 14:44:17 +00:00
"created" : "2018-08-10T14:38:58.000Z" ,
"modified" : "2018-08-10T14:38:58.000Z" ,
"relationship_type" : "related-to" ,
"source_ref" : "observed-data--5b6da326-0c08-44a0-90be-fc18950d210f" ,
"target_ref" : "indicator--5b6da343-5348-45c3-88f4-4756950d210f"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2024-08-07 08:13:15 +00:00
"id" : "relationship--22521344-bb3a-45b0-b53d-0ddb465300bf" ,
2023-04-21 14:44:17 +00:00
"created" : "2018-08-23T11:58:55.000Z" ,
"modified" : "2018-08-23T11:58:55.000Z" ,
"relationship_type" : "related-to" ,
"source_ref" : "indicator--5b7ea077-cfbc-4059-9ac0-4554950d210f" ,
"target_ref" : "indicator--5b7ea118-b9ec-4598-b96a-49b7950d210f"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2024-08-07 08:13:15 +00:00
"id" : "relationship--12b7af8b-34ec-4d11-aa66-a45a835380f5" ,
2023-04-21 14:44:17 +00:00
"created" : "2018-09-04T07:16:28.000Z" ,
"modified" : "2018-09-04T07:16:28.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "indicator--ef468365-addd-40d5-a24d-543722f12e93" ,
"target_ref" : "x-misp-object--68dc24db-7625-4d35-b6d3-c6fb1283bf18"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2024-08-07 08:13:15 +00:00
"id" : "relationship--a81b4b36-ee65-4f97-9144-e495c9101a5a" ,
2023-04-21 14:44:17 +00:00
"created" : "2018-09-04T07:16:29.000Z" ,
"modified" : "2018-09-04T07:16:29.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "indicator--6ccf462a-1c20-452a-be71-cfe9936ed3ba" ,
"target_ref" : "x-misp-object--d2f2004d-2309-4a22-99cd-031a09bde2f1"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2024-08-07 08:13:15 +00:00
"id" : "relationship--c2190276-b5c2-4a60-8584-75363511be51" ,
2023-04-21 14:44:17 +00:00
"created" : "2018-09-04T07:16:29.000Z" ,
"modified" : "2018-09-04T07:16:29.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "indicator--7d3abf61-6c8e-47c1-93eb-d9f5103a9d5e" ,
"target_ref" : "x-misp-object--b822f813-8192-409c-8ccc-27c368ce781a"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2024-08-07 08:13:15 +00:00
"id" : "relationship--40a87a6b-db91-4520-8e8f-c133ffacaf6e" ,
2023-04-21 14:44:17 +00:00
"created" : "2018-09-04T07:16:29.000Z" ,
"modified" : "2018-09-04T07:16:29.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "indicator--cacbd9c4-03d0-435d-ad3c-a31a568e8d8e" ,
"target_ref" : "x-misp-object--60d09241-1457-4f27-8c62-a010c19eeb21"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2024-08-07 08:13:15 +00:00
"id" : "relationship--8dd7f160-5ae3-4698-bb0b-ca659a6a03a3" ,
2023-04-21 14:44:17 +00:00
"created" : "2018-09-04T07:16:29.000Z" ,
"modified" : "2018-09-04T07:16:29.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "indicator--93f7c2d4-3eda-4a19-aba6-b3bdb34be6c6" ,
"target_ref" : "x-misp-object--fa8c321e-5cde-45bb-a01c-7e2a2a09b969"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2024-08-07 08:13:15 +00:00
"id" : "relationship--9aa80da9-b1f0-4130-aff4-76f8b25b5ae0" ,
2023-04-21 14:44:17 +00:00
"created" : "2018-09-04T07:16:29.000Z" ,
"modified" : "2018-09-04T07:16:29.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "indicator--6bf27c78-9d3b-4926-9c37-ec97cf90fee5" ,
"target_ref" : "x-misp-object--22999236-217f-4117-ae67-135d962de74e"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2024-08-07 08:13:15 +00:00
"id" : "relationship--382cd718-fe8f-4e31-a5fc-f8bf4600b123" ,
2023-04-21 14:44:17 +00:00
"created" : "2018-09-04T07:16:29.000Z" ,
"modified" : "2018-09-04T07:16:29.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "indicator--a4995eaf-38d1-4aed-a189-061d8ad9eb5b" ,
"target_ref" : "x-misp-object--28a0ab9f-4372-42ba-bea6-9a437f2c55e6"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2024-08-07 08:13:15 +00:00
"id" : "relationship--3be94ff5-92d1-493a-9b3b-327875409c17" ,
2023-04-21 14:44:17 +00:00
"created" : "2018-09-04T07:16:29.000Z" ,
"modified" : "2018-09-04T07:16:29.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "indicator--19019d95-d653-45c4-a76a-e1d0514ea188" ,
