2023-04-21 14:44:17 +00:00
{
"type" : "bundle" ,
"id" : "bundle--5b991442-a9f0-4b5b-bc56-445f950d210f" ,
"objects" : [
{
"type" : "identity" ,
"spec_version" : "2.1" ,
"id" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-09-13T13:48:18.000Z" ,
"modified" : "2018-09-13T13:48:18.000Z" ,
"name" : "CIRCL" ,
"identity_class" : "organization"
} ,
{
"type" : "report" ,
"spec_version" : "2.1" ,
"id" : "report--5b991442-a9f0-4b5b-bc56-445f950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-09-13T13:48:18.000Z" ,
"modified" : "2018-09-13T13:48:18.000Z" ,
"name" : "OSINT - Multi-exploit IoT/Linux Botnets Mirai and Gafgyt Target Apache Struts, SonicWall" ,
"published" : "2018-09-13T13:48:39Z" ,
"object_refs" : [
"observed-data--5b991454-051c-4bd8-a0bd-4e4a950d210f" ,
"url--5b991454-051c-4bd8-a0bd-4e4a950d210f" ,
"x-misp-attribute--5b991479-1434-4a91-9224-493c950d210f" ,
"indicator--5b9a17a9-46f4-4829-a645-41bb950d210f" ,
"indicator--5b9a17aa-17d8-479d-a049-4e2d950d210f" ,
"indicator--5b9a17aa-4d98-4ac5-8764-42f4950d210f" ,
"indicator--5b9a0d50-ad90-4793-b2d8-41d2950d210f" ,
"indicator--5b9a11b0-9f94-4354-a268-43aa950d210f" ,
"indicator--5b9a11bd-ec9c-4b8b-97d3-4f7a950d210f" ,
"indicator--5b9a11e6-9cdc-41f5-98f9-4912950d210f" ,
"indicator--5b9a11f0-9c10-492e-9b51-4257950d210f" ,
"indicator--5b9a1248-1f28-48ac-be89-45c3950d210f" ,
"indicator--5b9a125e-9f20-423b-b45f-4054950d210f" ,
"indicator--5b9a1279-20f4-4f5e-b2dc-48ca950d210f" ,
"indicator--5b9a1288-1af0-4da4-8f3a-447b950d210f" ,
"indicator--5b9a1312-b374-493c-986d-49bd950d210f" ,
"indicator--5b9a131f-bec4-4d20-baea-4929950d210f" ,
"indicator--5b9a1333-b508-45d9-9896-4e23950d210f" ,
"indicator--5b9a1346-5384-4908-a5a8-4df7950d210f" ,
"indicator--5b9a14da-00bc-4f8c-92b4-4c86950d210f" ,
"indicator--5b9a14e9-221c-4e02-b682-4575950d210f" ,
"indicator--5b9a1501-cc14-4764-bf87-46cc950d210f" ,
"indicator--5b9a1512-a77c-4500-a8c9-4481950d210f" ,
"indicator--5b9a1527-6be8-4405-8242-44f9950d210f" ,
"indicator--5b9a1534-31f8-4c5b-9d0b-4dc8950d210f" ,
"indicator--5b9a1541-1924-4272-80b3-4240950d210f" ,
"vulnerability--5b9a386e-b6e4-47be-8342-4230950d210f" ,
"vulnerability--5b9a3982-b92c-4520-9b89-4a5c950d210f" ,
"vulnerability--5b9a3a3a-ed68-4f01-9808-438e950d210f" ,
"vulnerability--5b9a3b33-9c4c-4549-b0e2-4c6e950d210f" ,
"indicator--c9655c57-1760-44de-8ccc-7029b572eae9" ,
"x-misp-object--09f198df-da65-491a-b0aa-b776a71ebd10" ,
"indicator--85dcb3db-5f44-45ce-91ed-474e10a184ce" ,
"x-misp-object--2f799c8d-3791-4020-8203-8f673107e71a" ,
"indicator--5892a64f-3a60-4d35-b243-5b5ee982d5aa" ,
"x-misp-object--c0c775a5-3da7-4a09-b2b3-401164eadeb0" ,
"indicator--b8d711a9-9a6e-4659-b9b2-b42dc5fb64bd" ,
"x-misp-object--526f5584-f6ca-47e3-9fa6-94a38edeac72" ,
"indicator--3bd19fac-4ad2-4d33-b023-7359e714c116" ,
"x-misp-object--c28acd19-e6ca-4fa4-a444-c884b75c7a0a" ,
"indicator--832a413e-bc2f-47a6-b913-d9ae101ea8d0" ,
"x-misp-object--ef7a87c9-d339-48a4-a939-93db4c14e085" ,
"indicator--fd8a9a4d-bf88-4db4-b070-cda698f7e250" ,
"x-misp-object--24952aa6-ab94-4152-af25-3437ccf8a6d4" ,
"indicator--8eff451c-0576-4361-b4a7-a4e2f7949bd5" ,
"x-misp-object--5f60eec5-1e31-47a7-a572-3c69ff9cbd7d" ,
"indicator--b93e361e-6457-475a-8466-3229a898dd5d" ,
"x-misp-object--c0ada5f7-d274-4011-9a05-b1bdb2ebe146" ,
"indicator--5eddfb2f-6cc7-461f-b6ce-136882e44252" ,
"x-misp-object--50f46239-1bfb-4c67-aa7d-37f5d327db89" ,
"indicator--1409de38-3c59-48e4-bc96-95e5d351ba78" ,
"x-misp-object--8c3716af-2702-42c0-af1d-ffb02e2e5418" ,
"indicator--a85d42ef-debd-451d-815b-ff5467bd75b2" ,
"x-misp-object--17cf418e-64b5-41ec-922b-54d42d0ee510" ,
"indicator--f04ab39a-7beb-4615-b61f-b246d5530a1d" ,
"x-misp-object--9b32fc2b-5313-4b24-b254-76b77752b779" ,
"indicator--01a176a0-f1c1-4ead-8cc6-a657d617f57d" ,
"x-misp-object--499422cf-0c27-46f7-9926-fbabf396ce2f" ,
"indicator--11eb620d-cf54-4826-a5e1-cd47cf0c42c8" ,
"x-misp-object--3a5d4ca6-6c1c-45c8-b969-f42e24018080" ,
"indicator--25927348-f7e5-4c73-bb65-1a697c164887" ,
"x-misp-object--bd12dbfb-3c97-438b-9431-b91856a77007" ,
"indicator--cd8a9a3f-2459-42e5-a868-efddc1ea6ac4" ,
"x-misp-object--bfd604f5-f81f-4c06-a20b-776c02c983e0" ,
"indicator--41a04017-73fb-4631-887a-0671543e7f41" ,
"x-misp-object--bda04530-cb00-4b96-b39a-8a9f8e68e4b7" ,
"indicator--a4c7f3b3-28f7-48c2-ba26-e788139df68d" ,
"x-misp-object--6aa5bf4e-0751-467c-b327-1883ce155cb3" ,
"indicator--0ac97056-2d5a-45ae-876d-966288ca2ba9" ,
"x-misp-object--7a81dcbd-cd16-405c-b04c-04b5aab112bf" ,
2024-08-07 08:13:15 +00:00
"relationship--56dd705a-6f8d-438d-8ef4-7a680af25283" ,
"relationship--4a1a7c2f-c614-446a-b601-095219736b05" ,
"relationship--f3f1d35f-255e-4aa0-826e-9f1ae5c1f915" ,
"relationship--6a4c04a1-0caa-40c9-a19a-5281399eedc4" ,
"relationship--db2d708e-96e4-4673-81d5-1d26d03afdf4" ,
"relationship--4dfe1954-ed3d-42d8-9551-1e90bee03e85" ,
"relationship--31237cbe-e089-45b9-b979-a07058b7ffa8" ,
"relationship--67cbe7ee-3ca6-4d9a-9fcb-12bdac29123f" ,
"relationship--19397c59-aaa1-4eab-8099-3b76297591e8" ,
"relationship--9c54ab44-a150-4ea1-a3c8-dbdcbb298e5a" ,
"relationship--9b3c6e1a-33c6-44a5-b466-5419f7e5fc74" ,
"relationship--adb01705-92c9-4b65-822d-f5a3f8449360" ,
"relationship--a7c594cc-3c6a-43d5-a0ad-af14eb8a108b" ,
"relationship--9345de37-ab69-4f24-a7b4-56344c1c2437" ,
"relationship--255a2c0e-450b-41cc-b435-243d9bb40842" ,
"relationship--04cdb027-4a2e-4486-8736-1e974901af54" ,
"relationship--7cbd0a06-1230-4fb6-94a7-96c68d76f4c1" ,
"relationship--92a6775a-3c0b-4cab-86ac-cb85a999c303" ,
"relationship--fe7cfbd1-f0b9-46db-9c81-a2befe3b5362" ,
"relationship--1dffff09-08bb-47dc-9d9b-5e35ca0f54bb"
2023-04-21 14:44:17 +00:00
] ,
"labels" : [
"Threat-Report" ,
"misp:tool=\"MISP-STIX-Converter\"" ,
"misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Exploit Public-Facing Application - T1190\"" ,
"malware_classification:malware-category=\"Botnet\"" ,
"misp-galaxy:botnet=\"Mirai\"" ,
"misp-galaxy:tool=\"Mirai\"" ,
"misp-galaxy:tool=\"Gafgyt\"" ,
"misp-galaxy:botnet=\"Gafgyt\""
] ,
"object_marking_refs" : [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--5b991454-051c-4bd8-a0bd-4e4a950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-09-12T13:27:58.000Z" ,
"modified" : "2018-09-12T13:27:58.000Z" ,
"first_observed" : "2018-09-12T13:27:58Z" ,
"last_observed" : "2018-09-12T13:27:58Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--5b991454-051c-4bd8-a0bd-4e4a950d210f"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\"" ,
"osint:source-type=\"blog-post\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--5b991454-051c-4bd8-a0bd-4e4a950d210f" ,
"value" : "https://researchcenter.paloaltonetworks.com/2018/09/unit42-multi-exploit-iotlinux-botnets-mirai-gafgyt-target-apache-struts-sonicwall/"
} ,
{
"type" : "x-misp-attribute" ,
"spec_version" : "2.1" ,
"id" : "x-misp-attribute--5b991479-1434-4a91-9224-493c950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-09-12T13:28:25.000Z" ,
"modified" : "2018-09-12T13:28:25.000Z" ,
"labels" : [
"misp:type=\"text\"" ,
