2023-04-21 14:44:17 +00:00
{
"type" : "bundle" ,
"id" : "bundle--5c38b6ad-57ec-4f95-9986-4537950d210f" ,
"objects" : [
{
"type" : "identity" ,
"spec_version" : "2.1" ,
"id" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-01-17T11:06:18.000Z" ,
"modified" : "2019-01-17T11:06:18.000Z" ,
"name" : "CIRCL" ,
"identity_class" : "organization"
} ,
{
"type" : "grouping" ,
"spec_version" : "2.1" ,
"id" : "grouping--5c38b6ad-57ec-4f95-9986-4537950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-01-17T11:06:18.000Z" ,
"modified" : "2019-01-17T11:06:18.000Z" ,
"name" : "OSINT - Big Game Hunting with Ryuk: Another Lucrative Targeted Ransomware" ,
"context" : "suspicious-activity" ,
"object_refs" : [
"observed-data--5c38b6de-fdb0-4208-8025-3179950d210f" ,
"url--5c38b6de-fdb0-4208-8025-3179950d210f" ,
"observed-data--5c3c677e-8a1c-40a7-9873-4ed3950d210f" ,
"file--5c3c677e-8a1c-40a7-9873-4ed3950d210f" ,
"artifact--5c3c677e-8a1c-40a7-9873-4ed3950d210f" ,
"indicator--5c3c68bd-69c0-4767-a1e7-f340950d210f" ,
"indicator--5c3c68be-70f0-49c1-a063-f340950d210f" ,
"observed-data--5c3c7717-ef80-40a4-8d05-41f4950d210f" ,
"file--5c3c7717-ef80-40a4-8d05-41f4950d210f" ,
"artifact--5c3c7717-ef80-40a4-8d05-41f4950d210f" ,
"indicator--5c3c921d-e76c-4a2d-883a-4fbf950d210f" ,
"indicator--5c3c921e-5910-439b-9da1-45da950d210f" ,
"x-misp-attribute--5c3c9477-f1d0-4728-a826-4916950d210f" ,
"observed-data--5c3ca6a7-1228-4f42-beea-485c950d210f" ,
"url--5c3ca6a7-1228-4f42-beea-485c950d210f" ,
"observed-data--5c3ca6a7-904c-4546-8ffc-485c950d210f" ,
"url--5c3ca6a7-904c-4546-8ffc-485c950d210f" ,
"x-misp-attribute--5c3ef39c-1830-4b4e-9d05-4b97950d210f" ,
"indicator--5c3c6597-a1f8-48fd-b501-48b3950d210f" ,
"x-misp-object--5c3c68e0-93a0-4538-8457-4175950d210f" ,
"indicator--5c3c9879-1ec4-418f-8927-4fbf950d210f" ,
"indicator--5c3c9892-4e90-4b96-9acf-4980950d210f" ,
"indicator--5c3c9aa9-0bd8-4d68-9796-4d2b950d210f" ,
"indicator--5c3c9ab9-04b8-48b6-8254-4128950d210f" ,
"indicator--5c3c9ad0-cdc8-4e7d-a258-4a21950d210f" ,
"x-misp-object--5c3c9ece-49f4-41d4-be5b-4af2950d210f" ,
"x-misp-object--5c3c9f17-2804-4008-9d29-4e9c950d210f" ,
"x-misp-object--5c3c9fc4-7b34-4e1c-9d6a-0e5b950d210f" ,
"x-misp-object--5c3c9fd8-4350-4890-8854-0fcf950d210f" ,
"x-misp-object--5c3c9ff0-57b0-4c74-b39b-4e07950d210f" ,
"x-misp-object--5c3c9ffe-bbe0-4cea-a025-458f950d210f" ,
"x-misp-object--5c3ca032-0350-4e27-8808-43fa950d210f" ,
"x-misp-object--5c3ca045-9d9c-4df5-a52f-4df9950d210f" ,
"x-misp-object--5c3ca053-b55c-4a3b-9c0e-1b22950d210f" ,
"x-misp-object--5c3ca05e-67d0-4626-b737-1b22950d210f" ,
"x-misp-object--5c3ca06e-37c0-45c0-b500-42ab950d210f" ,
"x-misp-object--5c3ca07d-8c54-43df-aaa6-4091950d210f" ,
"x-misp-object--5c3ca08c-4cd4-4e79-943c-42a1950d210f" ,
"x-misp-object--5c3ca0a0-b498-4df7-a348-403a950d210f" ,
"x-misp-object--5c3ca0b2-e2e4-49a7-84a2-4e77950d210f" ,
"x-misp-object--5c3ca0db-d8dc-45cc-97ef-4d02950d210f" ,
"x-misp-object--5c3ca0ee-26cc-442d-a961-41cc950d210f" ,
"x-misp-object--5c3ca0fe-9f74-403b-ac4c-4475950d210f" ,
"x-misp-object--5c3ca111-42cc-4aa9-bcf3-4399950d210f" ,
"x-misp-object--5c3ca11e-d4c8-4584-9bf0-4b2e950d210f" ,
"x-misp-object--5c3ca12b-2fbc-4953-89d5-43c3950d210f" ,
"x-misp-object--5c3ca1ac-f678-4859-9436-1622950d210f" ,
"x-misp-object--5c3ca30f-c224-40b0-91dc-0fcf950d210f" ,
"x-misp-object--5c3ca323-ee2c-48b6-a809-1623950d210f" ,
"x-misp-object--5c3ca346-b08c-413f-a93b-4d26950d210f" ,
"x-misp-object--5c3ca355-effc-4453-81b7-0fcf950d210f" ,
"x-misp-object--5c3ca363-e6dc-4023-8dac-4212950d210f" ,
"x-misp-object--5c3ca376-58f4-42b6-b8c7-4f0c950d210f" ,
"x-misp-object--5c3ca382-484c-479c-8ced-4ff3950d210f" ,
"x-misp-object--5c3ca391-7268-4cdf-a541-0fcf950d210f" ,
"x-misp-object--5c3ca39c-2148-4405-b622-0fcf950d210f" ,
"x-misp-object--5c3ca3a8-69f8-4e7a-84f4-0fcf950d210f" ,
"x-misp-object--5c3ca3b5-af08-4e27-84c0-34c1950d210f" ,
"x-misp-object--5c3ca3c1-60a0-4cd6-a0f4-34c1950d210f" ,
"x-misp-object--5c3ca3cd-5970-45f4-9ec3-34c1950d210f" ,
"x-misp-object--5c3ca3da-4fe0-4dc1-af2b-4fb4950d210f" ,
"x-misp-object--5c3ca3e7-a2c0-4ba9-8776-470a950d210f" ,
"x-misp-object--5c3ca3f5-fd00-448d-b2e2-4bc7950d210f" ,
"indicator--5c3ca414-cc8c-489c-a3d8-4197950d210f" ,
"indicator--5c3ca430-14a0-4686-a379-4954950d210f" ,
"indicator--5c3ca44b-3c10-4500-95d9-44b1950d210f" ,
"indicator--5c3ca60e-a128-48ac-91e8-34c1950d210f" ,
"indicator--5c3ca627-8918-4c80-bf77-41e3950d210f" ,
"indicator--5c3ca63c-480c-4b45-a247-49ce950d210f" ,
"x-misp-object--5c3eeec8-c848-4681-b3f0-40bb950d210f" ,
"x-misp-object--5c3eeed7-b97c-4424-bf19-44f4950d210f" ,
"x-misp-object--5c3eeee6-04e4-4dcf-a635-4346950d210f" ,
"x-misp-object--5c3eeef5-88bc-4d76-a767-40a5950d210f" ,
"x-misp-object--5c3eef06-5570-467e-8d4b-43b2950d210f" ,
"x-misp-object--5c3eef14-0a24-40e0-aca2-490b950d210f" ,
"x-misp-object--5c3eef22-0490-4ded-a738-4edd950d210f" ,
"indicator--5c3ef0ce-3fb0-4de5-9820-475b950d210f" ,
"indicator--5c3ef0e4-70f4-4d3b-b36e-4e60950d210f" ,
"indicator--5c3ef0fa-4aa0-4e22-b3f7-4bf3950d210f" ,
"indicator--5c3ef10a-fb10-41e9-b710-403d950d210f" ,
"indicator--5c3ef1a1-987c-4f5a-bb4e-47a3950d210f" ,
"indicator--5c3ef226-81f0-4f23-8d3f-4aa7950d210f" ,
"indicator--5c3ef238-a86c-4f40-a975-437a950d210f" ,
"indicator--5c3ef257-33b0-4544-b2e1-4cba950d210f" ,
"indicator--5c3ef271-e134-4e6c-8d95-4398950d210f" ,
"indicator--5c3ef287-0830-489a-9a3b-4e2e950d210f" ,
"indicator--cf1af478-774a-4ced-bd47-1b476fc876e5" ,
"x-misp-object--b37e0793-26b0-465c-a1ab-3fa09c9c3e1b" ,
"indicator--f8fd5ca1-d41b-428f-b8d9-ae1ec14c3604" ,
"x-misp-object--5a0351e8-1508-4154-9ea3-8c5c0f010e79" ,
"indicator--46c13dc4-015b-4326-bdae-6c3a75a4d1b0" ,
"x-misp-object--ed3bd964-31c2-4d64-b035-a83d7e1e1052" ,
"indicator--c017b55a-9656-472a-965c-b4acca1df9ea" ,
"x-misp-object--b15d1764-9f34-4abe-99cb-db9b784f2979" ,
"indicator--8564d09f-fa51-44ba-95d8-716de33a6fe9" ,
"x-misp-object--f01ca3c5-8df4-4b81-a250-24b35a6ac02c" ,
"indicator--4c8e7cf0-af3b-4bc6-b832-71613cceb30f" ,
"x-misp-object--633b4ecc-1f77-4c82-91c6-bb59a0b2c02c" ,
"indicator--3c8b753f-290b-47c6-a7fb-5fd688ee0b1f" ,
"x-misp-object--f42a3c68-34e4-4281-87a8-13f447260663" ,
"indicator--cef977f5-1919-4bf8-b68b-5f94e2f8769a" ,
"x-misp-object--bff9298c-ae77-4030-ac91-f375560dd069" ,
"indicator--ed80d4f6-49a7-414e-bbde-eb9b532ef6cc" ,
"x-misp-object--b22383ff-b594-4bc9-8447-42ac0ff61d0d" ,
"indicator--6ed686f8-db20-4a43-85ec-952321137954" ,
"x-misp-object--88ab7095-b2f6-4e5b-80fd-8e13b5715468" ,
"indicator--9fd48389-887a-4962-befb-892a01897907" ,
"x-misp-object--2398ac62-b417-4202-99e0-b929dc2ab683" ,
"indicator--1db5f0d2-4366-4d6b-8b76-63c78bebd8c1" ,
"x-misp-object--3e3a2a7a-c7e7-4d8d-96c7-53005aa1f2c5" ,
"indicator--275652a1-94fb-4eb9-bd65-55f3e5cb690f" ,
"x-misp-object--54a26bc3-3229-4ef3-8a0b-091f4fa8c849" ,
"indicator--c3ccabe7-4ad6-4766-8b0e-90420c63cb3f" ,
"x-misp-object--cb769b53-031c-4ad6-b179-075e755bd1ca" ,
2024-08-07 08:13:15 +00:00
"relationship--ae1ecb17-b6da-4305-b54f-587cb371dd7f" ,
"relationship--8eff6088-db48-4e88-aee4-745e42e6b8da" ,
"relationship--ae7726c1-9b6d-4a30-ad88-7905bdbc7fe6" ,
"relationship--db599a5c-09cd-4994-bb9f-6aee592b4de6" ,
"relationship--478d2cd2-3e5b-4643-8ad6-886b11393098" ,
"relationship--feef197c-53a3-4e49-982d-ebc4466e81c1" ,
"relationship--4434ecc8-d992-49d9-a2fb-ddbbd3acff39" ,
"relationship--5fd8ca97-b256-482a-886f-f86cf1039d16" ,
"relationship--cb350524-b191-4f88-ac6a-7287bb104987" ,
"relationship--764ef028-6c84-4fca-903b-b81b593b617d" ,
"relationship--d4ef7f9c-6238-4b75-96f2-7fc09833d136" ,
"relationship--4f229fd9-9c5b-438e-8c35-ebaa8fbc083e" ,
"relationship--3ad9804d-23ff-4eab-9960-d05c7dd53ffe" ,
"relationship--063d33a2-4b80-4d3e-a93d-b8aafe73753d"
2023-04-21 14:44:17 +00:00
] ,
"labels" : [
"Threat-Report" ,
"misp:tool=\"MISP-STIX-Converter\"" ,
"malware_classification:malware-category=\"Ransomware\"" ,
"circl:incident-classification=\"malware\"" ,
"workflow:todo=\"expansion\"" ,
"misp-galaxy:malpedia=\"Ryuk\"" ,
"misp-galaxy:ransomware=\"Ryuk ransomware\"" ,
"misp-galaxy:threat-actor=\"GRIM SPIDER\"" ,
"misp-galaxy:threat-actor=\"WIZARD SPIDER\"" ,
"misp-galaxy:threat-actor=\"INDRIK SPIDER\"" ,
"misp-galaxy:threat-actor=\"MUMMY SPIDER\"" ,
"misp-galaxy:tool=\"Trick Bot\"" ,
"misp-galaxy:malpedia=\"TrickBot\"" ,
"misp-galaxy:banker=\"Trickbot\"" ,
"misp-galaxy:tool=\"Emotet\"" ,
"misp-galaxy:banker=\"Geodo\"" ,