"target_ref" : "x-misp-object--a6f536ba-7227-4404-a445-3859005c2d85"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2024-08-07 08:13:15 +00:00
"id" : "relationship--19b86e35-4e49-4b44-be00-6cf45c7d9768" ,
2023-04-21 14:44:17 +00:00
"created" : "2018-09-04T07:16:29.000Z" ,
"modified" : "2018-09-04T07:16:29.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "indicator--dddd50b2-9d97-476a-864e-021d7986d6fb" ,
"target_ref" : "x-misp-object--497f5b93-ac74-4869-b34e-e18258a06405"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2024-08-07 08:13:15 +00:00
"id" : "relationship--af26ba1f-943c-4726-a8fb-6b7d8af73c43" ,
2023-04-21 14:44:17 +00:00
"created" : "2018-09-04T07:16:29.000Z" ,
"modified" : "2018-09-04T07:16:29.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "indicator--f43d2055-c298-4014-b16c-cb31bb84171b" ,
"target_ref" : "x-misp-object--f9620a5e-f529-47ca-b57b-52959ee91051"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2024-08-07 08:13:15 +00:00
"id" : "relationship--5ebf4fa1-ca09-4070-b91d-66162de0469d" ,
2023-04-21 14:44:17 +00:00
"created" : "2018-09-04T07:16:29.000Z" ,
"modified" : "2018-09-04T07:16:29.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "indicator--aa457e4c-9f49-4f78-84ec-5d60a7c157a2" ,
"target_ref" : "x-misp-object--8af76320-edcc-4b95-bdbd-bf638bd1e369"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2024-08-07 08:13:15 +00:00
"id" : "relationship--822bb641-ac05-476a-9d71-1899a61bd4cd" ,
2023-04-21 14:44:17 +00:00
"created" : "2018-09-04T07:16:29.000Z" ,
"modified" : "2018-09-04T07:16:29.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "indicator--790fef27-93cc-4a9f-803a-b320db0dee95" ,
"target_ref" : "x-misp-object--f234144d-1765-4cf4-b8ad-6d6f1a2b6472"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2024-08-07 08:13:15 +00:00
"id" : "relationship--6911bfbc-e02e-4849-9274-25699dfcd560" ,
2023-04-21 14:44:17 +00:00
"created" : "2018-09-04T07:16:29.000Z" ,
"modified" : "2018-09-04T07:16:29.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "indicator--6ff856c9-fa6e-454c-ba8c-0fc21d5cc864" ,
"target_ref" : "x-misp-object--41755892-e078-4a46-87e8-1f5e2677e25c"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2024-08-07 08:13:15 +00:00
"id" : "relationship--430ebdb0-51d7-49cf-a098-309ab774063b" ,
2023-04-21 14:44:17 +00:00
"created" : "2018-09-04T07:16:29.000Z" ,
"modified" : "2018-09-04T07:16:29.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "indicator--09391239-3536-4168-8f87-72ae9d533bef" ,
"target_ref" : "x-misp-object--d85d218a-03c1-40d8-9b3f-b88bb3f6e132"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2024-08-07 08:13:15 +00:00
"id" : "relationship--7d8f6d90-b6ba-436f-8c18-f37991ac9a56" ,
2023-04-21 14:44:17 +00:00
"created" : "2018-09-04T07:16:29.000Z" ,
"modified" : "2018-09-04T07:16:29.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "indicator--bd4d9903-64a2-48b5-9aca-8daaf2bcc0ee" ,
"target_ref" : "x-misp-object--57bf09f8-10dd-40e1-b635-be7748f76773"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2024-08-07 08:13:15 +00:00
"id" : "relationship--cfb48e7b-f238-46cc-9482-6e38b1d9d0a5" ,
2023-04-21 14:44:17 +00:00
"created" : "2018-09-04T07:16:29.000Z" ,
"modified" : "2018-09-04T07:16:29.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "indicator--1e7e2181-e880-4274-9ddf-f8daa44549c7" ,
"target_ref" : "x-misp-object--084b441e-ce8b-4086-ad6c-0ef1e2b2c78b"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2024-08-07 08:13:15 +00:00
"id" : "relationship--3495e346-8dcf-4156-9608-4c18d962ae9f" ,
2023-04-21 14:44:17 +00:00
"created" : "2018-09-04T07:16:29.000Z" ,
"modified" : "2018-09-04T07:16:29.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "indicator--43892c3f-9a1b-466c-9bee-8e397cfe7d99" ,
"target_ref" : "x-misp-object--d57f6827-03ab-40da-9465-a87640bda410"
} ,
{
"type" : "marking-definition" ,
"spec_version" : "2.1" ,
"id" : "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ,
"created" : "2017-01-20T00:00:00.000Z" ,
"definition_type" : "tlp" ,
"name" : "TLP:WHITE" ,
"definition" : {
"tlp" : "white"
}
}
]
}