"misp:category=\"External analysis\""
] ,
"x_misp_category" : "External analysis" ,
"x_misp_type" : "text" ,
"x_misp_value" : "Unit 42 has uncovered new variants of the well-known IoT botnets Mirai and Gafgyt. These are the IoT botnets associated with unprecedented Distributed Denial of Service attacks in November 2016 and since.\r\n\r\nThese variants are notable for two reasons:\r\n\r\n The new Mirai version targets the same Apache Struts vulnerability associated with the Equifax data breach in 2017.\r\n The new Gafgyt version targets a newly disclosed vulnerability affecting older, unsupported versions of SonicWall\u00e2\u20ac\u2122s Global Management System (GMS).\r\n\r\nThese developments suggest these IOT botnets are increasingly targeting enterprise devices with outdated versions.\r\n\r\nAll organizations should ensure they keep not only their systems up-to-date and patched, but also their IoT devices. For Palo Alto Networks customers, WidlFire detects all related samples with malicious verdicts. Additional protections are noted in the conclusion below."
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b9a17a9-46f4-4829-a645-41bb950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-09-13T07:54:17.000Z" ,
"modified" : "2018-09-13T07:54:17.000Z" ,
"pattern" : "[domain-name:value = 'l.ocalhost.host']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-09-13T07:54:17Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"hostname\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b9a17aa-17d8-479d-a049-4e2d950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-09-13T07:54:18.000Z" ,
"modified" : "2018-09-13T07:54:18.000Z" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.10.68.213']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-09-13T07:54:18Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b9a17aa-4d98-4ac5-8764-42f4950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-09-13T07:54:18.000Z" ,
"modified" : "2018-09-13T07:54:18.000Z" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.10.68.127']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-09-13T07:54:18Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b9a0d50-ad90-4793-b2d8-41d2950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-09-13T07:10:08.000Z" ,
"modified" : "2018-09-13T07:10:08.000Z" ,
"description" : "Sample with Apache Struts exploit CVE-2017-5638" ,
"pattern" : "[file:hashes.SHA256 = 'd6648a36f55d6b8ffd034df7d04156d31411719ce9bc28e6d30c8427feacb397' AND file:x_misp_state = 'Malicious']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-09-13T07:10:08Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b9a11b0-9f94-4354-a268-43aa950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-09-13T07:28:48.000Z" ,
"modified" : "2018-09-13T07:28:48.000Z" ,
"description" : "Sample with Apache Struts exploit CVE-2017-5638" ,
"pattern" : "[file:hashes.SHA256 = '710d56a90b5f61c7ae82fcf305d23d48476e4f237ffff9d68b961171f168f255' AND file:x_misp_state = 'Malicious']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-09-13T07:28:48Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b9a11bd-ec9c-4b8b-97d3-4f7a950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-09-13T07:29:01.000Z" ,
"modified" : "2018-09-13T07:29:01.000Z" ,
"description" : "Sample with Apache Struts exploit CVE-2017-5638" ,
"pattern" : "[file:hashes.SHA256 = '52274c46933c20aaf64fd4c11557143fcfdc76eef192743fafd1b3a8bed3f4d2' AND file:x_misp_state = 'Malicious']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-09-13T07:29:01Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b9a11e6-9cdc-41f5-98f9-4912950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-09-13T07:29:42.000Z" ,
"modified" : "2018-09-13T07:29:42.000Z" ,
"description" : "Sample with Apache Struts exploit CVE-2017-5638" ,
"pattern" : "[file:hashes.SHA256 = '078eef70d754e9b64bc783f085846a2e8ae419653a79ed2386c4ade86fde68cb' AND file:x_misp_state = 'Malicious']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-09-13T07:29:42Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b9a11f0-9c10-492e-9b51-4257950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-09-13T07:29:52.000Z" ,
"modified" : "2018-09-13T07:29:52.000Z" ,
"description" : "Sample with Apache Struts exploit CVE-2017-5638" ,
"pattern" : "[file:hashes.SHA256 = 'ef090093496ccdab506848166a07554bfa74eb98a0546171b84fc73861f67c79' AND file:x_misp_state = 'Malicious']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-09-13T07:29:52Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b9a1248-1f28-48ac-be89-45c3950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-09-13T07:31:20.000Z" ,
"modified" : "2018-09-13T07:31:20.000Z" ,
"description" : "Sample with Apache Struts exploit CVE-2017-5638" ,
"pattern" : "[file:hashes.SHA256 = '49cdb537f5e4081362545532a623f597212c8cea847cf9f2b2f1fe1f3cd0ec2f' AND file:x_misp_state = 'Malicious']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-09-13T07:31:20Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b9a125e-9f20-423b-b45f-4054950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-09-13T07:31:42.000Z" ,
"modified" : "2018-09-13T07:31:42.000Z" ,
"description" : "Sample with Apache Struts exploit CVE-2017-5638" ,
"pattern" : "[file:hashes.SHA256 = '99c22a0c0e252ab123fb3167f49d94dc12960b79565ca6dfd28f2ff5b0346348' AND file:x_misp_state = 'Malicious']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-09-13T07:31:42Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b9a1279-20f4-4f5e-b2dc-48ca950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-09-13T07:32:09.000Z" ,
"modified" : "2018-09-13T07:32:09.000Z" ,
"description" : "Sample with Apache Struts exploit CVE-2017-5638" ,
"pattern" : "[file:hashes.SHA256 = 'ae2354a5d8b84fb6ea6fc4b9ca3060959d5c0c77684cd2100731df2a3c7a204e' AND file:x_misp_state = 'Malicious']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-09-13T07:32:09Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b9a1288-1af0-4da4-8f3a-447b950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-09-13T07:32:24.000Z" ,
"modified" : "2018-09-13T07:32:24.000Z" ,
"description" : "Sample with Apache Struts exploit CVE-2017-5638" ,
"pattern" : "[file:hashes.SHA256 = '1913cf8e65114136cc309e72c384b717f0aeaaeae0c040188648c4afebce1669' AND file:x_misp_state = 'Malicious']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-09-13T07:32:24Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b9a1312-b374-493c-986d-49bd950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-09-13T07:34:42.000Z" ,
"modified" : "2018-09-13T07:34:42.000Z" ,
"description" : "Sample with Sonicwall GMS exploit CVE-2018-9866" ,
"pattern" : "[file:hashes.SHA256 = '1814c010f5e7391c7ea38850f9caf0771866e315f8d0c58c563818e71d30c208' AND file:x_misp_state = 'Malicious']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-09-13T07:34:42Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b9a131f-bec4-4d20-baea-4929950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-09-13T07:34:55.000Z" ,