"misp-galaxy:malpedia=\"Geodo\"" ,
"misp-galaxy:malpedia=\"Hermes Ransomware\"" ,
"misp-galaxy:ransomware=\"Hermes Ransomware\""
] ,
"object_marking_refs" : [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--5c38b6de-fdb0-4208-8025-3179950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-01-16T09:01:57.000Z" ,
"modified" : "2019-01-16T09:01:57.000Z" ,
"first_observed" : "2019-01-16T09:01:57Z" ,
"last_observed" : "2019-01-16T09:01:57Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--5c38b6de-fdb0-4208-8025-3179950d210f"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\"" ,
"osint:source-type=\"blog-post\""
] ,
"object_marking_refs" : [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--5c38b6de-fdb0-4208-8025-3179950d210f" ,
"value" : "https://www.crowdstrike.com/blog/big-game-hunting-with-ryuk-another-lucrative-targeted-ransomware/"
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--5c3c677e-8a1c-40a7-9873-4ed3950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-01-14T10:42:06.000Z" ,
"modified" : "2019-01-14T10:42:06.000Z" ,
"first_observed" : "2019-01-14T10:42:06Z" ,
"last_observed" : "2019-01-14T10:42:06Z" ,
"number_observed" : 1 ,
"object_refs" : [
"file--5c3c677e-8a1c-40a7-9873-4ed3950d210f" ,
"artifact--5c3c677e-8a1c-40a7-9873-4ed3950d210f"
] ,
"labels" : [
"misp:type=\"attachment\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "file" ,
"spec_version" : "2.1" ,
"id" : "file--5c3c677e-8a1c-40a7-9873-4ed3950d210f" ,
"name" : "RansomeNote-fig3.png" ,
"content_ref" : "artifact--5c3c677e-8a1c-40a7-9873-4ed3950d210f"
} ,
{
"type" : "artifact" ,
"spec_version" : "2.1" ,
"id" : "artifact--5c3c677e-8a1c-40a7-9873-4ed3950d210f" ,
"payload_bin" : " i V B O R w 0 K G g o A A A A N S U h E U g A A A 84 A A A K n C A A A A A B y 8 k u i A A A A A X N S R 0 I A r s 4 c 6 Q A A y t V J R E F U e N r s / W d c V V m + q I 32 / d 1 z 7 n v P u f f d J 5 + z z 9 l 59 + 4 c q r u 6 q z p U V 3 V X d 0 U j O e c g o E g S U J A k C I q i g o h K E l Q E j B h A B V S i i I G c c 845 L B Y r P u + H t V A W a n X l 6 q 4 a z x c W Y 6 Y x 5 x z P G P 8 x 5 l p j f g u B Q P A 14 V v i E g g E Q m e B Q C B 0 F g g E Q m e B Q C B 0 F g i E z g K B Q O g s E A i E z g K B Q O g s E A i E z g K B 0 F k g E A i d B Q K B 0 F k g E A i d B Q K h s 0 A g E D o L B A K h s 0 A g E D o L B A K h s 0 A g d B Y I B E J n g U A g d B Y I B E J n g U D o D C w v L C p A u r i g / O w H U a g / 3 n o D B 2 K X 1 q a N x + + Z + X h b 10 R c V H + h 10 q l / H S n O R o X N S 9 K m u C r 1 P n S H 9 b V Q / I b 5 o O f + R i L 8 Z K P t + J C m e N z 6 i 7 V / q n j 4209 c c b p i 71 W 5 b k f b X P C 1 I s X S K r e H R Q l T f B V 6 q w 4 Z a m A + t / 3 f f Y W T + a t + L h r B k 0 / n 2 j 1 M X W m 0e2 L v V Y 30 z 56 + Y 6 X h h G W A 6 K k C b 7 S v r P S + Q K K b V c B q D s S k T Y F V K U 3 Q M O p a 8 u w d C m 9 k 9 b 4 G 9 L V 29 z N m r u 892 g v A G N J 4 Y c r A R 4 e e + d 42 q m z k y j z z l y R w f D p M 0 + A h t j w 5 A m A 5 l P X V b K 8 + D Z g M X B a X X w 6 T b c t s 2 q 5 H H G k F 0 B e e z w s u l q T W h E d l l j Z r R t t b 1 c W R M V o l s + c i j h U r l 0 z J u L U J D B 5 + n F v 3 N 7 L O h G z 4 l r G f O u x s F R N u 1 p 5 K O L U B D B 1 + m H f 0 b 2 X F E 8 T x w H J R X e 79 F O n C g F F X l o D f S c u z o G i I X H P v k q A u u R 3 j 6 S f S h 8 C m D 8 d c a B Y 26 R H R Z c o r I T O g q 9 W Z z o 3 j W a 4 q A G S D B M v B h s 2 Q a n V b q j c / 8 Y w L K T a x S e Z H P E 9 u 3 q T K 9952 / d C j H 4 f U L U p 7 H K q 2 R H g z p 5 f 7 j 0 U c 2 Q E 1 a H X k p e h z / e 1 I k g z O H 4 x w q A W e L R f v 8 z W K 8 F 5 C B Y D Z 9 D 7 h 326 l p q u 875 w 1 L A b a N y W c O W 0 x R 2 A V M P T V x O + c 0 B n x X o j H 7 / z y Z u T g U a D o M t p F l F q U O 0 z S r + 8 x 6 A B x j z + 0 T j u k l P U 6 n B D d u 4 X 7 p Y n L 4 V Y 9 Y M q 2 j D t c o R e H Y x 7 / 4 N R 7 K U t E W p Q H T A 8 d T l C r w Y W U i z 1 D s c c u A T I s 1 w j M v U O B E V D x / a j l 89 Z X w P u 73 s t 5 F D M o W 6 g z X j n p b P W I U p Q n z d L z / I O 3 j A k S p r g q 9 W Z C 5 s M + w F K j c e B P L M F u L s H w H s Q o P z 7 W 8 d R 6 Q 7 y 6 I c B B x N g 2 u I x s O S c D y z t W N b 2 j R 2 W u N F M 0 R 6 o N B g B C o 1 m A Z x + d h X m 5 b A Y M p d k 2 r s m G 3 q R Q G z s y r + 1 g Q A G F c D p F J 0 V 2761 H x j f / I Q F 6 z u A z P 0 q 5 G x f B o r t F q H + x 0 2 w t H l M t + 3 //ihwxXmZ69ukQKnNAjT9qB5kesOQu20JKLeeA26mP92q6SfWPbASXHf4qgH8tH3nJftcQLkjGwpt5kAd9DcToqQJvmKdVRs0ukQXABDwGG7vAVSegwCF22XP93N7gIvRUGDa0tDQ0HJwBzDrteK8dZPkn7Zz/Dgc0gwrBd8H1Ftva5dLnS1Nnus9W3QDF0MBus4eiEvYBnDKMq6oVarbr298fREgM5z7Bs0NDQ3Nx7eC3enmhoaG1vcboMIFwF63K26bBKA2bsIhTbNmLTzaAuDQBk6nmhsaGlo/qASuPas9HjusnFJvZvSRRCc1IPcZ0VY4mxsaGhqa0h1h612AsTeHRUkTfMU6k/QYABeNAPGXVnT20uic8YJhq07g0kE4/4PgoKCg4B2pOjonXM7fbjUa8QS2NmuOkAkow7UeIP/Q3qbuOZ3bgQthQPIHsdmZwc6ayPrscUendp0Va60BKPHl5neDgoKCgn1PqPmTZUhQUFCQTytUbAFw6tTZyOmaJuO1vGceEhQUFOTdDI+cAZzb4QOzkKCgoGDvGl2dHx7Xfsh4PyY7K8KK1TqX/Nvu4KCgIL+jKszbAJYNxci24CvXOaESgEOa8TCfWrgVDrBdo3P6R+hcte1Z4qzXgvZTvmd42d6z9tMQfxEAv8eAMmxlpEiyS3LfsPFlOnfZDAODfsBcJ8AtT51xraafzgKciqZ5y9PEwMKnH1+os5kxQJ/eJMG3nyY+0zn01rNVr6Y+0/mo5u+wdS8w6aUG5N7aML7b8Wm2PG8ADPxKI7pMLgqc4CvT+cQTTau3oRVIdVqGchtQH/3FBEDR2ee3sO4Fcg6BwjsWoPmeGpa29QID09D/2npZzXdt1dC8vhE4a7sE8LR1Xt49TYVxq+4+LbuBy+HwxBUYtLUCHr4zCVRZ6vjR+f/yUkCrfieqgGA10FGoomlDAyAr6INHrgDOPTp7d/xZ1ODCY4ML0Lq+DpAX9kK1C8CWLmhbXwvIC9uBe3sAWacSqDqm2brFUQlTbvoAKp86YHgUwvwVQHe+gkcWA7Dk9p9nABr/8Md+UeIEX4nOiuM73jD2LQe4ohdxbKtNP7Bo7R7jtPXVXYs8DjD4g6/PHp1vTiwd/FfnHro2/LIMJt2c4mL93z8PkGJ8MNbHuAaUH3gj+8V+gOt6Ycc8LbtBluD3cydf72tAv+f6OWZ+8f3IVf1nyYF/ce7lyQevZqHwdYgNMff4/t4Z6n9stf94hNHd1Ud/bGGx1+XoXr2bwOwO+7i4XR+cVkOuQVDCfnvzYeqMv3tKxcV/8dTpnbvlHjIxMb0GcNMgKCHawXSIBpPvJiu5/C/uk3DLcHdCtINJDzBt6xm/z85PRkuAxW92+AQOgmq37ZE9Vp4/CB4HLurvj/M3yofFANvY+MB1SWq4vflAnNORdxwbgPxvfatKlDjBV6Kzuqqw6G6hptPXn5V4S/OAeeLsqQpaK+QMF9wtKigs03nsrKgsKZplurioH1CVnjpVqDWnIjHtzgxA9xT0jAMwmJ2YuwSoHhUU3yks7ADm79WoWKooLl9etc8HJcWzDN8rboLlvJMX+nlYvox0rCXjRKbu09zhuz1UpWb0aQ+ZlpqvGU8evXQyu04NY3dLatW0lNzXybNrCbIZlebz2OWT2XUqGL9bUqOmtaR8CRi/cjK7VrPCzMUT5+tVMFlwt6iwsHgBkOefzO7gSckSQFVy6m3NMR+mJ9/ShN4tqekNNN0ZB5bzChWixAm+qmD7m4B7hSgEAqHz1wJ5yZ/2XBdf2RIInb8OyK6npqV3imIgEDoLBAKhs0AgEDoLBAKhs0AgdBYIBEJngUAgdBYIBEJngUAgdBYIhM4CgUDoLBAIhM4CgUDoLBAInQUCgdBZIBAInQUCgdBZIBAInQUCobNAIBA6CwQCobNAIBA6CwRCZ4FAIHQWCARCZ4FAIHQWCARCZ4FA6CwQCITOAoFA6CwQCITOAoHQWSAQCJ0FAsHXSeflxb/iqyFbFCXiq0E1r/rrzbx6QfkXr7NscWlJm8uiw9GXNJ9mTx6J7n/Byp0H9+1LkwBkemtS5k8eie77Ek7gXsT15xOLIq79mc2U6hel3nRRf1SR05a4meS9E5/mpn/cAns3/O5zaZWR2Z/4gMNHjn0F1ZP6ZUW7YV/Gy6/u2PdbdDdX5eyp/jyP/kmZSoyN+Ljld+GnFWuOXrjn/l+YzrEmm94+rvnY9zA7SHMnlqse+Tx6ft3ujfvzz5xaADizVVsbVD/yrfwSTqDvkPMLEo84/Zlm+MTsi5Kv236UzhU3tQFIjX7Np8jpwxsfc8Xew0eeSxtKMf/EB1wo3Tr25Zeo0bSXXMPxLMOP2OrvmjQfJk5plFC3eSZ9GgtTFZ/PaSxVPzIq+Jjrzv9rmfZD8pLmQ09g9F+YzpLFA542K8Wh98DTe5T0Ap1TDz/7LH/6KeXL0JmSrS9ILHP7M1t5L7xY84/aJi/t6dafpuHIT/64a95PfEHbZv8pItjI0a9A55CXLemx+IjN5NoCNhn0tKB9Gp1ndn9+Z7Lr4+r8NPOSgJUI7PyBv7S+s8K1LSJD+7kj+qnOx5/TeSDT2jkz49IcUJdx7snT9JMrOj+Ijc6a1wTrpyMPFdesqUDlOdGxFQBlFxfyohOeC+Yfxu3PnANQNCVHHq7XJI6ciopv7lmCO16
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5c3c68bd-69c0-4767-a1e7-f340950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-01-14T10:47:25.000Z" ,
"modified" : "2019-01-14T10:47:25.000Z" ,
"pattern" : "[email-message:from_ref.value = 'kurtschweickardt@protonmail.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-01-14T10:47:25Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"email-src\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5c3c68be-70f0-49c1-a063-f340950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-01-14T10:47:26.000Z" ,
"modified" : "2019-01-14T10:47:26.000Z" ,
"pattern" : "[email-message:from_ref.value = 'kurtschweickardt@tutanota.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-01-14T10:47:26Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"email-src\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--5c3c7717-ef80-40a4-8d05-41f4950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-01-14T11:49:43.000Z" ,
"modified" : "2019-01-14T11:49:43.000Z" ,
"first_observed" : "2019-01-14T11:49:43Z" ,
"last_observed" : "2019-01-14T11:49:43Z" ,
"number_observed" : 1 ,
"object_refs" : [
"file--5c3c7717-ef80-40a4-8d05-41f4950d210f" ,
"artifact--5c3c7717-ef80-40a4-8d05-41f4950d210f"
] ,
"labels" : [
"misp:type=\"attachment\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "file" ,
"spec_version" : "2.1" ,
"id" : "file--5c3c7717-ef80-40a4-8d05-41f4950d210f" ,
"name" : "RansomeNote-fig4.png" ,
"content_ref" : "artifact--5c3c7717-ef80-40a4-8d05-41f4950d210f"
} ,
{
"type" : "artifact" ,
"spec_version" : "2.1" ,
"id" : "artifact--5c3c7717-ef80-40a4-8d05-41f4950d210f" ,
"payload_bin" : " i V B O R w 0 K G g o A A A A N S U h E U g A A A 84 A A A N q C A I A A A D T + o X 3 A A A A A X N S R 0 I A r s 4 c 6 Q A C U w d J R E F U e N r s v X d s Z N m V 3 //7e2H4rzWwsLH7hwDbMFZe7BoGLNm7MKCVsbAtr2RrtSvtaEYaaWY0QTM90z2dE9nNZs4555yLORbJYigWWWSRFVg555zzq8cfyDNz9VTFZlf3TE/S+fzVTfK+e995993zveeee9//d4ogCIIgCIIgyEvg/0MTIAiCIAiCIAhKbQRBEARBEARBqY0gCIIgCIIgKLURBEEQBEEQBEGpjSAIgiAIgiAotREEQRAEQRAEpTaCIAiCIAiCICi1EQRBEARBEASlNoIgCIIgCIKg1EYQBEEQBEEQBKU2giAIgiAIgqDURhAEQRAEQRCU2giCIAiCIAiCoNRGEARBEARBEJTaCIIgCIIgCIJSG0EQBEEQBEEQlNoIgiAIgiAIglIbQRAEQRAEQVBqIwiCIAiCIAiCUhtBEARBEARBUGojCIIgCIIgCEpt5KuG0Wjc39/f3d31er3PW9bpdHK53MPDQ6vV+sW3XKFQcDick5OTUCiEz/Frjcvl4nK5fD7fZDKhNRAEQRDkC5XakUhEIpGUlZUVFhba7XaapoPB4MrKSlFRUVNTk8fjoWn6624svV6vVCodDscXX3UgEBCLxRwOx2AwvMCjkclku7u7R0dHX3zL3R732vra/v6+0+nE9+1psxGLxRKPx1/GxSORiFwut9lsn/1SsVhMLpfv7Ozw+Xx8agiCIAjyhUrteDyu1+t7e3s/+ugjp8tF03QkEpmamnr48OHMzMw3I6J5cnJyeHio1+u/+KqTyaRWq+XxeBqN5nnLUhRltVr5B/y9vb0vvuWJRILH4x0eHtrtdnzfLoTP5yuVymg0+pImafv7+1qt9rNfKpVK2e32vb297e1tfGoIgiAI8oVKbSLpqqurrVZrKpXyB/zr6+vDw8NMnR2LxZxOp1arVavVOp0uHA5DtJuiqEAgYDKZAoEA/KXT6TSZTHa7nUT7otGozWazWq1erzeVSnk8Ho1GY7fbE4nEM9tG07TVanWfY7fblUqlWq0OBAJpsfZgMKjVaqVSqUajsVgtsViM/Mput6+urs7MzOzs7BjPMZlMFEVB471er9FotFgs5ILxeNxsNptMJr/fT0Sn3+/PvHdoXjgcNhqNDocjHo9HIhGHw6HVal0uF2mA2WwWCAQajYamaZvNBg0g5roct9t9KDjc3Ny02WwKhUKlUgUCgVQqxXx2TqdTp9OpVCqj0eh2u5PJZJpi9vl9BoNBpVJZLBaHwxGNRplXuASBQHB0dGQwGOx2u/qczOsHg0GdTieTyZRKZZrlwZgej0elUp2cnIDpUnSK6D+TyeT1el0ul1arhfZnObVLJpPw4MDgarVapVLpdDqfz5dWu8/nU6vV2dSu0+nSaqco6mnFaZq2WCzT09Pr6+tKpRL6ldlsZprd7/ebTCan00nTtNfr1Wq1JpOJtDCVSrlcLp1Op1artVqt0+lkGjYQCMjl8qmpqa2tLeOnpPWZYDBoMBjk5xhNxmgsmtZ4v9+v0+k0Go3VarXb7QcHByi1EQRBEORLkNogSvgH/MXFxUAgwOPxNjc3ZTIZU9kolUoWi1VWVvb48eOqqqqDg4NIJELTdCAQOD4+bmlp2d7eBv26tLTU2to6ODhIMoyNRuPo6Gh7e/v09LTNZltcXCwqKhodHbXb7c/UfIlEYuCciYmJ0dHRnJycJ0+ecDgcEkqkaToUCu3s7BQWFl69erWwsLCrq0smk0FjTk9PJyYmcnNzb926lZeX13JOR0eHz+8DsbKzs1NaWtrX15dIJEBA2+32rq6u8vLyw8NDiqKSyaTFYtnY2KioqGDeO7QcLNPS0tLZ2SmXy4VC4ejoaGlp6dzcXJJKpkntWCzW0tJSX1/f2dkpFAqzlNrrG+sdHR1DQ0MPHjzIzc3d2NggcwCapn0+3+zsbGVl5ePHjxsaGpaWlpj5uKAINzY2GhsbHz16NDA4MDQ0pFarswzECgSCra0tDoczNjZWWFiYn58/NzdntVphjkTTdDQa5fF4paWl169fz8nJSbN8PB7XarVzc3O5ublXrlwpLy/f39/3+/2pVAqeWktLy/Dw8NTUVGlp6aNHj+rq6ng8XjYJS36/n8Ph1NTUcLncsbGxvLy8hw8flpeXr6+vh8NhZu1sNvvRo0dptZ+enqbVnpubW1ZWxqw9Ho87nc7M4nB3iUSit7f31q1bDx8+rKurg37V19dHpT65d6/Xe3h42Nra2tfX53Q6V1ZWysrKWltbt7a3oGOEQqHFxcXKysr8/PzS0tKZmRlmitHx8XFjY+PNmzcfPXoEF29vbz84PCDXB8vX1tbeuXPn1q1bTU1NEomEWJ6iKJfLtbGxUVdXV1hYODw8zOVy19fXUWojCIIgyJcjtSHMVlJScnBw0NDQsLa2Rpz66empTqfr7OxcX1+PRCKgEmpqaoRCISi2eDxuMplYLBaE5SiK0mg0u7u7ZO2bpulEIjEzM/Pxxx8XFhZyudxYPK5UKt1udzaBbYfD8d3vfveNN944PDyE2m/evGkym0AzxWIxDofT1t5ms9koinI4HDweLz8/n4QYk8nk8fHx7u6uUqmMn8MMH7rd7idPnsBPotFoMpmkadrhcOTl5cH1dTrdzMxMf38/aDhy7x6Ph9xdPB6/efPmgwcP+vv7xRJJJBqVyWRE84HUhpDwvXv39vb2iODLRmpf+/jaf/7P//nk5ATS6B88eCCRSKDBkO1jNBqj0Sj8ViQSdXV1keLRaJTNZnd3d0O8NhAIFBYW7u/vB4PBLKX248eP3333XaVSeWZJilpYWJidnYX/xmKx7e3tzq5Oo9F4Fjv3+cDyJpMJBKtIJGJNsVhTLK/XS9O0yWTKz8/n8XgwVYD1in/5L//lxMREIBBIJBJCofDmzZvhSDibtsXisaXlpe985zuLi4sejyccDlut1vHx8enpaTAO1D4wOAD7DS6vPZVKGY1GZu0ikWh5eTmzOMn4TyaTOzs7YrHY5/Nl9iuaplOplNVq/fDDD/Py8jY3N0PhsM1u12g08BJFo1GTyQQrDPF4XK1WNzc3M19Gt9u9vb0tk8nIxUmfoSgKLC+Xy8PhcDQaPTk5ycnJIZY3m80cDoe8kkaj8fbt23l5eSi1EQRBEORLk9rgkv/qr/5qfHw8bSG+ublZIpGARAA8Hk9jY6PRaATN4XA4iF8/PT01GA37/PQ008nJyQcPHigUCoi9Zak1oa7JyUk+n0+CdisrKyqVCnIVnE7nu+++C6kpJKNDKBT29fWRK0gkEj6ff2HaaygUGhoe8vq8Xp/329/+9sOHD70+r8ViGR4eJve+urpKAsnk3nd2dpjXeeedd5aWlhwOR+bdmc1mHo+3tLT05MkTuVyeloDxTKm9w91ZXl4mF2SvsaVSKbM9MJNxu90ul0sikdTU1PxOaseiE5MTBQUFJpMJzGW324PBILHkM6V2f3//0NAQqT0UCl29erWrqwsSV371q19ZrVZyNbB8Z2cnLBEUFRUNDg4Gg0HQfzRNq9Xq8fFxgUAA/3W5XF1dXaSzeTye5eVlvV6fTWA7mUyura21traS4jRNu93u119/PXBeI9Tu9/uzrD0ajZLaofiTJ08yi8/Pz5M27O3tyWQy5nuRhsvl+s1vfiOTycg6ALNjwIMLBAJOp9NgMJSUlDDL+v3+vb09tVqdedlwOAyWJzPVRCJxcnIClj89PZ2bmysvLyedJJVKzc/PDw0NodRGEARBkC9TaqdSqcLCQqVSmSYIqqqqtFotUwDRNF1RUQHiNUupzeFwurq6nktoEgW2vr7OTGjhcrkqlSoaO4sIymSyf/Nv/k1JSUnpp5SUlBQVFTEV5yVSOx6P83g8mUx2eHj4+PHj7u5ugUAglUphJyLc+/r6eua9r62tMa9TUlKi0WgunD+YzebJyclf/epXOTk5TImcpdQWHAl4PB75ye7urkwmA4GYSqUsFkt3d3d5efnw8PD4xHhlVeXrr7/ObKrT6Tw+Pl5YWGh
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5c3c921d-e76c-4a2d-883a-4fbf950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-01-14T13:43:57.000Z" ,
"modified" : "2019-01-14T13:43:57.000Z" ,
"pattern" : "[email-message:from_ref.value = 'cliffordgolden93@protonmail.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-01-14T13:43:57Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"email-src\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5c3c921e-5910-439b-9da1-45da950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-01-14T13:43:58.000Z" ,
"modified" : "2019-01-14T13:43:58.000Z" ,
"pattern" : "[email-message:from_ref.value = 'cliffordgolden93@tutanota.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-01-14T13:43:58Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"email-src\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-attribute" ,
"spec_version" : "2.1" ,
"id" : "x-misp-attribute--5c3c9477-f1d0-4728-a826-4916950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-01-14T13:53:59.000Z" ,
"modified" : "2019-01-14T13:53:59.000Z" ,
"labels" : [
"misp:type=\"pdb\"" ,
"misp:category=\"Artifacts dropped\""
] ,
"x_misp_category" : "Artifacts dropped" ,
"x_misp_type" : "pdb" ,
"x_misp_value" : "%USERPROFILE%\\Documents\\Visual Studio 2015\\Projects\\ConsoleApplication54new crypted try to clean\\x64\\Release\\ConsoleApplication54.pdb"
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--5c3ca6a7-1228-4f42-beea-485c950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-01-16T09:01:54.000Z" ,
"modified" : "2019-01-16T09:01:54.000Z" ,
"first_observed" : "2019-01-16T09:01:54Z" ,
"last_observed" : "2019-01-16T09:01:54Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--5c3ca6a7-1228-4f42-beea-485c950d210f"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\"" ,
"osint:source-type=\"blog-post\""
] ,
"object_marking_refs" : [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--5c3ca6a7-1228-4f42-beea-485c950d210f" ,
"value" : "https://www.crowdstrike.com/blog/big-game-hunting-the-evolution-of-indrik-spider-from-dridex-wire-fraud-to-bitpaymer-targeted-ransomware/"
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--5c3ca6a7-904c-4546-8ffc-485c950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-01-16T09:01:51.000Z" ,
"modified" : "2019-01-16T09:01:51.000Z" ,
"first_observed" : "2019-01-16T09:01:51Z" ,
"last_observed" : "2019-01-16T09:01:51Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--5c3ca6a7-904c-4546-8ffc-485c950d210f"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\"" ,
"osint:source-type=\"blog-post\""
] ,
"object_marking_refs" : [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--5c3ca6a7-904c-4546-8ffc-485c950d210f" ,
"value" : "https://www.crowdstrike.com/blog/meet-crowdstrikes-adversary-of-the-month-for-february-mummy-spider/"
} ,
{
"type" : "x-misp-attribute" ,
"spec_version" : "2.1" ,
"id" : "x-misp-attribute--5c3ef39c-1830-4b4e-9d05-4b97950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-01-16T09:04:28.000Z" ,
"modified" : "2019-01-16T09:04:28.000Z" ,
"labels" : [
"misp:type=\"text\"" ,
"misp:category=\"External analysis\""
] ,
"x_misp_category" : "External analysis" ,
"x_misp_type" : "text" ,
"x_misp_value" : "GRIM SPIDER is a sophisticated eCrime group that has been operating the Ryuk ransomware since August 2018, targeting large organizations for a high-ransom return. This methodology, known as \u201cbig game hunting,\u201d signals a shift in operations for WIZARD SPIDER, a criminal enterprise of which GRIM SPIDER appears to be a cell. The WIZARD SPIDER threat group, known as the Russia-based operator of the TrickBot banking malware, had focused primarily on wire fraud in the past."