"modified" : "2018-09-13T07:34:55.000Z" ,
"description" : "Sample with Sonicwall GMS exploit CVE-2018-9866" ,
"pattern" : "[file:hashes.SHA256 = '29540468514cd48b6c2571722018dffb49d12f99c95b248a44a1455fff01acfb' AND file:x_misp_state = 'Malicious']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-09-13T07:34:55Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b9a1333-b508-45d9-9896-4e23950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-09-13T07:35:15.000Z" ,
"modified" : "2018-09-13T07:35:15.000Z" ,
"description" : "Sample with Sonicwall GMS exploit CVE-2018-9866" ,
"pattern" : "[file:hashes.SHA256 = '39891a1c13e4e6ec9de410201f697d23c05e83a29ec0010c6c62c6829386e6a6' AND file:x_misp_state = 'Malicious']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-09-13T07:35:15Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b9a1346-5384-4908-a5a8-4df7950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-09-13T07:35:34.000Z" ,
"modified" : "2018-09-13T07:35:34.000Z" ,
"description" : "Sample with Sonicwall GMS exploit CVE-2018-9866" ,
"pattern" : "[file:hashes.SHA256 = '596270e91ccee3ec04a552bafde586af127ecac7141852edb9707ac6c4779a99' AND file:x_misp_state = 'Malicious']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-09-13T07:35:34Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b9a14da-00bc-4f8c-92b4-4c86950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-09-13T07:42:18.000Z" ,
"modified" : "2018-09-13T07:42:18.000Z" ,
"description" : "Sample with Sonicwall GMS exploit CVE-2018-9866" ,
"pattern" : "[file:hashes.SHA256 = '68b27935c7d064478339f7d95b57ff06ffa1efbd81009b4a2870c5cf3e0b0b35' AND file:x_misp_state = 'Malicious']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-09-13T07:42:18Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b9a14e9-221c-4e02-b682-4575950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-09-13T07:42:33.000Z" ,
"modified" : "2018-09-13T07:42:33.000Z" ,
"description" : "Sample with Sonicwall GMS exploit CVE-2018-9866" ,
"pattern" : "[file:hashes.SHA256 = '92a4c6ae034c3a03c21b74bdc00264192e60a85deedd90b99a3e350758eb85c1' AND file:x_misp_state = 'Malicious']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-09-13T07:42:33Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b9a1501-cc14-4764-bf87-46cc950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-09-13T07:42:57.000Z" ,
"modified" : "2018-09-13T07:42:57.000Z" ,
"description" : "Sample with Sonicwall GMS exploit CVE-2018-9866" ,
"pattern" : "[file:hashes.SHA256 = 'aab0ec600cdf57f28f9480ff3a9d3547f699af005c015b74c5c9e39a992570b6' AND file:x_misp_state = 'Malicious']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-09-13T07:42:57Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b9a1512-a77c-4500-a8c9-4481950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-09-13T07:43:14.000Z" ,
"modified" : "2018-09-13T07:43:14.000Z" ,
"description" : "Sample with Sonicwall GMS exploit CVE-2018-9866" ,
"pattern" : "[file:hashes.SHA256 = 'd8fbf6d68993045b4840729c788665ab10c50c42b27246a290031664f3b956eb' AND file:x_misp_state = 'Malicious']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-09-13T07:43:14Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b9a1527-6be8-4405-8242-44f9950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-09-13T07:43:35.000Z" ,
"modified" : "2018-09-13T07:43:35.000Z" ,
"description" : "Sample with Sonicwall GMS exploit CVE-2018-9866" ,
"pattern" : "[file:hashes.SHA256 = 'dafe1b513183902692c8ba8b2a95fede7c13937e49bf21294de448df05edff18' AND file:x_misp_state = 'Malicious']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-09-13T07:43:35Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b9a1534-31f8-4c5b-9d0b-4dc8950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-09-13T07:43:48.000Z" ,
"modified" : "2018-09-13T07:43:48.000Z" ,
"description" : "Sample with Sonicwall GMS exploit CVE-2018-9866" ,
"pattern" : "[file:hashes.SHA256 = 'f89d742c4d3312ac9bd707a9135235482c554e369cb646dcd97f6a14b4210136' AND file:x_misp_state = 'Malicious']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-09-13T07:43:48Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b9a1541-1924-4272-80b3-4240950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-09-13T07:44:01.000Z" ,
"modified" : "2018-09-13T07:44:01.000Z" ,
"description" : "Sample with Sonicwall GMS exploit CVE-2018-9866" ,
"pattern" : "[file:hashes.SHA256 = 'fab034d705b3ad7a10101858daf5da93a88f8bfd509dee9b8072678b27290ed3' AND file:x_misp_state = 'Malicious']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-09-13T07:44:01Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "vulnerability" ,
"spec_version" : "2.1" ,
"id" : "vulnerability--5b9a386e-b6e4-47be-8342-4230950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-09-13T10:14:06.000Z" ,
"modified" : "2018-09-13T10:14:06.000Z" ,
"name" : "CVE-2017-5638" ,
"description" : "The Jakarta Multipart parser in Apache Struts 2 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1 has incorrect exception handling and error-message generation during file-upload attempts, which allows remote attackers to execute arbitrary commands via a crafted Content-Type, Content-Disposition, or Content-Length HTTP header, as exploited in the wild in March 2017 with a Content-Type header containing a #cmd= string." ,
"labels" : [
"misp:name=\"vulnerability\"" ,
"misp:meta-category=\"vulnerability\"" ,
"misp:to_ids=\"False\""
] ,
"external_references" : [
{
"source_name" : "cve" ,
"external_id" : "CVE-2017-5638"
} ,
{
"source_name" : "url" ,
"url" : "https://cve.circl.lu/cve/CVE-2017-5638"
} ,
{
"source_name" : "url" ,
"url" : "http://blog.talosintelligence.com/2017/03/apache-0-day-exploited.html"
} ,
{
"source_name" : "url" ,
"url" : "http://blog.trendmicro.com/trendlabs-security-intelligence/cve-2017-5638-apache-struts-vulnerability-remote-code-execution/"
} ,
{
"source_name" : "url" ,
"url" : "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-002.txt"
} ,
{
"source_name" : "url" ,
"url" : "http://www.eweek.com/security/apache-struts-vulnerability-under-attack.html"
} ,
{
"source_name" : "url" ,
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
}
] ,
"x_misp_cvss_score" : "10" ,
"x_misp_modified" : "2018-03-03T21:29:00" ,
"x_misp_published" : "2017-10-03T21:59:00" ,
"x_misp_state" : "Published"
} ,
{
"type" : "vulnerability" ,
"spec_version" : "2.1" ,
"id" : "vulnerability--5b9a3982-b92c-4520-9b89-4a5c950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-09-13T10:18:42.000Z" ,
"modified" : "2018-09-13T10:18:42.000Z" ,
"name" : "CVE-2018-9866" ,
"description" : "A vulnerability in lack of validation of user-supplied parameters pass to XML-RPC calls on SonicWall Global Management System (GMS) virtual appliance\\'s, allow remote user to execute arbitrary code. This vulnerability affected GMS version 8.1 and earlier." ,
"labels" : [
"misp:name=\"vulnerability\"" ,