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5c3c6597-a1f8-48fd-b501-48b3950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-01-14T10:33:59.000Z" ,
"modified" : "2019-01-14T10:33:59.000Z" ,
"description" : "Ransomnote" ,
"pattern" : "[file:name = 'RyukReadMe.txt' AND file:x_misp_state = 'Malicious']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-01-14T10:33:59Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--5c3c68e0-93a0-4538-8457-4175950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-01-14T10:48:00.000Z" ,
"modified" : "2019-01-14T10:48:00.000Z" ,
"labels" : [
"misp:name=\"coin-address\"" ,
"misp:meta-category=\"financial\""
] ,
"x_misp_attributes" : [
{
"type" : "btc" ,
"object_relation" : "address" ,
"value" : "14hVKm7Ft2rxDBFTNkkRC3kGstMGp2A4hk" ,
"category" : "Financial fraud" ,
"to_ids" : true ,
"uuid" : "5c3c68e0-dc78-49d0-931e-4680950d210f"
} ,
{
"type" : "text" ,
"object_relation" : "symbol" ,
"value" : "BTC" ,
"category" : "Other" ,
"uuid" : "5c3c68e0-f500-4181-bb25-478b950d210f"
}
] ,
"x_misp_meta_category" : "financial" ,
"x_misp_name" : "coin-address"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5c3c9879-1ec4-418f-8927-4fbf950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-01-14T14:29:00.000Z" ,
"modified" : "2019-01-14T14:29:00.000Z" ,
"description" : "dropper" ,
"pattern" : "[file:name = 'bitsran.exe' AND file:x_misp_state = 'Malicious']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-01-14T14:29:00Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5c3c9892-4e90-4b96-9acf-4980950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-01-14T14:34:21.000Z" ,
"modified" : "2019-01-14T14:34:21.000Z" ,
"description" : "Hermes ransomware executable" ,
"pattern" : "[file:name = 'RSW7B37.tmp' AND file:x_misp_state = 'Malicious']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-01-14T14:34:21Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5c3c9aa9-0bd8-4d68-9796-4d2b950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-01-14T14:20:25.000Z" ,
"modified" : "2019-01-14T14:20:25.000Z" ,
"pattern" : "[file:name = 'FileTokenBroker.dll' AND file:x_misp_state = 'Malicious']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-01-14T14:20:25Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5c3c9ab9-04b8-48b6-8254-4128950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-01-14T14:20:41.000Z" ,
"modified" : "2019-01-14T14:20:41.000Z" ,
"pattern" : "[file:name = 'splwow32.exe' AND file:x_misp_state = 'Malicious']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-01-14T14:20:41Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5c3c9ad0-cdc8-4e7d-a258-4a21950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-01-14T14:21:04.000Z" ,
"modified" : "2019-01-14T14:21:04.000Z" ,
"pattern" : "[file:name = 'msmpeng.exe' AND file:x_misp_state = 'Malicious']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-01-14T14:21:04Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--5c3c9ece-49f4-41d4-be5b-4af2950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-01-14T14:38:06.000Z" ,
"modified" : "2019-01-14T14:38:06.000Z" ,
"labels" : [
"misp:name=\"coin-address\"" ,
"misp:meta-category=\"financial\""
] ,
"x_misp_attributes" : [
{
"type" : "btc" ,
"object_relation" : "address" ,
"value" : "12vsQry1XrPjPCaH8gWzDJeYT7dhTmpcjL" ,
"category" : "Financial fraud" ,
"to_ids" : true ,
"uuid" : "5c3c9ece-5890-462c-aed8-4941950d210f"
} ,
{
"type" : "text" ,
"object_relation" : "symbol" ,
"value" : "BTC" ,
"category" : "Other" ,
"uuid" : "5c3c9ece-76e8-40e1-b05f-4267950d210f"
}
] ,
"x_misp_meta_category" : "financial" ,
"x_misp_name" : "coin-address"
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--5c3c9f17-2804-4008-9d29-4e9c950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-01-14T14:39:19.000Z" ,
"modified" : "2019-01-14T14:39:19.000Z" ,
"labels" : [
"misp:name=\"coin-address\"" ,
"misp:meta-category=\"financial\""
] ,
"x_misp_attributes" : [
{
"type" : "btc" ,
"object_relation" : "address" ,
"value" : "1Kx9TT76PHwk8sw7Ur6PsMWyEtaogX7wWY" ,
"category" : "Financial fraud" ,
"to_ids" : true ,
"uuid" : "5c3c9f18-d3b4-4e4f-b92f-46ca950d210f"
} ,
{
"type" : "text" ,
"object_relation" : "symbol" ,
"value" : "BTC" ,
"category" : "Other" ,
"uuid" : "5c3c9f18-be18-450f-9342-403c950d210f"
}
] ,
"x_misp_meta_category" : "financial" ,
"x_misp_name" : "coin-address"
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--5c3c9fc4-7b34-4e1c-9d6a-0e5b950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-01-14T14:42:12.000Z" ,
"modified" : "2019-01-14T14:42:12.000Z" ,
"labels" : [
"misp:name=\"coin-address\"" ,
"misp:meta-category=\"financial\""
] ,
"x_misp_attributes" : [
{
"type" : "btc" ,
"object_relation" : "address" ,
"value" : "14dpmsn9rmdcS4dKD4GeqY2dYY6pwu4nVV" ,
"category" : "Financial fraud" ,
"to_ids" : true ,
"uuid" : "5c3c9fc5-ded0-40da-8699-0e5b950d210f"
} ,
{
"type" : "text" ,
"object_relation" : "symbol" ,
"value" : "BTC" ,
"category" : "Other" ,
"uuid" : "5c3c9fc5-3e7c-40ce-b737-0e5b950d210f"
}
] ,
"x_misp_meta_category" : "financial" ,
"x_misp_name" : "coin-address"
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--5c3c9fd8-4350-4890-8854-0fcf950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-01-14T14:42:32.000Z" ,
"modified" : "2019-01-14T14:42:32.000Z" ,
"labels" : [
"misp:name=\"coin-address\"" ,
"misp:meta-category=\"financial\""
] ,
"x_misp_attributes" : [
{
"type" : "btc" ,
"object_relation" : "address" ,
"value" : "1FtQnqvjxEK5GJD9PthHM4MtdmkAeTeoRt" ,
"category" : "Financial fraud" ,
"to_ids" : true ,
"uuid" : "5c3c9fd8-6534-4950-9457-0fcf950d210f"
} ,
{
"type" : "text" ,
"object_relation" : "symbol" ,
"value" : "BTC" ,
"category" : "Other" ,
"uuid" : "5c3c9fd9-c9c8-4c18-957c-0fcf950d210f"
}
] ,
"x_misp_meta_category" : "financial" ,
"x_misp_name" : "coin-address"
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--5c3c9ff0-57b0-4c74-b39b-4e07950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-01-14T14:42:56.000Z" ,
"modified" : "2019-01-14T14:42:56.000Z" ,
"labels" : [
"misp:name=\"coin-address\"" ,
"misp:meta-category=\"financial\""
] ,
"x_misp_attributes" : [
{
"type" : "btc" ,
"object_relation" : "address" ,
"value" : "17v2cu8RDXhAxufQ1YKiauBq6GGAZzfnFw" ,
"category" : "Financial fraud" ,
"to_ids" : true ,
"uuid" : "5c3c9ff0-5c00-4996-95a5-4593950d210f"
} ,
{
"type" : "text" ,
"object_relation" : "symbol" ,
"value" : "BTC" ,
"category" : "Other" ,
"uuid" : "5c3c9ff1-e4f0-486d-a6bf-4b14950d210f"
}
] ,
"x_misp_meta_category" : "financial" ,
"x_misp_name" : "coin-address"
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--5c3c9ffe-bbe0-4cea-a025-458f950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-01-14T14:43:10.000Z" ,
"modified" : "2019-01-14T14:43:10.000Z" ,
"labels" : [
"misp:name=\"coin-address\"" ,
"misp:meta-category=\"financial\""
] ,
"x_misp_attributes" : [
{
"type" : "btc" ,
"object_relation" : "address" ,
"value" : "1KUbXkjDZL6HC3Er34HwJiQUAE9H81Wcsr" ,
"category" : "Financial fraud" ,
"to_ids" : true ,
"uuid" : "5c3c9ffe-842c-45a3-88d2-4dcc950d210f"
} ,
{
"type" : "text" ,
"object_relation" : "symbol" ,
"value" : "BTC" ,
"category" : "Other" ,
"uuid" : "5c3c9fff-8cbc-4297-be9c-4a01950d210f"
}
] ,
"x_misp_meta_category" : "financial" ,
"x_misp_name" : "coin-address"
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--5c3ca032-0350-4e27-8808-43fa950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-01-14T14:44:02.000Z" ,
"modified" : "2019-01-14T14:44:02.000Z" ,
"labels" : [
"misp:name=\"coin-address\"" ,
"misp:meta-category=\"financial\""
] ,
"x_misp_attributes" : [
{
"type" : "btc" ,
"object_relation" : "address" ,
"value" : "12UbZzhJrdDvdyv9NdCox1Zj1FAQ5onwx3" ,
"category" : "Financial fraud" ,
"to_ids" : true ,
"uuid" : "5c3ca032-54b4-47f2-abfa-45d3950d210f"
} ,
{
"type" : "text" ,
"object_relation" : "symbol" ,
"value" : "BTC" ,
"category" : "Other" ,
"uuid" : "5c3ca033-3eac-4a5f-b87c-4a3d950d210f"
}
] ,
"x_misp_meta_category" : "financial" ,
"x_misp_name" : "coin-address"
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--5c3ca045-9d9c-4df5-a52f-4df9950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-01-14T14:44:21.000Z" ,
"modified" : "2019-01-14T14:44:21.000Z" ,
"labels" : [
"misp:name=\"coin-address\"" ,
"misp:meta-category=\"financial\""
] ,
"x_misp_attributes" : [
{
"type" : "btc" ,
"object_relation" : "address" ,
"value" : "17zTcgKhF8XkWvkD4Y1N8634Qw37KwYkZT" ,
"category" : "Financial fraud" ,
"to_ids" : true ,
"uuid" : "5c3ca046-dd00-4ef4-ad29-4100950d210f"
} ,
{
"type" : "text" ,
"object_relation" : "symbol" ,
"value" : "BTC" ,
"category" : "Other" ,
"uuid" : "5c3ca046-3390-4669-9a9d-4f08950d210f"
}
] ,
"x_misp_meta_category" : "financial" ,
"x_misp_name" : "coin-address"
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--5c3ca053-b55c-4a3b-9c0e-1b22950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-01-14T14:44:35.000Z" ,
"modified" : "2019-01-14T14:44:35.000Z" ,
"labels" : [
"misp:name=\"coin-address\"" ,
"misp:meta-category=\"financial\""
] ,
"x_misp_attributes" : [
{
"type" : "btc" ,
"object_relation" : "address" ,
"value" : "1L9fYHJJxeLMD2yyhh1cMFU2EWF5ihgAmJ" ,
"category" : "Financial fraud" ,
"to_ids" : true ,
"uuid" : "5c3ca053-36d8-4188-92d3-1b22950d210f"
} ,
{
"type" : "text" ,
"object_relation" : "symbol" ,
"value" : "BTC" ,
"category" : "Other" ,
"uuid" : "5c3ca053-3ef0-47f9-b3db-1b22950d210f"
}
] ,
"x_misp_meta_category" : "financial" ,
"x_misp_name" : "coin-address"
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--5c3ca05e-67d0-4626-b737-1b22950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-01-14T14:44:46.000Z" ,
"modified" : "2019-01-14T14:44:46.000Z" ,
"labels" : [
"misp:name=\"coin-address\"" ,
"misp:meta-category=\"financial\""
] ,
"x_misp_attributes" : [
{
"type" : "btc" ,
"object_relation" : "address" ,
"value" : "19AE1YN6Jo8ognKdJQ3xeQQL1mSZyX16op" ,
"category" : "Financial fraud" ,
"to_ids" : true ,
"uuid" : "5c3ca05e-3834-4bf5-b660-1b22950d210f"
} ,
{
"type" : "text" ,
"object_relation" : "symbol" ,
"value" : "BTC" ,
"category" : "Other" ,
"uuid" : "5c3ca05e-7d9c-43a1-a856-1b22950d210f"
}
] ,
"x_misp_meta_category" : "financial" ,
"x_misp_name" : "coin-address"
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--5c3ca06e-37c0-45c0-b500-42ab950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-01-14T14:45:02.000Z" ,
"modified" : "2019-01-14T14:45:02.000Z" ,
"labels" : [
"misp:name=\"coin-address\"" ,
"misp:meta-category=\"financial\""
] ,
"x_misp_attributes" : [
{
"type" : "btc" ,
"object_relation" : "address" ,
"value" : "1NMgARKzfaDExDSEsNijeT3QWbvTF7FXxS" ,
"category" : "Financial fraud" ,
"to_ids" : true ,
"uuid" : "5c3ca06f-a704-4721-99ff-42f4950d210f"
} ,
{
"type" : "text" ,
"object_relation" : "symbol" ,
"value" : "BTC" ,
"category" : "Other" ,
"uuid" : "5c3ca06f-3f74-4c5c-97ed-4edc950d210f"
}
] ,
"x_misp_meta_category" : "financial" ,
"x_misp_name" : "coin-address"
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--5c3ca07d-8c54-43df-aaa6-4091950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-01-14T14:45:17.000Z" ,
"modified" : "2019-01-14T14:45:17.000Z" ,
"labels" : [
"misp:name=\"coin-address\"" ,
"misp:meta-category=\"financial\""
] ,
"x_misp_attributes" : [
{
"type" : "btc" ,
"object_relation" : "address" ,
"value" : "1CW4kTqeoedinSmZiPYH7kvn4qP3mDJQVa" ,
"category" : "Financial fraud" ,
"to_ids" : true ,
"uuid" : "5c3ca07d-d938-45b8-a560-4a69950d210f"
} ,
{
"type" : "text" ,
"object_relation" : "symbol" ,
"value" : "BTC" ,
"category" : "Other" ,
"uuid" : "5c3ca07e-e5ac-44de-85e4-4ac2950d210f"
}
] ,
"x_misp_meta_category" : "financial" ,
"x_misp_name" : "coin-address"
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--5c3ca08c-4cd4-4e79-943c-42a1950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-01-14T14:45:32.000Z" ,
"modified" : "2019-01-14T14:45:32.000Z" ,
"labels" : [
"misp:name=\"coin-address\"" ,
"misp:meta-category=\"financial\""
] ,
"x_misp_attributes" : [
{
"type" : "btc" ,
"object_relation" : "address" ,
"value" : "12N7W9ycLhuck9Q2wT8E6BaN6XzZ4DMLau" ,
"category" : "Financial fraud" ,
"to_ids" : true ,
"uuid" : "5c3ca08c-bfe8-4adc-bbb9-4b6e950d210f"
} ,
{
"type" : "text" ,
"object_relation" : "symbol" ,
"value" : "BTC" ,
"category" : "Other" ,
"uuid" : "5c3ca08d-0934-401d-9df6-4a46950d210f"
}
] ,
"x_misp_meta_category" : "financial" ,
"x_misp_name" : "coin-address"
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--5c3ca0a0-b498-4df7-a348-403a950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-01-14T14:45:52.000Z" ,
"modified" : "2019-01-14T14:45:52.000Z" ,
"labels" : [
"misp:name=\"coin-address\"" ,
"misp:meta-category=\"financial\""
] ,
"x_misp_attributes" : [
{
"type" : "btc" ,
"object_relation" : "address" ,
"value" : "18eu6KrFgzv8yTMVvKJkRM3YBAyHLonk5G" ,
"category" : "Financial fraud" ,
"to_ids" : true ,
"uuid" : "5c3ca0a0-a4a4-497e-a384-4410950d210f"
} ,
{
"type" : "text" ,
"object_relation" : "symbol" ,
"value" : "BTC" ,
"category" : "Other" ,
"uuid" : "5c3ca0a0-14b0-4ffb-a25b-4dbf950d210f"
}
] ,
"x_misp_meta_category" : "financial" ,
"x_misp_name" : "coin-address"
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--5c3ca0b2-e2e4-49a7-84a2-4e77950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-01-14T14:46:10.000Z" ,
"modified" : "2019-01-14T14:46:10.000Z" ,
"labels" : [
"misp:name=\"coin-address\"" ,
"misp:meta-category=\"financial\""
] ,
"x_misp_attributes" : [
{
"type" : "btc" ,
"object_relation" : "address" ,
"value" : "1C8n86EEttnDjNKM9Tjm7QNVgwGBncQhDs" ,
"category" : "Financial fraud" ,
"to_ids" : true ,
"uuid" : "5c3ca0b2-5c28-4c70-aa39-4c27950d210f"
} ,
{
"type" : "text" ,
"object_relation" : "symbol" ,
"value" : "BTC" ,
"category" : "Other" ,
"uuid" : "5c3ca0b3-eb30-4ebb-bf6e-44ff950d210f"
}
] ,
"x_misp_meta_category" : "financial" ,
"x_misp_name" : "coin-address"
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--5c3ca0db-d8dc-45cc-97ef-4d02950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-01-14T14:46:51.000Z" ,
"modified" : "2019-01-14T14:46:51.000Z" ,
"labels" : [
"misp:name=\"coin-address\"" ,
"misp:meta-category=\"financial\""
] ,
"x_misp_attributes" : [
{
"type" : "btc" ,
"object_relation" : "address" ,
"value" : "162DVnddxsbXeVgdCy66RxEPADPETBGVBR" ,
"category" : "Financial fraud" ,
"to_ids" : true ,
"uuid" : "5c3ca0dc-7c7c-464e-8320-4895950d210f"
} ,
{
"type" : "text" ,
"object_relation" : "symbol" ,
"value" : "BTC" ,
"category" : "Other" ,
"uuid" : "5c3ca0dc-e2c4-4784-9b5d-4bae950d210f"
}
] ,
"x_misp_meta_category" : "financial" ,
"x_misp_name" : "coin-address"
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--5c3ca0ee-26cc-442d-a961-41cc950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-01-14T14:47:10.000Z" ,
"modified" : "2019-01-14T14:47:10.000Z" ,
"labels" : [
"misp:name=\"coin-address\"" ,
"misp:meta-category=\"financial\""
] ,
"x_misp_attributes" : [
{
"type" : "btc" ,
"object_relation" : "address" ,
"value" : "1LKULheYnNtJXgQNWMo24MeLrBBCouECH7" ,
"category" : "Financial fraud" ,
"to_ids" : true ,
"uuid" : "5c3ca0ee-6048-4891-b3bd-4353950d210f"
} ,
{
"type" : "text" ,
"object_relation" : "symbol" ,
"value" : "BTC" ,
"category" : "Other" ,
"uuid" : "5c3ca0ef-9e3c-4b7c-89f2-42c2950d210f"
}
] ,
"x_misp_meta_category" : "financial" ,
"x_misp_name" : "coin-address"
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--5c3ca0fe-9f74-403b-ac4c-4475950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-01-14T14:47:26.000Z" ,
"modified" : "2019-01-14T14:47:26.000Z" ,
"labels" : [
"misp:name=\"coin-address\"" ,
"misp:meta-category=\"financial\""
] ,
"x_misp_attributes" : [
{
"type" : "btc" ,
"object_relation" : "address" ,
"value" : "13rTF3AYsf8xEdafUMT5W1E5Ab2aqPhkPi" ,
"category" : "Financial fraud" ,
"to_ids" : true ,
"uuid" : "5c3ca0fe-dc00-4153-9215-4238950d210f"
} ,
{
"type" : "text" ,
"object_relation" : "symbol" ,
"value" : "BTC" ,
"category" : "Other" ,
"uuid" : "5c3ca0ff-7504-460e-86fa-4a0b950d210f"
}
] ,
"x_misp_meta_category" : "financial" ,
"x_misp_name" : "coin-address"
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--5c3ca111-42cc-4aa9-bcf3-4399950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-01-14T14:47:45.000Z" ,
"modified" : "2019-01-14T14:47:45.000Z" ,
"labels" : [
"misp:name=\"coin-address\"" ,
"misp:meta-category=\"financial\""
] ,
"x_misp_attributes" : [
{
"type" : "btc" ,
"object_relation" : "address" ,
"value" : "1Jq3WwsaPA7LXwRNYsfySsd8aojdmkFnW" ,
"category" : "Financial fraud" ,
"to_ids" : true ,
"uuid" : "5c3ca111-5904-476a-93ce-4db7950d210f"
} ,
{
"type" : "text" ,
"object_relation" : "symbol" ,
"value" : "BTC" ,
"category" : "Other" ,
"uuid" : "5c3ca111-01ec-4180-a2c4-465d950d210f"
}
] ,
"x_misp_meta_category" : "financial" ,
"x_misp_name" : "coin-address"
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--5c3ca11e-d4c8-4584-9bf0-4b2e950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-01-14T14:47:58.000Z" ,
"modified" : "2019-01-14T14:47:58.000Z" ,
"labels" : [
"misp:name=\"coin-address\"" ,
"misp:meta-category=\"financial\""
] ,
"x_misp_attributes" : [
{
"type" : "btc" ,
"object_relation" : "address" ,
"value" : "1EoyVz2tbGXWL1sLZuCnSX72eR7Ju6qohH" ,
"category" : "Financial fraud" ,
"to_ids" : true ,
"uuid" : "5c3ca11e-f188-4d5d-adea-4f31950d210f"
} ,
{
"type" : "text" ,
"object_relation" : "symbol" ,
"value" : "BTC" ,
"category" : "Other" ,
"uuid" : "5c3ca11f-ad70-48fe-a945-4768950d210f"
}
] ,
"x_misp_meta_category" : "financial" ,
"x_misp_name" : "coin-address"
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--5c3ca12b-2fbc-4953-89d5-43c3950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-01-14T14:48:11.000Z" ,
"modified" : "2019-01-14T14:48:11.000Z" ,
"labels" : [
"misp:name=\"coin-address\"" ,
"misp:meta-category=\"financial\""
] ,
"x_misp_attributes" : [
{
"type" : "btc" ,
"object_relation" : "address" ,
"value" : "14hVKm7Ft2rxDBFTNkkRC3kGstMGp2A4hk" ,
"category" : "Financial fraud" ,
"to_ids" : true ,
"uuid" : "5c3ca12c-53b4-4dce-856b-413f950d210f"
} ,
{
"type" : "text" ,
"object_relation" : "symbol" ,
"value" : "BTC" ,
"category" : "Other" ,
"uuid" : "5c3ca12c-1778-419a-95df-4731950d210f"
}
] ,
"x_misp_meta_category" : "financial" ,
"x_misp_name" : "coin-address"
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--5c3ca1ac-f678-4859-9436-1622950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-01-14T14:50:20.000Z" ,
"modified" : "2019-01-14T14:50:20.000Z" ,
"labels" : [
"misp:name=\"coin-address\"" ,
"misp:meta-category=\"financial\""
] ,
"x_misp_attributes" : [
{
"type" : "btc" ,
"object_relation" : "address" ,
"value" : "1NQ42zc51stA4WAVkUK8uqFAjo1DbWv4Kz" ,
"category" : "Financial fraud" ,
"to_ids" : true ,
"uuid" : "5c3ca1ac-ba7c-40da-b77d-1622950d210f"
} ,
{
"type" : "text" ,
"object_relation" : "symbol" ,
"value" : "BTC" ,
"category" : "Other" ,
"uuid" : "5c3ca1ad-96d0-43d4-bdca-1622950d210f"
}
] ,
"x_misp_meta_category" : "financial" ,
"x_misp_name" : "coin-address"
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--5c3ca30f-c224-40b0-91dc-0fcf950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-01-14T14:56:15.000Z" ,
"modified" : "2019-01-14T14:56:15.000Z" ,
"labels" : [
"misp:name=\"coin-address\"" ,
"misp:meta-category=\"financial\""
] ,
"x_misp_attributes" : [
{
"type" : "btc" ,
"object_relation" : "address" ,
"value" : "15FC73BdkpDMUWmxo7e7gtLRtM8gQgXyb4" ,
"category" : "Financial fraud" ,
"to_ids" : true ,
"uuid" : "5c3ca30f-f518-4bd5-8bf9-0fcf950d210f"
} ,
{
"type" : "text" ,
"object_relation" : "symbol" ,
"value" : "BTC" ,
"category" : "Other" ,
"uuid" : "5c3ca30f-f4f8-4a06-bffd-0fcf950d210f"
}
] ,
"x_misp_meta_category" : "financial" ,
"x_misp_name" : "coin-address"
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--5c3ca323-ee2c-48b6-a809-1623950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-01-14T14:56:35.000Z" ,
"modified" : "2019-01-14T14:56:35.000Z" ,
"labels" : [
"misp:name=\"coin-address\"" ,
"misp:meta-category=\"financial\""
] ,
"x_misp_attributes" : [
{
"type" : "btc" ,
"object_relation" : "address" ,
"value" : "1CN2iQbBikFK9jM34Nb3WLx5DCenQLnbXp" ,
"category" : "Financial fraud" ,
"to_ids" : true ,
"uuid" : "5c3ca324-9688-4112-b6d8-1623950d210f"
} ,
{
"type" : "text" ,
"object_relation" : "symbol" ,
"value" : "BTC" ,
"category" : "Other" ,
"uuid" : "5c3ca325-ad14-4d2b-914c-1623950d210f"
}
] ,
"x_misp_meta_category" : "financial" ,
"x_misp_name" : "coin-address"
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--5c3ca346-b08c-413f-a93b-4d26950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-01-14T14:57:10.000Z" ,
"modified" : "2019-01-14T14:57:10.000Z" ,
"labels" : [
"misp:name=\"coin-address\"" ,
"misp:meta-category=\"financial\""
] ,
"x_misp_attributes" : [
{
"type" : "btc" ,
"object_relation" : "address" ,
"value" : "15RLWdVnY5n1n7mTvU1zjg67wt86dhYqNj" ,
"category" : "Financial fraud" ,
"to_ids" : true ,
"uuid" : "5c3ca347-9908-4213-b830-4f41950d210f"
} ,
{
"type" : "text" ,
"object_relation" : "symbol" ,
"value" : "BTC" ,
"category" : "Other" ,
"uuid" : "5c3ca347-cf80-4fbd-813b-4d3e950d210f"
}
] ,
"x_misp_meta_category" : "financial" ,
"x_misp_name" : "coin-address"
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--5c3ca355-effc-4453-81b7-0fcf950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-01-14T14:57:25.000Z" ,
"modified" : "2019-01-14T14:57:25.000Z" ,
"labels" : [
"misp:name=\"coin-address\"" ,
"misp:meta-category=\"financial\""
] ,
"x_misp_attributes" : [
{
"type" : "btc" ,
"object_relation" : "address" ,
"value" : "1KURvApbe1yC7qYxkkkvtdZ7hrNjdp18sQ" ,
"category" : "Financial fraud" ,
"to_ids" : true ,
"uuid" : "5c3ca355-ba10-414f-b791-0fcf950d210f"
} ,
{
"type" : "text" ,
"object_relation" : "symbol" ,
"value" : "BTC" ,
"category" : "Other" ,
"uuid" : "5c3ca356-0ae4-4f03-b35b-0fcf950d210f"
}
] ,
"x_misp_meta_category" : "financial" ,
"x_misp_name" : "coin-address"
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--5c3ca363-e6dc-4023-8dac-4212950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-01-14T14:57:39.000Z" ,
"modified" : "2019-01-14T14:57:39.000Z" ,
"labels" : [
"misp:name=\"coin-address\"" ,
"misp:meta-category=\"financial\""
] ,
"x_misp_attributes" : [
{
"type" : "btc" ,
"object_relation" : "address" ,
"value" : "1NuMXQMUxCngJ7MNQ276KdaXQgGjpjFPhK" ,
"category" : "Financial fraud" ,
"to_ids" : true ,
"uuid" : "5c3ca364-c894-4bea-9919-45d1950d210f"
} ,
{
"type" : "text" ,
"object_relation" : "symbol" ,
"value" : "BTC" ,
"category" : "Other" ,
"uuid" : "5c3ca364-f8ec-498d-9560-4594950d210f"
}
] ,
"x_misp_meta_category" : "financial" ,
"x_misp_name" : "coin-address"
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--5c3ca376-58f4-42b6-b8c7-4f0c950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-01-14T14:57:58.000Z" ,
"modified" : "2019-01-14T14:57:58.000Z" ,
"labels" : [
"misp:name=\"coin-address\"" ,
"misp:meta-category=\"financial\""
] ,
"x_misp_attributes" : [
{
"type" : "btc" ,
"object_relation" : "address" ,
"value" : "1K6MBjz79QqfLBN7XBnwxCJb8DYUmmDWAt" ,
"category" : "Financial fraud" ,
"to_ids" : true ,
"uuid" : "5c3ca376-2600-4c79-a75f-40e5950d210f"
} ,
{
"type" : "text" ,
"object_relation" : "symbol" ,
"value" : "BTC" ,
"category" : "Other" ,
"uuid" : "5c3ca376-5ff8-4eb9-8e41-490a950d210f"
}
] ,
"x_misp_meta_category" : "financial" ,
"x_misp_name" : "coin-address"
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--5c3ca382-484c-479c-8ced-4ff3950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-01-14T14:58:10.000Z" ,
"modified" : "2019-01-14T14:58:10.000Z" ,
"labels" : [
"misp:name=\"coin-address\"" ,
"misp:meta-category=\"financial\""
] ,
"x_misp_attributes" : [
{
"type" : "btc" ,
"object_relation" : "address" ,
"value" : "1ChnbV4Rt7nsb5acw5YfYyvBFDj1RXcVQu" ,
"category" : "Financial fraud" ,
"to_ids" : true ,
"uuid" : "5c3ca383-5198-46d2-9a9f-42eb950d210f"
} ,
{
"type" : "text" ,
"object_relation" : "symbol" ,
"value" : "BTC" ,
"category" : "Other" ,
"uuid" : "5c3ca383-a9d8-4f81-aedc-418b950d210f"
}
] ,
"x_misp_meta_category" : "financial" ,
"x_misp_name" : "coin-address"
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--5c3ca391-7268-4cdf-a541-0fcf950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-01-14T14:58:25.000Z" ,
"modified" : "2019-01-14T14:58:25.000Z" ,
"labels" : [
"misp:name=\"coin-address\"" ,
"misp:meta-category=\"financial\""
] ,
"x_misp_attributes" : [
{
"type" : "btc" ,
"object_relation" : "address" ,
"value" : "1FRNVupsCyTjUvF36GxHZrvLaPtY6hgkTm" ,
"category" : "Financial fraud" ,
"to_ids" : true ,
"uuid" : "5c3ca391-a4f0-4026-afc6-0fcf950d210f"
} ,
{
"type" : "text" ,
"object_relation" : "symbol" ,
"value" : "BTC" ,
"category" : "Other" ,
"uuid" : "5c3ca392-7d58-4531-b715-0fcf950d210f"
}
] ,
"x_misp_meta_category" : "financial" ,
"x_misp_name" : "coin-address"
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--5c3ca39c-2148-4405-b622-0fcf950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-01-14T14:58:36.000Z" ,
"modified" : "2019-01-14T14:58:36.000Z" ,
"labels" : [
"misp:name=\"coin-address\"" ,