"misp:meta-category=\"vulnerability\"" ,
"misp:to_ids=\"False\""
] ,
"external_references" : [
{
"source_name" : "cve" ,
"external_id" : "CVE-2018-9866"
}
] ,
"x_misp_modified" : "2018-03-08T16:29:00" ,
"x_misp_published" : "2018-03-08T16:29:00" ,
"x_misp_state" : "Published"
} ,
{
"type" : "vulnerability" ,
"spec_version" : "2.1" ,
"id" : "vulnerability--5b9a3a3a-ed68-4f01-9808-438e950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-09-13T10:21:46.000Z" ,
"modified" : "2018-09-13T10:21:46.000Z" ,
"name" : "CVE-2017-6884" ,
"description" : "A command injection vulnerability was discovered on the Zyxel EMG2926 home router with firmware V1.00(AAQT.4)b8. The vulnerability is located in the diagnostic tools, specifically the nslookup function. A malicious user may exploit numerous vectors to execute arbitrary commands on the router, such as the ping_ip parameter to the expert/maintenance/diagnostic/nslookup URI." ,
"labels" : [
"misp:name=\"vulnerability\"" ,
"misp:meta-category=\"vulnerability\"" ,
"misp:to_ids=\"False\""
] ,
"external_references" : [
{
"source_name" : "cve" ,
"external_id" : "CVE-2017-6884"
}
] ,
"x_misp_cvss_score" : "9" ,
"x_misp_published" : "2017-06-04T13:59:00" ,
"x_misp_state" : "Published"
} ,
{
"type" : "vulnerability" ,
"spec_version" : "2.1" ,
"id" : "vulnerability--5b9a3b33-9c4c-4549-b0e2-4c6e950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-09-13T10:25:55.000Z" ,
"modified" : "2018-09-13T10:25:55.000Z" ,
"name" : "CVE-2017-17215" ,
"description" : "Huawei HG532 with some customized versions has a remote code execution vulnerability. An authenticated attacker could send malicious packets to port 37215 to launch attacks. Successful exploit could lead to the remote execution of arbitrary code." ,
"labels" : [
"misp:name=\"vulnerability\"" ,
"misp:meta-category=\"vulnerability\"" ,
"misp:to_ids=\"False\""
] ,
"external_references" : [
{
"source_name" : "cve" ,
"external_id" : "CVE-2017-17215"
}
] ,
"x_misp_cvss_score" : "6.5" ,
"x_misp_modified" : "2018-04-19T11:04:00" ,
"x_misp_published" : "2018-03-20T11:29:00" ,
"x_misp_state" : "Published"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--c9655c57-1760-44de-8ccc-7029b572eae9" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-09-13T13:36:47.000Z" ,
"modified" : "2018-09-13T13:36:47.000Z" ,
"pattern" : "[file:hashes.MD5 = 'e0b32c133cedca69b05dd3a9dd6e1910' AND file:hashes.SHA1 = 'ff7c182fb460d62195d1bae8c394b2e81182defe' AND file:hashes.SHA256 = '710d56a90b5f61c7ae82fcf305d23d48476e4f237ffff9d68b961171f168f255']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-09-13T13:36:47Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--09f198df-da65-491a-b0aa-b776a71ebd10" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-09-13T13:36:45.000Z" ,
"modified" : "2018-09-13T13:36:45.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2018-09-13T01:25:45" ,
"category" : "Other" ,
"uuid" : "cbaa39a5-ae89-497b-ba65-0901ebe6762b"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/710d56a90b5f61c7ae82fcf305d23d48476e4f237ffff9d68b961171f168f255/analysis/1536801945/" ,
"category" : "External analysis" ,
"uuid" : "279a4f6c-0ce4-4d69-9af0-dc6b013928db"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "25/58" ,
"category" : "Other" ,
"uuid" : "75778552-b07e-4f8b-85bf-eaaeee5be422"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--85dcb3db-5f44-45ce-91ed-474e10a184ce" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-09-13T13:36:49.000Z" ,
"modified" : "2018-09-13T13:36:49.000Z" ,
"pattern" : "[file:hashes.MD5 = '6a77f21e15a0a4763e86d166763dbd05' AND file:hashes.SHA1 = 'a4a4d892d04f516261c2fa4c56de3ff21afd2812' AND file:hashes.SHA256 = '29540468514cd48b6c2571722018dffb49d12f99c95b248a44a1455fff01acfb']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-09-13T13:36:49Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--2f799c8d-3791-4020-8203-8f673107e71a" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-09-13T13:36:47.000Z" ,
"modified" : "2018-09-13T13:36:47.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2018-09-13T01:25:59" ,
"category" : "Other" ,
"uuid" : "ea58763f-c5f9-4765-a316-a8ee71d3fccd"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/29540468514cd48b6c2571722018dffb49d12f99c95b248a44a1455fff01acfb/analysis/1536801959/" ,
"category" : "External analysis" ,
"uuid" : "c949938e-0e64-43e0-944a-40a3b391d0aa"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "23/58" ,
"category" : "Other" ,
"uuid" : "70c9ab68-2528-495d-a5a8-78d179b63a00"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5892a64f-3a60-4d35-b243-5b5ee982d5aa" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-09-13T13:36:51.000Z" ,
"modified" : "2018-09-13T13:36:51.000Z" ,
"pattern" : "[file:hashes.MD5 = '1998b2f489c4da5ecafe7fb5cc790575' AND file:hashes.SHA1 = '13c72eb4c783b74046aeb53f50173eccfb64c7ca' AND file:hashes.SHA256 = 'ef090093496ccdab506848166a07554bfa74eb98a0546171b84fc73861f67c79']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-09-13T13:36:51Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--c0c775a5-3da7-4a09-b2b3-401164eadeb0" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-09-13T13:36:50.000Z" ,
"modified" : "2018-09-13T13:36:50.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2018-09-11T06:12:03" ,
"category" : "Other" ,
"uuid" : "1144ae7f-5675-47d6-97f0-df298c23cbb1"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/ef090093496ccdab506848166a07554bfa74eb98a0546171b84fc73861f67c79/analysis/1536646323/" ,
"category" : "External analysis" ,
"uuid" : "c4d12609-ad7a-4cff-8bb6-259c956faaf7"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "23/59" ,
"category" : "Other" ,
"uuid" : "bb80ca2b-f4ce-47e0-949f-c3b0b611c005"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--b8d711a9-9a6e-4659-b9b2-b42dc5fb64bd" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-09-13T13:36:54.000Z" ,
"modified" : "2018-09-13T13:36:54.000Z" ,
"pattern" : "[file:hashes.MD5 = '218821892d5d5e460101d6914cfe2a3d' AND file:hashes.SHA1 = '1da48a03224df6397f2215cd6b79308dbda7cf86' AND file:hashes.SHA256 = 'dafe1b513183902692c8ba8b2a95fede7c13937e49bf21294de448df05edff18']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-09-13T13:36:54Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--526f5584-f6ca-47e3-9fa6-94a38edeac72" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-09-13T13:36:52.000Z" ,
"modified" : "2018-09-13T13:36:52.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2018-09-10T14:18:14" ,
"category" : "Other" ,
"uuid" : "db64872a-34a9-4bf5-adf4-a6aaa45cf956"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/dafe1b513183902692c8ba8b2a95fede7c13937e49bf21294de448df05edff18/analysis/1536589094/" ,
"category" : "External analysis" ,
"uuid" : "0a9bcc4e-e99a-4e38-9585-e27415770029"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "16/59" ,
"category" : "Other" ,