"misp:meta-category=\"financial\""
] ,
"x_misp_attributes" : [
{
"type" : "btc" ,
"object_relation" : "address" ,
"value" : "1ET85GTps8eFbgF1MvVhFVZQeNp2a6LeGw" ,
"category" : "Financial fraud" ,
"to_ids" : true ,
"uuid" : "5c3ca39c-eaf0-4fa0-b37d-0fcf950d210f"
} ,
{
"type" : "text" ,
"object_relation" : "symbol" ,
"value" : "BTC" ,
"category" : "Other" ,
"uuid" : "5c3ca39d-aad0-476f-996d-0fcf950d210f"
}
] ,
"x_misp_meta_category" : "financial" ,
"x_misp_name" : "coin-address"
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--5c3ca3a8-69f8-4e7a-84f4-0fcf950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-01-14T14:58:48.000Z" ,
"modified" : "2019-01-14T14:58:48.000Z" ,
"labels" : [
"misp:name=\"coin-address\"" ,
"misp:meta-category=\"financial\""
] ,
"x_misp_attributes" : [
{
"type" : "btc" ,
"object_relation" : "address" ,
"value" : "129L4gRSYgVJTRCgbPDtvYPabnk2QnY9sq" ,
"category" : "Financial fraud" ,
"to_ids" : true ,
"uuid" : "5c3ca3a8-c2b4-4e0b-b837-0fcf950d210f"
} ,
{
"type" : "text" ,
"object_relation" : "symbol" ,
"value" : "BTC" ,
"category" : "Other" ,
"uuid" : "5c3ca3a9-41b4-4cc7-93dc-0fcf950d210f"
}
] ,
"x_misp_meta_category" : "financial" ,
"x_misp_name" : "coin-address"
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--5c3ca3b5-af08-4e27-84c0-34c1950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-01-14T14:59:01.000Z" ,
"modified" : "2019-01-14T14:59:01.000Z" ,
"labels" : [
"misp:name=\"coin-address\"" ,
"misp:meta-category=\"financial\""
] ,
"x_misp_attributes" : [
{
"type" : "btc" ,
"object_relation" : "address" ,
"value" : "15LsUgfnuGc1PsHJPcfLQJEnHm2FnGAgYC" ,
"category" : "Financial fraud" ,
"to_ids" : true ,
"uuid" : "5c3ca3b5-5250-4d21-b807-34c1950d210f"
} ,
{
"type" : "text" ,
"object_relation" : "symbol" ,
"value" : "BTC" ,
"category" : "Other" ,
"uuid" : "5c3ca3b6-c41c-4e57-9d4d-34c1950d210f"
}
] ,
"x_misp_meta_category" : "financial" ,
"x_misp_name" : "coin-address"
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--5c3ca3c1-60a0-4cd6-a0f4-34c1950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-01-14T14:59:13.000Z" ,
"modified" : "2019-01-14T14:59:13.000Z" ,
"labels" : [
"misp:name=\"coin-address\"" ,
"misp:meta-category=\"financial\""
] ,
"x_misp_attributes" : [
{
"type" : "btc" ,
"object_relation" : "address" ,
"value" : "1Cyh35KqhhDewmXy63yp9ZMqBnAWe4oJRr" ,
"category" : "Financial fraud" ,
"to_ids" : true ,
"uuid" : "5c3ca3c2-0c0c-44f3-9b01-34c1950d210f"
} ,
{
"type" : "text" ,
"object_relation" : "symbol" ,
"value" : "BTC" ,
"category" : "Other" ,
"uuid" : "5c3ca3c2-dc50-496a-b056-34c1950d210f"
}
] ,
"x_misp_meta_category" : "financial" ,
"x_misp_name" : "coin-address"
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--5c3ca3cd-5970-45f4-9ec3-34c1950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-01-14T14:59:25.000Z" ,
"modified" : "2019-01-14T14:59:25.000Z" ,
"labels" : [
"misp:name=\"coin-address\"" ,
"misp:meta-category=\"financial\""
] ,
"x_misp_attributes" : [
{
"type" : "btc" ,
"object_relation" : "address" ,
"value" : "1CbP3cgi1Bcjuz6g2Fwvk4tVhqohqAVpDQ" ,
"category" : "Financial fraud" ,
"to_ids" : true ,
"uuid" : "5c3ca3ce-0b8c-4c95-8e18-34c1950d210f"
} ,
{
"type" : "text" ,
"object_relation" : "symbol" ,
"value" : "BTC" ,
"category" : "Other" ,
"uuid" : "5c3ca3ce-7638-48b8-b406-34c1950d210f"
}
] ,
"x_misp_meta_category" : "financial" ,
"x_misp_name" : "coin-address"
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--5c3ca3da-4fe0-4dc1-af2b-4fb4950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-01-14T14:59:38.000Z" ,
"modified" : "2019-01-14T14:59:38.000Z" ,
"labels" : [
"misp:name=\"coin-address\"" ,
"misp:meta-category=\"financial\""
] ,
"x_misp_attributes" : [
{
"type" : "btc" ,
"object_relation" : "address" ,
"value" : "1E4fQqzCvS8wgqy5T7n1DW8JMNMaUbeFAS" ,
"category" : "Financial fraud" ,
"to_ids" : true ,
"uuid" : "5c3ca3da-0bb8-4582-b3b5-450a950d210f"
} ,
{
"type" : "text" ,
"object_relation" : "symbol" ,
"value" : "BTC" ,
"category" : "Other" ,
"uuid" : "5c3ca3da-83f4-42d8-8710-4ba3950d210f"
}
] ,
"x_misp_meta_category" : "financial" ,
"x_misp_name" : "coin-address"
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--5c3ca3e7-a2c0-4ba9-8776-470a950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-01-14T14:59:51.000Z" ,
"modified" : "2019-01-14T14:59:51.000Z" ,
"labels" : [
"misp:name=\"coin-address\"" ,
"misp:meta-category=\"financial\""
] ,
"x_misp_attributes" : [
{
"type" : "btc" ,
"object_relation" : "address" ,
"value" : "1GXgngwDMSJZ1Vahmf6iexKVePPXsxGS6H" ,
"category" : "Financial fraud" ,
"to_ids" : true ,
"uuid" : "5c3ca3e7-de18-4a6b-9ee5-4fbd950d210f"
} ,
{
"type" : "text" ,
"object_relation" : "symbol" ,
"value" : "BTC" ,
"category" : "Other" ,
"uuid" : "5c3ca3e7-9c4c-4400-9842-4dbb950d210f"
}
] ,
"x_misp_meta_category" : "financial" ,
"x_misp_name" : "coin-address"
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--5c3ca3f5-fd00-448d-b2e2-4bc7950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-01-14T15:00:05.000Z" ,
"modified" : "2019-01-14T15:00:05.000Z" ,
"labels" : [
"misp:name=\"coin-address\"" ,
"misp:meta-category=\"financial\""
] ,
"x_misp_attributes" : [
{
"type" : "btc" ,
"object_relation" : "address" ,
"value" : "14aJo5L9PTZhv8XX6qRPncbTXecb8Qohqb" ,
"category" : "Financial fraud" ,
"to_ids" : true ,
"uuid" : "5c3ca3f6-3f34-4895-8a40-4229950d210f"
} ,
{
"type" : "text" ,
"object_relation" : "symbol" ,
"value" : "BTC" ,
"category" : "Other" ,
"uuid" : "5c3ca3f7-d4f8-4356-8711-48eb950d210f"
}
] ,
"x_misp_meta_category" : "financial" ,
"x_misp_name" : "coin-address"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5c3ca414-cc8c-489c-a3d8-4197950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-01-14T15:00:36.000Z" ,
"modified" : "2019-01-14T15:00:36.000Z" ,
"description" : "Ryuk Payload" ,
"pattern" : "[file:hashes.SHA256 = '795db7bdad1befdd3ad942be79715f6b0c5083d859901b81657b590c9628790f' AND file:x_misp_state = 'Malicious']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-01-14T15:00:36Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5c3ca430-14a0-4686-a379-4954950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-01-14T15:01:04.000Z" ,
"modified" : "2019-01-14T15:01:04.000Z" ,
"description" : "Ryuk Payload" ,
"pattern" : "[file:hashes.SHA256 = '501e925e5de6c824b5eeccb3ccc5111cf6e312258c0877634935df06b9d0f8b9' AND file:x_misp_state = 'Malicious']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-01-14T15:01:04Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5c3ca44b-3c10-4500-95d9-44b1950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-01-14T15:01:31.000Z" ,
"modified" : "2019-01-14T15:01:31.000Z" ,
"description" : "Ryuk Payload" ,
"pattern" : "[file:hashes.SHA256 = 'fe909d18cf0fde089594689f9a69fbc6d57b69291a09f3b9df1e9b1fb724222b' AND file:x_misp_state = 'Malicious']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-01-14T15:01:31Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5c3ca60e-a128-48ac-91e8-34c1950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-01-14T15:09:02.000Z" ,
"modified" : "2019-01-14T15:09:02.000Z" ,
"description" : "Hermes sample" ,
"pattern" : "[file:hashes.SHA256 = 'ac648d11f695cf98993fa519803fa26cd43ec32a7a8713bfa34eb618659aff77' AND file:x_misp_state = 'Malicious']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-01-14T15:09:02Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5c3ca627-8918-4c80-bf77-41e3950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-01-14T15:09:27.000Z" ,
"modified" : "2019-01-14T15:09:27.000Z" ,
"description" : "Hermes sample" ,
"pattern" : "[file:hashes.SHA256 = '5e2c9ec5a108af92f177cabe23451d20e592ae54bb84265d1f972fcbd4f6a409' AND file:x_misp_state = 'Malicious']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-01-14T15:09:27Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5c3ca63c-480c-4b45-a247-49ce950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-01-14T15:09:48.000Z" ,
"modified" : "2019-01-14T15:09:48.000Z" ,
"description" : "Hermes sample" ,
"pattern" : "[file:hashes.SHA256 = '78c6042067216a5d47f4a338dd951848b122bbcbcd3e61290b2f709543448d90' AND file:x_misp_state = 'Malicious']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-01-14T15:09:48Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--5c3eeec8-c848-4681-b3f0-40bb950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-01-16T08:43:52.000Z" ,
"modified" : "2019-01-16T08:43:52.000Z" ,
"labels" : [
"misp:name=\"coin-address\"" ,
"misp:meta-category=\"financial\""
] ,
"x_misp_attributes" : [
{
"type" : "btc" ,
"object_relation" : "address" ,
"value" : "12AWdHJkwF193ud21XWGontyCJTW6A9i6p" ,
"category" : "Financial fraud" ,
"to_ids" : true ,
"uuid" : "5c3eeec9-c218-437e-8d68-42a5950d210f"
} ,
{
"type" : "text" ,
"object_relation" : "symbol" ,
"value" : "BTC" ,
"category" : "Other" ,
"uuid" : "5c3eeec9-a620-49f6-8ee0-441d950d210f"
}
] ,
"x_misp_meta_category" : "financial" ,
"x_misp_name" : "coin-address"
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--5c3eeed7-b97c-4424-bf19-44f4950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-01-16T08:44:07.000Z" ,
"modified" : "2019-01-16T08:44:07.000Z" ,
"labels" : [
"misp:name=\"coin-address\"" ,
"misp:meta-category=\"financial\""
] ,
"x_misp_attributes" : [
{
"type" : "btc" ,
"object_relation" : "address" ,
"value" : "1BWj247jtipKr1wuFciKypeidZVwZWHCi9" ,
"category" : "Financial fraud" ,
"to_ids" : true ,
"uuid" : "5c3eeed7-b84c-48be-aa3b-47d9950d210f"
} ,
{
"type" : "text" ,
"object_relation" : "symbol" ,
"value" : "BTC" ,
"category" : "Other" ,
"uuid" : "5c3eeed8-39bc-4573-9a71-42c9950d210f"
}
] ,
"x_misp_meta_category" : "financial" ,
"x_misp_name" : "coin-address"
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--5c3eeee6-04e4-4dcf-a635-4346950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-01-16T08:44:22.000Z" ,
"modified" : "2019-01-16T08:44:22.000Z" ,
"labels" : [
"misp:name=\"coin-address\"" ,
"misp:meta-category=\"financial\""
] ,
"x_misp_attributes" : [
{
"type" : "btc" ,
"object_relation" : "address" ,
"value" : "1Ln9RxSRuDqqFhCTuqBPBKRMeyhVhRaUG4" ,
"category" : "Financial fraud" ,
"to_ids" : true ,
"uuid" : "5c3eeee6-4688-453a-a7f4-46a3950d210f"
} ,
{
"type" : "text" ,
"object_relation" : "symbol" ,
"value" : "BTC" ,
"category" : "Other" ,
"uuid" : "5c3eeee7-9c4c-4179-b03a-4603950d210f"
}
] ,
"x_misp_meta_category" : "financial" ,
"x_misp_name" : "coin-address"
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--5c3eeef5-88bc-4d76-a767-40a5950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-01-16T08:44:37.000Z" ,
"modified" : "2019-01-16T08:44:37.000Z" ,
"labels" : [
"misp:name=\"coin-address\"" ,
"misp:meta-category=\"financial\""
] ,
"x_misp_attributes" : [
{
"type" : "btc" ,
"object_relation" : "address" ,
"value" : "19aF868XPJhNqheXWgvrHPqnXpwhttf3Hw" ,
"category" : "Financial fraud" ,
"to_ids" : true ,
"uuid" : "5c3eeef6-d4b8-4c25-acfc-45cd950d210f"
} ,
{
"type" : "text" ,
"object_relation" : "symbol" ,
"value" : "BTC" ,
"category" : "Other" ,
"uuid" : "5c3eeef6-ff34-4c4a-9918-4fe0950d210f"
}
] ,
"x_misp_meta_category" : "financial" ,
"x_misp_name" : "coin-address"
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--5c3eef06-5570-467e-8d4b-43b2950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-01-16T08:44:54.000Z" ,
"modified" : "2019-01-16T08:44:54.000Z" ,
"labels" : [
"misp:name=\"coin-address\"" ,
"misp:meta-category=\"financial\""
] ,
"x_misp_attributes" : [
{
"type" : "btc" ,
"object_relation" : "address" ,
"value" : "1DWbPyjmbKA1NFqv3nyL47y9Vsz6WFU4Hw" ,
"category" : "Financial fraud" ,
"to_ids" : true ,
"uuid" : "5c3eef06-36c4-464f-a805-4ad9950d210f"
} ,
{
"type" : "text" ,
"object_relation" : "symbol" ,
"value" : "BTC" ,
"category" : "Other" ,
"uuid" : "5c3eef07-8c98-4666-80ee-4ac9950d210f"
}
] ,
"x_misp_meta_category" : "financial" ,
"x_misp_name" : "coin-address"
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--5c3eef14-0a24-40e0-aca2-490b950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-01-16T08:45:08.000Z" ,
"modified" : "2019-01-16T08:45:08.000Z" ,
"labels" : [
"misp:name=\"coin-address\"" ,
"misp:meta-category=\"financial\""
] ,
"x_misp_attributes" : [
{
"type" : "btc" ,
"object_relation" : "address" ,
"value" : "1PNmBWJHzJGqTUemastR7E4ccrUNASktmZ" ,
"category" : "Financial fraud" ,
"to_ids" : true ,
"uuid" : "5c3eef15-a4f0-4dd9-9772-462f950d210f"
} ,
{
"type" : "text" ,
"object_relation" : "symbol" ,
"value" : "BTC" ,
"category" : "Other" ,
"uuid" : "5c3eef15-cb00-44a9-b399-4610950d210f"
}