"uuid" : "84e65e5c-1e5f-41ac-93c2-97f15f9a571d"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--3bd19fac-4ad2-4d33-b023-7359e714c116" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-09-13T13:36:56.000Z" ,
"modified" : "2018-09-13T13:36:56.000Z" ,
"pattern" : "[file:hashes.MD5 = '3df581337af37f4e66be5026062dcfb2' AND file:hashes.SHA1 = '61116e2b1614cebeed29b489d699f4bbcf217fa3' AND file:hashes.SHA256 = '52274c46933c20aaf64fd4c11557143fcfdc76eef192743fafd1b3a8bed3f4d2']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-09-13T13:36:56Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--c28acd19-e6ca-4fa4-a444-c884b75c7a0a" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-09-13T13:36:54.000Z" ,
"modified" : "2018-09-13T13:36:54.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2018-09-13T07:59:15" ,
"category" : "Other" ,
"uuid" : "43e8d1b7-22fd-4ab9-899c-4473ad895757"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/52274c46933c20aaf64fd4c11557143fcfdc76eef192743fafd1b3a8bed3f4d2/analysis/1536825555/" ,
"category" : "External analysis" ,
"uuid" : "01ffe445-591f-4e55-bcb0-8bfbaebf687f"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "20/57" ,
"category" : "Other" ,
"uuid" : "5c91c16b-b4f8-4c3a-b62b-236a1c911f46"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--832a413e-bc2f-47a6-b913-d9ae101ea8d0" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-09-13T13:36:58.000Z" ,
"modified" : "2018-09-13T13:36:58.000Z" ,
"pattern" : "[file:hashes.MD5 = '9387e4ce5b53ee19af2dafcf8c5aedd1' AND file:hashes.SHA1 = '8588546bc5ca10137fc6d2268085a2173a7638c8' AND file:hashes.SHA256 = 'ae2354a5d8b84fb6ea6fc4b9ca3060959d5c0c77684cd2100731df2a3c7a204e']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-09-13T13:36:58Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--ef7a87c9-d339-48a4-a939-93db4c14e085" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-09-13T13:36:57.000Z" ,
"modified" : "2018-09-13T13:36:57.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2018-09-10T14:15:40" ,
"category" : "Other" ,
"uuid" : "ceb2089f-f043-4d4b-84b0-744285914f35"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/ae2354a5d8b84fb6ea6fc4b9ca3060959d5c0c77684cd2100731df2a3c7a204e/analysis/1536588940/" ,
"category" : "External analysis" ,
"uuid" : "54a8e308-a2f0-4e97-9ecf-ca11a4f431a0"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "18/57" ,
"category" : "Other" ,
"uuid" : "8387e690-d923-4f33-8cde-768ab505083f"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--fd8a9a4d-bf88-4db4-b070-cda698f7e250" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-09-13T13:37:01.000Z" ,
"modified" : "2018-09-13T13:37:01.000Z" ,
"pattern" : "[file:hashes.MD5 = '75cbd3709696219b94d1355349348e84' AND file:hashes.SHA1 = '3a9a06a2f2efdf1fed10793fa7220730bc315af1' AND file:hashes.SHA256 = '49cdb537f5e4081362545532a623f597212c8cea847cf9f2b2f1fe1f3cd0ec2f']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-09-13T13:37:01Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--24952aa6-ab94-4152-af25-3437ccf8a6d4" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-09-13T13:36:59.000Z" ,
"modified" : "2018-09-13T13:36:59.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2018-09-13T01:26:10" ,
"category" : "Other" ,
"uuid" : "69f9765e-d423-4a90-b910-952b150e503e"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/49cdb537f5e4081362545532a623f597212c8cea847cf9f2b2f1fe1f3cd0ec2f/analysis/1536801970/" ,
"category" : "External analysis" ,
"uuid" : "740f1058-5283-4224-8dc0-44d8a81a9214"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "22/57" ,
"category" : "Other" ,
"uuid" : "1c63801e-198c-46e3-9eb9-df05d0b1e755"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--8eff451c-0576-4361-b4a7-a4e2f7949bd5" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-09-13T13:37:05.000Z" ,
"modified" : "2018-09-13T13:37:05.000Z" ,
"pattern" : "[file:hashes.MD5 = 'af525f736a3d31837e16575136752d2b' AND file:hashes.SHA1 = 'adde5df82821d40c8821452f38704dc70f378eb9' AND file:hashes.SHA256 = '68b27935c7d064478339f7d95b57ff06ffa1efbd81009b4a2870c5cf3e0b0b35']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-09-13T13:37:05Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--5f60eec5-1e31-47a7-a572-3c69ff9cbd7d" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-09-13T13:37:03.000Z" ,
"modified" : "2018-09-13T13:37:03.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2018-09-11T06:00:17" ,
"category" : "Other" ,
"uuid" : "b91a61f5-ebae-4f5e-9556-0f4f47bebc45"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/68b27935c7d064478339f7d95b57ff06ffa1efbd81009b4a2870c5cf3e0b0b35/analysis/1536645617/" ,
"category" : "External analysis" ,
"uuid" : "b64fd84b-850e-4cf1-8608-0e345e8ebaec"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "25/59" ,
"category" : "Other" ,
"uuid" : "e1074a2c-3c90-45e1-aaed-fb41141987b3"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--b93e361e-6457-475a-8466-3229a898dd5d" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-09-13T13:37:07.000Z" ,
"modified" : "2018-09-13T13:37:07.000Z" ,
"pattern" : "[file:hashes.MD5 = '6a6307b57a6baf33f9bf148b3fecd9a4' AND file:hashes.SHA1 = 'a6a3190afc1c87c98c3ba6b8c82c230b11a02565' AND file:hashes.SHA256 = 'f89d742c4d3312ac9bd707a9135235482c554e369cb646dcd97f6a14b4210136']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-09-13T13:37:07Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--c0ada5f7-d274-4011-9a05-b1bdb2ebe146" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-09-13T13:37:07.000Z" ,
"modified" : "2018-09-13T13:37:07.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2018-09-10T14:19:02" ,
"category" : "Other" ,
"uuid" : "7431f176-47a0-4aeb-a93a-b5b8aaa3155d"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/f89d742c4d3312ac9bd707a9135235482c554e369cb646dcd97f6a14b4210136/analysis/1536589142/" ,
"category" : "External analysis" ,
"uuid" : "b9f2a194-9392-41fd-9849-9953d0b6a129"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "16/59" ,
"category" : "Other" ,
"uuid" : "767f6eaf-08b2-4b5e-929c-9cd867b9bebe"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5eddfb2f-6cc7-461f-b6ce-136882e44252" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-09-13T13:37:11.000Z" ,
"modified" : "2018-09-13T13:37:11.000Z" ,
"pattern" : "[file:hashes.MD5 = '9bcf535899fe77d4f3c78f3bd9810e10' AND file:hashes.SHA1 = '0baafb0dc6ecefdda5c131e8128aa6ac698b7c1f' AND file:hashes.SHA256 = 'd8fbf6d68993045b4840729c788665ab10c50c42b27246a290031664f3b956eb']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-09-13T13:37:11Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--50f46239-1bfb-4c67-aa7d-37f5d327db89" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-09-13T13:37:10.000Z" ,
"modified" : "2018-09-13T13:37:10.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2018-09-11T06:10:07" ,
"category" : "Other" ,
"uuid" : "39767421-d6e6-4589-aedd-6988492548f7"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/d8fbf6d68993045b4840729c788665ab10c50c42b27246a290031664f3b956eb/analysis/1536646207/" ,