] ,
"x_misp_meta_category" : "financial" ,
"x_misp_name" : "coin-address"
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--5c3eef22-0490-4ded-a738-4edd950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-01-16T08:45:22.000Z" ,
"modified" : "2019-01-16T08:45:22.000Z" ,
"labels" : [
"misp:name=\"coin-address\"" ,
"misp:meta-category=\"financial\""
] ,
"x_misp_attributes" : [
{
"type" : "btc" ,
"object_relation" : "address" ,
"value" : "14uAWnPnhtrXDB9DTBCruToawM65dUgwot" ,
"category" : "Financial fraud" ,
"to_ids" : true ,
"uuid" : "5c3eef22-5640-4c4b-961a-4d91950d210f"
} ,
{
"type" : "text" ,
"object_relation" : "symbol" ,
"value" : "BTC" ,
"category" : "Other" ,
"uuid" : "5c3eef22-25ac-462c-bcff-4e52950d210f"
}
] ,
"x_misp_meta_category" : "financial" ,
"x_misp_name" : "coin-address"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5c3ef0ce-3fb0-4de5-9820-475b950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-01-16T08:52:30.000Z" ,
"modified" : "2019-01-16T08:52:30.000Z" ,
"description" : "BitPaymer samples " ,
"pattern" : "[file:hashes.SHA256 = 'c7f8c6e833243519cdc8dd327942d62a627fe9c0793d899448938a3f10149481' AND file:x_misp_state = 'Malicious']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-01-16T08:52:30Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5c3ef0e4-70f4-4d3b-b36e-4e60950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-01-16T08:52:52.000Z" ,
"modified" : "2019-01-16T08:52:52.000Z" ,
"description" : "BitPaymer samples " ,
"pattern" : "[file:hashes.SHA256 = '17526923258ff290ff5ca553248b5952a65373564731a2b8a0cff10e56c293a4' AND file:x_misp_state = 'Malicious']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-01-16T08:52:52Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5c3ef0fa-4aa0-4e22-b3f7-4bf3950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-01-16T08:53:14.000Z" ,
"modified" : "2019-01-16T08:53:14.000Z" ,
"description" : "BitPaymer samples " ,
"pattern" : "[file:hashes.SHA256 = '282b7a6d1648e08c02846820324d932ccc224affe94793e9d63ff46818003636' AND file:x_misp_state = 'Malicious']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-01-16T08:53:14Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5c3ef10a-fb10-41e9-b710-403d950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-01-16T08:53:30.000Z" ,
"modified" : "2019-01-16T08:53:30.000Z" ,
"description" : "BitPaymer samples " ,
"pattern" : "[file:hashes.SHA256 = '8943356b0288b9463e96d6d0f4f24db068ea47617299071e6124028a8160db9c' AND file:x_misp_state = 'Malicious']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-01-16T08:53:30Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5c3ef1a1-987c-4f5a-bb4e-47a3950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-01-16T08:56:01.000Z" ,
"modified" : "2019-01-16T08:56:01.000Z" ,
"description" : "unpacked BitPaymer decryptor samples" ,
"pattern" : "[file:hashes.SHA256 = 'f0e600bdca5c6a5eae155cc82aad718fe68d7571b7c106774b4c731baa01a50c' AND file:x_misp_state = 'Malicious']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-01-16T08:56:01Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5c3ef226-81f0-4f23-8d3f-4aa7950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-01-16T08:58:14.000Z" ,
"modified" : "2019-01-16T08:58:14.000Z" ,
"description" : "unpacked BitPaymer decryptor samples" ,
"pattern" : "[file:hashes.SHA256 = 'b44e61de54b97c0492babbf8c56fad0c1f03cb2b839bad8c1c8d3bcd0591a010' AND file:x_misp_state = 'Malicious']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-01-16T08:58:14Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5c3ef238-a86c-4f40-a975-437a950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-01-16T08:58:32.000Z" ,
"modified" : "2019-01-16T08:58:32.000Z" ,
"description" : "unpacked BitPaymer decryptor samples" ,
"pattern" : "[file:hashes.SHA256 = '13209680c091e180ed1d9a87090be9c10876db403c40638a24b5bc893fd87587' AND file:x_misp_state = 'Malicious']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-01-16T08:58:32Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5c3ef257-33b0-4544-b2e1-4cba950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-01-16T08:59:03.000Z" ,
"modified" : "2019-01-16T08:59:03.000Z" ,
"description" : "Dridex samples " ,
"pattern" : "[file:hashes.SHA256 = '91c0c6ab8a1fe428958f33da590bdd52baec868c7011461da8a8972c3d989d42' AND file:x_misp_state = 'Malicious']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-01-16T08:59:03Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5c3ef271-e134-4e6c-8d95-4398950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-01-16T08:59:29.000Z" ,
"modified" : "2019-01-16T08:59:29.000Z" ,
"description" : "Dridex samples " ,
"pattern" : "[file:hashes.SHA256 = 'f1d69b69f53af9ea83fe8281e5c1745737fd42977597491f942755088c994d8e' AND file:x_misp_state = 'Malicious']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-01-16T08:59:29Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5c3ef287-0830-489a-9a3b-4e2e950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-01-16T08:59:51.000Z" ,
"modified" : "2019-01-16T08:59:51.000Z" ,
"description" : "Dridex samples " ,
"pattern" : "[file:hashes.SHA256 = '39e7a9b0ea00316b232b3d0f8c511498ca5b6aee95abad0c3f1275ef029a0bef' AND file:x_misp_state = 'Malicious']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-01-16T08:59:51Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--cf1af478-774a-4ced-bd47-1b476fc876e5" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-01-17T11:01:22.000Z" ,
"modified" : "2019-01-17T11:01:22.000Z" ,
"pattern" : "[file:hashes.MD5 = '40492c178079e65dfd5449bf899413b6' AND file:hashes.SHA1 = 'f3fa5d5942e5085586d7fcc496d3fad7804abcc2' AND file:hashes.SHA256 = 'fe909d18cf0fde089594689f9a69fbc6d57b69291a09f3b9df1e9b1fb724222b']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-01-17T11:01:22Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--b37e0793-26b0-465c-a1ab-3fa09c9c3e1b" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-01-17T11:01:23.000Z" ,
"modified" : "2019-01-17T11:01:23.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2019-01-12 12:57:15" ,
"category" : "Other" ,
"uuid" : "21b981e0-b394-47e8-afc8-1faebdd2caea"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/fe909d18cf0fde089594689f9a69fbc6d57b69291a09f3b9df1e9b1fb724222b/analysis/1547297835/" ,
"category" : "External analysis" ,
"uuid" : "6ba61c9b-76eb-41a3-bdb1-3b1bdd12471c"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "44/69" ,
"category" : "Other" ,
"uuid" : "c218824c-121f-43ca-b763-776b8d20a87d"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--f8fd5ca1-d41b-428f-b8d9-ae1ec14c3604" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-01-17T11:01:25.000Z" ,
"modified" : "2019-01-17T11:01:25.000Z" ,
"pattern" : "[file:hashes.MD5 = 'dc83bab1982a5418b9ee448415317500' AND file:hashes.SHA1 = '3cae79a79f225897ce306c9574b1444255b82317' AND file:hashes.SHA256 = 'ac648d11f695cf98993fa519803fa26cd43ec32a7a8713bfa34eb618659aff77']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-01-17T11:01:25Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--5a0351e8-1508-4154-9ea3-8c5c0f010e79" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-01-17T11:01:27.000Z" ,
"modified" : "2019-01-17T11:01:27.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2019-01-16 18:23:00" ,
"category" : "Other" ,
"uuid" : "b44411ff-ef94-437f-8063-cdccd494c6f5"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/ac648d11f695cf98993fa519803fa26cd43ec32a7a8713bfa34eb618659aff77/analysis/1547662980/" ,
"category" : "External analysis" ,
"uuid" : "d1e6e9a4-856d-4fb8-988d-a09f753d9a3f"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "54/70" ,
"category" : "Other" ,
"uuid" : "17fd8e8b-ce6e-4403-b7a7-fd6526e885a1"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--46c13dc4-015b-4326-bdae-6c3a75a4d1b0" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-01-17T11:01:28.000Z" ,
"modified" : "2019-01-17T11:01:28.000Z" ,
"pattern" : "[file:hashes.MD5 = '29f99f63c076a29db46ada694a2201d3' AND file:hashes.SHA1 = '26600a8c25b03602f4c4cf47e83c988638b4908a' AND file:hashes.SHA256 = '5e2c9ec5a108af92f177cabe23451d20e592ae54bb84265d1f972fcbd4f6a409']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-01-17T11:01:28Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--ed3bd964-31c2-4d64-b035-a83d7e1e1052" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-01-17T11:01:30.000Z" ,
"modified" : "2019-01-17T11:01:30.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2019-01-14 18:36:36" ,
"category" : "Other" ,
"uuid" : "df86d5ae-6201-494e-a831-6bcf18b57881"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/5e2c9ec5a108af92f177cabe23451d20e592ae54bb84265d1f972fcbd4f6a409/analysis/1547490996/" ,
"category" : "External analysis" ,
"uuid" : "74aa2342-cfc3-4ae0-aca5-95811cf5dd63"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "53/69" ,
"category" : "Other" ,
"uuid" : "dc8e3aab-66aa-4fdb-a2e4-acea182f32aa"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--c017b55a-9656-472a-965c-b4acca1df9ea" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-01-17T11:01:31.000Z" ,
"modified" : "2019-01-17T11:01:31.000Z" ,
"pattern" : "[file:hashes.MD5 = '2f698222f435a172c253efd8823a44e9' AND file:hashes.SHA1 = 'ffd9a2358ca91092f9971ab9f2371355c29aecfa' AND file:hashes.SHA256 = '8943356b0288b9463e96d6d0f4f24db068ea47617299071e6124028a8160db9c']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-01-17T11:01:31Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--b15d1764-9f34-4abe-99cb-db9b784f2979" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-01-17T11:01:33.000Z" ,
"modified" : "2019-01-17T11:01:33.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2018-12-22 02:18:51" ,
"category" : "Other" ,
"uuid" : "c8916477-c4d2-4562-9493-b1ff7df1a319"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/8943356b0288b9463e96d6d0f4f24db068ea47617299071e6124028a8160db9c/analysis/1545445131/" ,
"category" : "External analysis" ,
"uuid" : "4c5ec43b-97be-45c7-ac31-ae92bee3fac5"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "50/70" ,
"category" : "Other" ,
"uuid" : "5b1416c7-69a2-42b3-adfc-aac62bb387eb"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--8564d09f-fa51-44ba-95d8-716de33a6fe9" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-01-17T11:01:34.000Z" ,
"modified" : "2019-01-17T11:01:34.000Z" ,
"pattern" : "[file:hashes.MD5 = 'a7940a68ec460c278530e7dac0e763f5' AND file:hashes.SHA1 = 'e2a10004f3a561b0154558e18220015ed513ee0b' AND file:hashes.SHA256 = 'f0e600bdca5c6a5eae155cc82aad718fe68d7571b7c106774b4c731baa01a50c']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-01-17T11:01:34Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--f01ca3c5-8df4-4b81-a250-24b35a6ac02c" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-01-17T11:01:36.000Z" ,
"modified" : "2019-01-17T11:01:36.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2018-11-22 02:07:16" ,
"category" : "Other" ,
"uuid" : "2608cdb4-7439-4ead-b4be-b9fa2913ba37"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/f0e600bdca5c6a5eae155cc82aad718fe68d7571b7c106774b4c731baa01a50c/analysis/1542852436/" ,
"category" : "External analysis" ,
"uuid" : "070746bd-53d8-4652-8297-6dc72f82d1e2"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "38/68" ,
"category" : "Other" ,
"uuid" : "c7505b73-c769-43c7-a001-ca0412c26dd0"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--4c8e7cf0-af3b-4bc6-b832-71613cceb30f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-01-17T11:01:39.000Z" ,
"modified" : "2019-01-17T11:01:39.000Z" ,
"pattern" : "[file:hashes.MD5 = 'e7430c45f8e5d247e58516dccd9d4446' AND file:hashes.SHA1 = '0c47af6e89778d78fdc427897e6790611b2a5478' AND file:hashes.SHA256 = '17526923258ff290ff5ca553248b5952a65373564731a2b8a0cff10e56c293a4']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-01-17T11:01:39Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--633b4ecc-1f77-4c82-91c6-bb59a0b2c02c" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-01-17T11:01:40.000Z" ,
"modified" : "2019-01-17T11:01:40.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2018-11-15 20:09:21" ,
"category" : "Other" ,
"uuid" : "64009c20-eedf-46b9-a617-24aff174a482"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/17526923258ff290ff5ca553248b5952a65373564731a2b8a0cff10e56c293a4/analysis/1542312561/" ,
"category" : "External analysis" ,
"uuid" : "62ef44a2-f870-4c5d-b0f5-750df06f76e7"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "42/68" ,
"category" : "Other" ,