"category" : "External analysis" ,
"uuid" : "ecc5384b-1a99-472c-a1fa-79c3d4bdb50e"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "23/59" ,
"category" : "Other" ,
"uuid" : "2f4bbc93-4fc7-4d0e-9471-159600402a6b"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--1409de38-3c59-48e4-bc96-95e5d351ba78" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-09-13T13:37:14.000Z" ,
"modified" : "2018-09-13T13:37:14.000Z" ,
"pattern" : "[file:hashes.MD5 = 'e407843bffcf913dfd4fa816b067c33c' AND file:hashes.SHA1 = 'b73865efa77e07a75eb3bdd24d95a92b301a0a74' AND file:hashes.SHA256 = '078eef70d754e9b64bc783f085846a2e8ae419653a79ed2386c4ade86fde68cb']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-09-13T13:37:14Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--8c3716af-2702-42c0-af1d-ffb02e2e5418" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-09-13T13:37:12.000Z" ,
"modified" : "2018-09-13T13:37:12.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2018-09-12T10:59:31" ,
"category" : "Other" ,
"uuid" : "197fd2f8-187a-4dd4-827c-333abecba11e"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/078eef70d754e9b64bc783f085846a2e8ae419653a79ed2386c4ade86fde68cb/analysis/1536749971/" ,
"category" : "External analysis" ,
"uuid" : "acd59703-f3e3-4fea-b989-174c2f4e44b4"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "22/57" ,
"category" : "Other" ,
"uuid" : "cb23a3ca-b153-4074-bb77-1007af2b3d1b"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--a85d42ef-debd-451d-815b-ff5467bd75b2" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-09-13T13:37:16.000Z" ,
"modified" : "2018-09-13T13:37:16.000Z" ,
"pattern" : "[file:hashes.MD5 = 'b324726c2a526fd98b06145b557408f0' AND file:hashes.SHA1 = '95e7b1213aa808678cd04cd1befdebba8b37ebf7' AND file:hashes.SHA256 = '99c22a0c0e252ab123fb3167f49d94dc12960b79565ca6dfd28f2ff5b0346348']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-09-13T13:37:16Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--17cf418e-64b5-41ec-922b-54d42d0ee510" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-09-13T13:37:15.000Z" ,
"modified" : "2018-09-13T13:37:15.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2018-09-11T07:55:29" ,
"category" : "Other" ,
"uuid" : "c43399fa-212e-4d49-b8e4-16b9c17a87ee"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/99c22a0c0e252ab123fb3167f49d94dc12960b79565ca6dfd28f2ff5b0346348/analysis/1536652529/" ,
"category" : "External analysis" ,
"uuid" : "3b6822a4-4f37-4f1e-91be-01b076bbbbff"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "23/59" ,
"category" : "Other" ,
"uuid" : "ba72f04f-02a5-49e6-aa16-29dd0e33b163"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--f04ab39a-7beb-4615-b61f-b246d5530a1d" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-09-13T13:37:19.000Z" ,
"modified" : "2018-09-13T13:37:19.000Z" ,
"pattern" : "[file:hashes.MD5 = '6b33b5c8d7e57e3c1c674eb1ffaf2cb2' AND file:hashes.SHA1 = '8606fd59486682c5fe32e3b1d1df622922e734e8' AND file:hashes.SHA256 = 'aab0ec600cdf57f28f9480ff3a9d3547f699af005c015b74c5c9e39a992570b6']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-09-13T13:37:19Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--9b32fc2b-5313-4b24-b254-76b77752b779" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-09-13T13:37:17.000Z" ,
"modified" : "2018-09-13T13:37:17.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2018-09-10T09:43:09" ,
"category" : "Other" ,
"uuid" : "9aae846b-805c-430a-9fc3-855881423ded"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/aab0ec600cdf57f28f9480ff3a9d3547f699af005c015b74c5c9e39a992570b6/analysis/1536572589/" ,
"category" : "External analysis" ,
"uuid" : "207f6dfe-b3ac-41ec-8363-228ac90d09c7"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "24/58" ,
"category" : "Other" ,
"uuid" : "0677f378-8f0c-4473-a74b-505cc2a6cad0"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--01a176a0-f1c1-4ead-8cc6-a657d617f57d" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-09-13T13:37:21.000Z" ,
"modified" : "2018-09-13T13:37:21.000Z" ,
"pattern" : "[file:hashes.MD5 = 'd26bf0c4bef27196aae4b0b533877f16' AND file:hashes.SHA1 = '96575a020408a67d03d0058735090d601df2e1a8' AND file:hashes.SHA256 = 'd6648a36f55d6b8ffd034df7d04156d31411719ce9bc28e6d30c8427feacb397']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-09-13T13:37:21Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--499422cf-0c27-46f7-9926-fbabf396ce2f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-09-13T13:37:20.000Z" ,
"modified" : "2018-09-13T13:37:20.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2018-09-10T13:23:05" ,
"category" : "Other" ,
"uuid" : "c75451f3-6f0d-436d-a3cf-f526d6f2b115"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/d6648a36f55d6b8ffd034df7d04156d31411719ce9bc28e6d30c8427feacb397/analysis/1536585785/" ,
"category" : "External analysis" ,
"uuid" : "9147ab65-176e-4e95-a4ae-1a21d12d51a9"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "19/60" ,
"category" : "Other" ,
"uuid" : "034e3e61-12fc-4acf-8974-1301ef7d8113"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--11eb620d-cf54-4826-a5e1-cd47cf0c42c8" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-09-13T13:37:23.000Z" ,
"modified" : "2018-09-13T13:37:23.000Z" ,
"pattern" : "[file:hashes.MD5 = 'f8e0ec8a7c6629c2f206c2b8860ded3f' AND file:hashes.SHA1 = '9d00562ca754411b4158d4e0e953e486cc4b3886' AND file:hashes.SHA256 = '596270e91ccee3ec04a552bafde586af127ecac7141852edb9707ac6c4779a99']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-09-13T13:37:23Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--3a5d4ca6-6c1c-45c8-b969-f42e24018080" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-09-13T13:37:22.000Z" ,
"modified" : "2018-09-13T13:37:22.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2018-09-11T05:10:56" ,
"category" : "Other" ,
"uuid" : "f757360f-d424-412b-9e62-c6c4ef056a61"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/596270e91ccee3ec04a552bafde586af127ecac7141852edb9707ac6c4779a99/analysis/1536642656/" ,
"category" : "External analysis" ,
"uuid" : "164f4b29-d0f9-4c29-adde-2b124d558914"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "22/58" ,
"category" : "Other" ,
"uuid" : "fca216f8-84e9-4497-9ad3-090cb3a399ed"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--25927348-f7e5-4c73-bb65-1a697c164887" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-09-13T13:37:26.000Z" ,
"modified" : "2018-09-13T13:37:26.000Z" ,
"pattern" : "[file:hashes.MD5 = 'd1dffadb8f075c8d4fe822fa81a3ddb1' AND file:hashes.SHA1 = 'c90535a54d0494b981c6a4f09b331762cebbfcc9' AND file:hashes.SHA256 = 'fab034d705b3ad7a10101858daf5da93a88f8bfd509dee9b8072678b27290ed3']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-09-13T13:37:26Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--bd12dbfb-3c97-438b-9431-b91856a77007" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-09-13T13:37:24.000Z" ,
"modified" : "2018-09-13T13:37:24.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2018-09-11T05:09:31" ,
"category" : "Other" ,
"uuid" : "4dcd8a36-6411-416b-aba9-64c1818398cb"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/fab034d705b3ad7a10101858daf5da93a88f8bfd509dee9b8072678b27290ed3/analysis/1536642571/" ,
"category" : "External analysis" ,
"uuid" : "aac80e1e-6cdc-467f-8771-7e72effbc129"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "24/60" ,
"category" : "Other" ,
"uuid" : "08caff6d-2bd9-48af-8850-d27b75126967"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--cd8a9a3f-2459-42e5-a868-efddc1ea6ac4" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-09-13T13:37:28.000Z" ,
"modified" : "2018-09-13T13:37:28.000Z" ,
"pattern" : "[file:hashes.MD5 = '943aa993dd600b3c8080e7a064cf5568' AND file:hashes.SHA1 = '9828898850d3e69d16b8ff312635e95ecf4478e9' AND file:hashes.SHA256 = '39891a1c13e4e6ec9de410201f697d23c05e83a29ec0010c6c62c6829386e6a6']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-09-13T13:37:28Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--bfd604f5-f81f-4c06-a20b-776c02c983e0" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-09-13T13:37:26.000Z" ,
"modified" : "2018-09-13T13:37:26.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2018-09-11T05:54:54" ,
"category" : "Other" ,
"uuid" : "771d6784-63d7-403d-aeb5-a20134c399f2"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/39891a1c13e4e6ec9de410201f697d23c05e83a29ec0010c6c62c6829386e6a6/analysis/1536645294/" ,
"category" : "External analysis" ,
"uuid" : "b3fa45af-080f-4132-a8de-4c8f487f2a2c"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "23/59" ,
"category" : "Other" ,
"uuid" : "edc16cb6-6700-4b30-99be-5f415c0f498c"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--41a04017-73fb-4631-887a-0671543e7f41" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-09-13T13:37:31.000Z" ,
"modified" : "2018-09-13T13:37:31.000Z" ,
"pattern" : "[file:hashes.MD5 = 'dd0d4d4196735db691a77ad2201fcb2a' AND file:hashes.SHA1 = '2e9676699462fbb3b36ad205a8189e93fd68599e' AND file:hashes.SHA256 = '1814c010f5e7391c7ea38850f9caf0771866e315f8d0c58c563818e71d30c208']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-09-13T13:37:31Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--bda04530-cb00-4b96-b39a-8a9f8e68e4b7" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-09-13T13:37:29.000Z" ,
"modified" : "2018-09-13T13:37:29.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2018-09-11T05:50:49" ,
"category" : "Other" ,
"uuid" : "5d064180-dde6-47df-9e92-52108e0b2c1b"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/1814c010f5e7391c7ea38850f9caf0771866e315f8d0c58c563818e71d30c208/analysis/1536645049/" ,
"category" : "External analysis" ,
"uuid" : "0a7cb0a0-13d8-40d4-9e47-8f273ce41258"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "21/59" ,
"category" : "Other" ,
"uuid" : "d0ec1e2b-44aa-4792-9faf-1a294393e2a5"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--a4c7f3b3-28f7-48c2-ba26-e788139df68d" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-09-13T13:37:33.000Z" ,
"modified" : "2018-09-13T13:37:33.000Z" ,
"pattern" : "[file:hashes.MD5 = 'f6388e1650573bac1f933011acda71f2' AND file:hashes.SHA1 = '86e7114c21dfdbcefd90f61426b9ce88d2698b12' AND file:hashes.SHA256 = '1913cf8e65114136cc309e72c384b717f0aeaaeae0c040188648c4afebce1669']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-09-13T13:37:33Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--6aa5bf4e-0751-467c-b327-1883ce155cb3" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-09-13T13:37:31.000Z" ,
"modified" : "2018-09-13T13:37:31.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2018-09-11T05:50:55" ,
"category" : "Other" ,
"uuid" : "127ea910-669d-448c-962d-5688970e3f1c"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/1913cf8e65114136cc309e72c384b717f0aeaaeae0c040188648c4afebce1669/analysis/1536645055/" ,
"category" : "External analysis" ,
"uuid" : "9e604b76-733e-41a3-a577-cebe99f787b6"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "21/59" ,
"category" : "Other" ,
"uuid" : "5052f9c6-992e-4ea7-a3c0-8c9e1b4c3e16"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--0ac97056-2d5a-45ae-876d-966288ca2ba9" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-09-13T13:37:35.000Z" ,
"modified" : "2018-09-13T13:37:35.000Z" ,
"pattern" : "[file:hashes.MD5 = '2b0919caab591515af6ff99fb76896e8' AND file:hashes.SHA1 = '99ff9c25bc2e0a874ca4090abb6c612ea984c30c' AND file:hashes.SHA256 = '92a4c6ae034c3a03c21b74bdc00264192e60a85deedd90b99a3e350758eb85c1']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-09-13T13:37:35Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--7a81dcbd-cd16-405c-b04c-04b5aab112bf" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-09-13T13:37:34.000Z" ,
"modified" : "2018-09-13T13:37:34.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2018-09-12T01:40:46" ,
"category" : "Other" ,
"uuid" : "4f66e666-cc07-49b1-95d4-649d6b094a43"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/92a4c6ae034c3a03c21b74bdc00264192e60a85deedd90b99a3e350758eb85c1/analysis/1536716446/" ,
"category" : "External analysis" ,
"uuid" : "8ec552cc-d839-4117-a6e0-824ba5d25e68"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "23/59" ,
"category" : "Other" ,
"uuid" : "26b9502d-8ad2-45bf-b828-6b68cba58d6b"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2024-08-07 08:13:15 +00:00
"id" : "relationship--56dd705a-6f8d-438d-8ef4-7a680af25283" ,
2023-04-21 14:44:17 +00:00
"created" : "2018-09-13T13:37:35.000Z" ,
"modified" : "2018-09-13T13:37:35.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "indicator--c9655c57-1760-44de-8ccc-7029b572eae9" ,
"target_ref" : "x-misp-object--09f198df-da65-491a-b0aa-b776a71ebd10"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2024-08-07 08:13:15 +00:00
"id" : "relationship--4a1a7c2f-c614-446a-b601-095219736b05" ,
2023-04-21 14:44:17 +00:00
"created" : "2018-09-13T13:37:35.000Z" ,
"modified" : "2018-09-13T13:37:35.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "indicator--85dcb3db-5f44-45ce-91ed-474e10a184ce" ,
"target_ref" : "x-misp-object--2f799c8d-3791-4020-8203-8f673107e71a"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2024-08-07 08:13:15 +00:00
"id" : "relationship--f3f1d35f-255e-4aa0-826e-9f1ae5c1f915" ,
2023-04-21 14:44:17 +00:00
"created" : "2018-09-13T13:37:35.000Z" ,
"modified" : "2018-09-13T13:37:35.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "indicator--5892a64f-3a60-4d35-b243-5b5ee982d5aa" ,
"target_ref" : "x-misp-object--c0c775a5-3da7-4a09-b2b3-401164eadeb0"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2024-08-07 08:13:15 +00:00
"id" : "relationship--6a4c04a1-0caa-40c9-a19a-5281399eedc4" ,
2023-04-21 14:44:17 +00:00
"created" : "2018-09-13T13:37:35.000Z" ,
"modified" : "2018-09-13T13:37:35.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "indicator--b8d711a9-9a6e-4659-b9b2-b42dc5fb64bd" ,
"target_ref" : "x-misp-object--526f5584-f6ca-47e3-9fa6-94a38edeac72"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2024-08-07 08:13:15 +00:00
"id" : "relationship--db2d708e-96e4-4673-81d5-1d26d03afdf4" ,
2023-04-21 14:44:17 +00:00
"created" : "2018-09-13T13:37:35.000Z" ,
"modified" : "2018-09-13T13:37:35.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "indicator--3bd19fac-4ad2-4d33-b023-7359e714c116" ,
"target_ref" : "x-misp-object--c28acd19-e6ca-4fa4-a444-c884b75c7a0a"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2024-08-07 08:13:15 +00:00
"id" : "relationship--4dfe1954-ed3d-42d8-9551-1e90bee03e85" ,
2023-04-21 14:44:17 +00:00
"created" : "2018-09-13T13:37:35.000Z" ,
"modified" : "2018-09-13T13:37:35.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "indicator--832a413e-bc2f-47a6-b913-d9ae101ea8d0" ,
"target_ref" : "x-misp-object--ef7a87c9-d339-48a4-a939-93db4c14e085"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2024-08-07 08:13:15 +00:00
"id" : "relationship--31237cbe-e089-45b9-b979-a07058b7ffa8" ,
2023-04-21 14:44:17 +00:00
"created" : "2018-09-13T13:37:35.000Z" ,
"modified" : "2018-09-13T13:37:35.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "indicator--fd8a9a4d-bf88-4db4-b070-cda698f7e250" ,
"target_ref" : "x-misp-object--24952aa6-ab94-4152-af25-3437ccf8a6d4"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2024-08-07 08:13:15 +00:00
"id" : "relationship--67cbe7ee-3ca6-4d9a-9fcb-12bdac29123f" ,
2023-04-21 14:44:17 +00:00
"created" : "2018-09-13T13:37:35.000Z" ,
"modified" : "2018-09-13T13:37:35.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "indicator--8eff451c-0576-4361-b4a7-a4e2f7949bd5" ,
"target_ref" : "x-misp-object--5f60eec5-1e31-47a7-a572-3c69ff9cbd7d"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2024-08-07 08:13:15 +00:00
"id" : "relationship--19397c59-aaa1-4eab-8099-3b76297591e8" ,
2023-04-21 14:44:17 +00:00
"created" : "2018-09-13T13:37:35.000Z" ,
"modified" : "2018-09-13T13:37:35.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "indicator--b93e361e-6457-475a-8466-3229a898dd5d" ,
"target_ref" : "x-misp-object--c0ada5f7-d274-4011-9a05-b1bdb2ebe146"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2024-08-07 08:13:15 +00:00
"id" : "relationship--9c54ab44-a150-4ea1-a3c8-dbdcbb298e5a" ,
2023-04-21 14:44:17 +00:00
"created" : "2018-09-13T13:37:35.000Z" ,
"modified" : "2018-09-13T13:37:35.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "indicator--5eddfb2f-6cc7-461f-b6ce-136882e44252" ,
"target_ref" : "x-misp-object--50f46239-1bfb-4c67-aa7d-37f5d327db89"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2024-08-07 08:13:15 +00:00
"id" : "relationship--9b3c6e1a-33c6-44a5-b466-5419f7e5fc74" ,
2023-04-21 14:44:17 +00:00
"created" : "2018-09-13T13:37:35.000Z" ,
"modified" : "2018-09-13T13:37:35.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "indicator--1409de38-3c59-48e4-bc96-95e5d351ba78" ,
"target_ref" : "x-misp-object--8c3716af-2702-42c0-af1d-ffb02e2e5418"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2024-08-07 08:13:15 +00:00
"id" : "relationship--adb01705-92c9-4b65-822d-f5a3f8449360" ,
2023-04-21 14:44:17 +00:00
"created" : "2018-09-13T13:37:35.000Z" ,
"modified" : "2018-09-13T13:37:35.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "indicator--a85d42ef-debd-451d-815b-ff5467bd75b2" ,
"target_ref" : "x-misp-object--17cf418e-64b5-41ec-922b-54d42d0ee510"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2024-08-07 08:13:15 +00:00
"id" : "relationship--a7c594cc-3c6a-43d5-a0ad-af14eb8a108b" ,
2023-04-21 14:44:17 +00:00
"created" : "2018-09-13T13:37:35.000Z" ,
"modified" : "2018-09-13T13:37:35.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "indicator--f04ab39a-7beb-4615-b61f-b246d5530a1d" ,
"target_ref" : "x-misp-object--9b32fc2b-5313-4b24-b254-76b77752b779"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2024-08-07 08:13:15 +00:00
"id" : "relationship--9345de37-ab69-4f24-a7b4-56344c1c2437" ,
2023-04-21 14:44:17 +00:00
"created" : "2018-09-13T13:37:35.000Z" ,
"modified" : "2018-09-13T13:37:35.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "indicator--01a176a0-f1c1-4ead-8cc6-a657d617f57d" ,
"target_ref" : "x-misp-object--499422cf-0c27-46f7-9926-fbabf396ce2f"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2024-08-07 08:13:15 +00:00
"id" : "relationship--255a2c0e-450b-41cc-b435-243d9bb40842" ,
2023-04-21 14:44:17 +00:00
"created" : "2018-09-13T13:37:35.000Z" ,
"modified" : "2018-09-13T13:37:35.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "indicator--11eb620d-cf54-4826-a5e1-cd47cf0c42c8" ,
"target_ref" : "x-misp-object--3a5d4ca6-6c1c-45c8-b969-f42e24018080"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2024-08-07 08:13:15 +00:00
"id" : "relationship--04cdb027-4a2e-4486-8736-1e974901af54" ,
2023-04-21 14:44:17 +00:00
"created" : "2018-09-13T13:37:36.000Z" ,
"modified" : "2018-09-13T13:37:36.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "indicator--25927348-f7e5-4c73-bb65-1a697c164887" ,
"target_ref" : "x-misp-object--bd12dbfb-3c97-438b-9431-b91856a77007"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2024-08-07 08:13:15 +00:00
"id" : "relationship--7cbd0a06-1230-4fb6-94a7-96c68d76f4c1" ,
2023-04-21 14:44:17 +00:00
"created" : "2018-09-13T13:37:36.000Z" ,
"modified" : "2018-09-13T13:37:36.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "indicator--cd8a9a3f-2459-42e5-a868-efddc1ea6ac4" ,
"target_ref" : "x-misp-object--bfd604f5-f81f-4c06-a20b-776c02c983e0"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2024-08-07 08:13:15 +00:00
"id" : "relationship--92a6775a-3c0b-4cab-86ac-cb85a999c303" ,
2023-04-21 14:44:17 +00:00
"created" : "2018-09-13T13:37:36.000Z" ,
"modified" : "2018-09-13T13:37:36.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "indicator--41a04017-73fb-4631-887a-0671543e7f41" ,
"target_ref" : "x-misp-object--bda04530-cb00-4b96-b39a-8a9f8e68e4b7"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2024-08-07 08:13:15 +00:00
"id" : "relationship--fe7cfbd1-f0b9-46db-9c81-a2befe3b5362" ,
2023-04-21 14:44:17 +00:00
"created" : "2018-09-13T13:37:36.000Z" ,
"modified" : "2018-09-13T13:37:36.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "indicator--a4c7f3b3-28f7-48c2-ba26-e788139df68d" ,
"target_ref" : "x-misp-object--6aa5bf4e-0751-467c-b327-1883ce155cb3"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2024-08-07 08:13:15 +00:00
"id" : "relationship--1dffff09-08bb-47dc-9d9b-5e35ca0f54bb" ,
2023-04-21 14:44:17 +00:00
"created" : "2018-09-13T13:37:36.000Z" ,
"modified" : "2018-09-13T13:37:36.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "indicator--0ac97056-2d5a-45ae-876d-966288ca2ba9" ,
"target_ref" : "x-misp-object--7a81dcbd-cd16-405c-b04c-04b5aab112bf"
} ,
{
"type" : "marking-definition" ,
"spec_version" : "2.1" ,
"id" : "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ,
"created" : "2017-01-20T00:00:00.000Z" ,
"definition_type" : "tlp" ,
"name" : "TLP:WHITE" ,
"definition" : {
"tlp" : "white"
}
}
]
}