"uuid" : "d422d54e-0ade-44c9-b360-2c213e66d7b5"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--3c8b753f-290b-47c6-a7fb-5fd688ee0b1f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-01-17T11:01:42.000Z" ,
"modified" : "2019-01-17T11:01:42.000Z" ,
"pattern" : "[file:hashes.MD5 = 'c785093151fa52d84c53dbd0683dcd77' AND file:hashes.SHA1 = '8ae1c1869c42daa035032341804aefc3e7f3caf1' AND file:hashes.SHA256 = 'c7f8c6e833243519cdc8dd327942d62a627fe9c0793d899448938a3f10149481']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-01-17T11:01:42Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--f42a3c68-34e4-4281-87a8-13f447260663" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-01-17T11:01:45.000Z" ,
"modified" : "2019-01-17T11:01:45.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2018-11-15 18:37:06" ,
"category" : "Other" ,
"uuid" : "9cd8df0d-68f9-48e9-a7b8-4c96297d2982"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/c7f8c6e833243519cdc8dd327942d62a627fe9c0793d899448938a3f10149481/analysis/1542307026/" ,
"category" : "External analysis" ,
"uuid" : "3511f8aa-0100-4565-97f3-e5c81722a540"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "51/66" ,
"category" : "Other" ,
"uuid" : "77e9331b-d556-43a9-b535-41b57e5dbf25"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--cef977f5-1919-4bf8-b68b-5f94e2f8769a" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-01-17T11:01:46.000Z" ,
"modified" : "2019-01-17T11:01:46.000Z" ,
"pattern" : "[file:hashes.MD5 = '28945b625617cfdcc444b428de0a7a00' AND file:hashes.SHA1 = '9cab670cd0d11e901cdb3f197aa18f1a6e2930ba' AND file:hashes.SHA256 = '282b7a6d1648e08c02846820324d932ccc224affe94793e9d63ff46818003636']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-01-17T11:01:46Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--bff9298c-ae77-4030-ac91-f375560dd069" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-01-17T11:01:48.000Z" ,
"modified" : "2019-01-17T11:01:48.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2018-12-23 02:12:48" ,
"category" : "Other" ,
"uuid" : "145acf02-66f0-48b7-9286-9a5464ef43c4"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/282b7a6d1648e08c02846820324d932ccc224affe94793e9d63ff46818003636/analysis/1545531168/" ,
"category" : "External analysis" ,
"uuid" : "41737989-d53c-4c6a-a59a-2169e3613e97"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "48/68" ,
"category" : "Other" ,
"uuid" : "ed90a5c6-cac5-49a8-8a5f-192686a591ec"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--ed80d4f6-49a7-414e-bbde-eb9b532ef6cc" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-01-17T11:01:50.000Z" ,
"modified" : "2019-01-17T11:01:50.000Z" ,
"pattern" : "[file:hashes.MD5 = 'b4142bf602459ebb2eafe3727bcf802d' AND file:hashes.SHA1 = '89482b5eb043b53fbf603edf2cbc2764e03a37be' AND file:hashes.SHA256 = '13209680c091e180ed1d9a87090be9c10876db403c40638a24b5bc893fd87587']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-01-17T11:01:50Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--b22383ff-b594-4bc9-8447-42ac0ff61d0d" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-01-17T11:01:51.000Z" ,
"modified" : "2019-01-17T11:01:51.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2018-11-22 02:11:15" ,
"category" : "Other" ,
"uuid" : "dbc1f095-5b13-4ec8-9ca1-482ac8d2b528"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/13209680c091e180ed1d9a87090be9c10876db403c40638a24b5bc893fd87587/analysis/1542852675/" ,
"category" : "External analysis" ,
"uuid" : "61ba646c-2c6d-405d-ad8a-498de696b600"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "43/67" ,
"category" : "Other" ,
"uuid" : "64b17ee4-0d25-485d-930c-e67dbbbdd4e0"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--6ed686f8-db20-4a43-85ec-952321137954" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-01-17T11:01:53.000Z" ,
"modified" : "2019-01-17T11:01:53.000Z" ,
"pattern" : "[file:hashes.MD5 = 'aa62e73c5be24dbce7c07179faa0da63' AND file:hashes.SHA1 = '40908d3d0c30a4189767fcd3e90d59ea05ee159b' AND file:hashes.SHA256 = 'f1d69b69f53af9ea83fe8281e5c1745737fd42977597491f942755088c994d8e']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-01-17T11:01:53Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--88ab7095-b2f6-4e5b-80fd-8e13b5715468" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-01-17T11:01:54.000Z" ,
"modified" : "2019-01-17T11:01:54.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2018-11-22 02:07:39" ,
"category" : "Other" ,
"uuid" : "9eba49dd-7899-4671-99b8-b6583e67490d"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/f1d69b69f53af9ea83fe8281e5c1745737fd42977597491f942755088c994d8e/analysis/1542852459/" ,
"category" : "External analysis" ,
"uuid" : "f08d85b3-a182-4f43-9945-6eb1fb76ad9b"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "50/67" ,
"category" : "Other" ,
"uuid" : "bd8b914e-ec38-4617-a0d2-b34edde50acf"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--9fd48389-887a-4962-befb-892a01897907" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-01-17T11:01:56.000Z" ,
"modified" : "2019-01-17T11:01:56.000Z" ,
"pattern" : "[file:hashes.MD5 = '7a7b1300e8b5a10424e08958a6fc15c1' AND file:hashes.SHA1 = '9db96b1a4bff1ffc6b945360cc5cc363642ffc94' AND file:hashes.SHA256 = '501e925e5de6c824b5eeccb3ccc5111cf6e312258c0877634935df06b9d0f8b9']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-01-17T11:01:56Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--2398ac62-b417-4202-99e0-b929dc2ab683" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-01-17T11:01:57.000Z" ,
"modified" : "2019-01-17T11:01:57.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2019-01-16 18:40:43" ,
"category" : "Other" ,
"uuid" : "99e4c0b9-5b8f-45b2-a6ea-3f0775067095"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/501e925e5de6c824b5eeccb3ccc5111cf6e312258c0877634935df06b9d0f8b9/analysis/1547664043/" ,
"category" : "External analysis" ,
"uuid" : "b444d1f4-3ee2-4048-9ec1-3af1136ae668"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "49/68" ,
"category" : "Other" ,
"uuid" : "3a0e5f87-f3d9-45ea-8c9c-cf68db1f45c8"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--1db5f0d2-4366-4d6b-8b76-63c78bebd8c1" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-01-17T11:01:59.000Z" ,
"modified" : "2019-01-17T11:01:59.000Z" ,
"pattern" : "[file:hashes.MD5 = '32cbc69f85cc47d8e35dc20dfbda6948' AND file:hashes.SHA1 = '35dd5239977c2922a06389061cca846ec09453bb' AND file:hashes.SHA256 = '795db7bdad1befdd3ad942be79715f6b0c5083d859901b81657b590c9628790f']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-01-17T11:01:59Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--3e3a2a7a-c7e7-4d8d-96c7-53005aa1f2c5" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-01-17T11:02:00.000Z" ,
"modified" : "2019-01-17T11:02:00.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2019-01-16 18:22:16" ,
"category" : "Other" ,
"uuid" : "37dcbb58-e392-4b25-8c45-52088eeedce0"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/795db7bdad1befdd3ad942be79715f6b0c5083d859901b81657b590c9628790f/analysis/1547662936/" ,
"category" : "External analysis" ,
"uuid" : "a5985244-2caa-43a0-b86a-6c3b93110ac9"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "47/69" ,
"category" : "Other" ,
"uuid" : "60f4f02e-7aed-4e68-9ba2-32e26695fdc3"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--275652a1-94fb-4eb9-bd65-55f3e5cb690f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-01-17T11:02:02.000Z" ,
"modified" : "2019-01-17T11:02:02.000Z" ,
"pattern" : "[file:hashes.MD5 = 'c1a7ed250f66368c19abe07ca0283fb5' AND file:hashes.SHA1 = '38718bfaf0aa3e87e17d240257e3dd118fb080f7' AND file:hashes.SHA256 = 'b44e61de54b97c0492babbf8c56fad0c1f03cb2b839bad8c1c8d3bcd0591a010']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-01-17T11:02:02Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--54a26bc3-3229-4ef3-8a0b-091f4fa8c849" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-01-17T11:02:03.000Z" ,
"modified" : "2019-01-17T11:02:03.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2018-11-15 20:09:28" ,
"category" : "Other" ,
"uuid" : "aa550f01-43a9-463f-a005-d45643ffd7a2"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/b44e61de54b97c0492babbf8c56fad0c1f03cb2b839bad8c1c8d3bcd0591a010/analysis/1542312568/" ,
"category" : "External analysis" ,
"uuid" : "7d36ac41-dd73-4dfc-8089-ce1e4459cdd2"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "36/68" ,
"category" : "Other" ,
"uuid" : "5a3ead94-4a6b-4cdd-b478-0fcdb054509a"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--c3ccabe7-4ad6-4766-8b0e-90420c63cb3f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-01-17T11:02:05.000Z" ,
"modified" : "2019-01-17T11:02:05.000Z" ,
"pattern" : "[file:hashes.MD5 = '5ea06d5bffcf42780c1636cf9553d7eb' AND file:hashes.SHA1 = '2dcff4ec64d328dd5e256ed75ccd3a099439f25f' AND file:hashes.SHA256 = '78c6042067216a5d47f4a338dd951848b122bbcbcd3e61290b2f709543448d90']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-01-17T11:02:05Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--cb769b53-031c-4ad6-b179-075e755bd1ca" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-01-17T11:02:06.000Z" ,
"modified" : "2019-01-17T11:02:06.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2019-01-14 18:37:31" ,
"category" : "Other" ,
"uuid" : "fb593af8-b3ca-423a-9802-d8933f038a31"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/78c6042067216a5d47f4a338dd951848b122bbcbcd3e61290b2f709543448d90/analysis/1547491051/" ,
"category" : "External analysis" ,
"uuid" : "c7b61d60-dd22-4284-a606-394ea616ce99"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "49/69" ,
"category" : "Other" ,
"uuid" : "ef2cc517-ec33-4b9d-bd11-8edd0b33dbf9"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2024-08-07 08:13:15 +00:00
"id" : "relationship--ae1ecb17-b6da-4305-b54f-587cb371dd7f" ,
2023-04-21 14:44:17 +00:00
"created" : "2019-01-17T11:02:08.000Z" ,
"modified" : "2019-01-17T11:02:08.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "indicator--cf1af478-774a-4ced-bd47-1b476fc876e5" ,
"target_ref" : "x-misp-object--b37e0793-26b0-465c-a1ab-3fa09c9c3e1b"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2024-08-07 08:13:15 +00:00
"id" : "relationship--8eff6088-db48-4e88-aee4-745e42e6b8da" ,
2023-04-21 14:44:17 +00:00
"created" : "2019-01-17T11:02:08.000Z" ,
"modified" : "2019-01-17T11:02:08.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "indicator--f8fd5ca1-d41b-428f-b8d9-ae1ec14c3604" ,
"target_ref" : "x-misp-object--5a0351e8-1508-4154-9ea3-8c5c0f010e79"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2024-08-07 08:13:15 +00:00
"id" : "relationship--ae7726c1-9b6d-4a30-ad88-7905bdbc7fe6" ,
2023-04-21 14:44:17 +00:00
"created" : "2019-01-17T11:02:08.000Z" ,
"modified" : "2019-01-17T11:02:08.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "indicator--46c13dc4-015b-4326-bdae-6c3a75a4d1b0" ,
"target_ref" : "x-misp-object--ed3bd964-31c2-4d64-b035-a83d7e1e1052"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2024-08-07 08:13:15 +00:00
"id" : "relationship--db599a5c-09cd-4994-bb9f-6aee592b4de6" ,
2023-04-21 14:44:17 +00:00
"created" : "2019-01-17T11:02:08.000Z" ,
"modified" : "2019-01-17T11:02:08.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "indicator--c017b55a-9656-472a-965c-b4acca1df9ea" ,
"target_ref" : "x-misp-object--b15d1764-9f34-4abe-99cb-db9b784f2979"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2024-08-07 08:13:15 +00:00
"id" : "relationship--478d2cd2-3e5b-4643-8ad6-886b11393098" ,
2023-04-21 14:44:17 +00:00
"created" : "2019-01-17T11:02:08.000Z" ,
"modified" : "2019-01-17T11:02:08.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "indicator--8564d09f-fa51-44ba-95d8-716de33a6fe9" ,
"target_ref" : "x-misp-object--f01ca3c5-8df4-4b81-a250-24b35a6ac02c"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2024-08-07 08:13:15 +00:00
"id" : "relationship--feef197c-53a3-4e49-982d-ebc4466e81c1" ,
2023-04-21 14:44:17 +00:00
"created" : "2019-01-17T11:02:08.000Z" ,
"modified" : "2019-01-17T11:02:08.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "indicator--4c8e7cf0-af3b-4bc6-b832-71613cceb30f" ,
"target_ref" : "x-misp-object--633b4ecc-1f77-4c82-91c6-bb59a0b2c02c"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2024-08-07 08:13:15 +00:00
"id" : "relationship--4434ecc8-d992-49d9-a2fb-ddbbd3acff39" ,
2023-04-21 14:44:17 +00:00
"created" : "2019-01-17T11:02:08.000Z" ,
"modified" : "2019-01-17T11:02:08.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "indicator--3c8b753f-290b-47c6-a7fb-5fd688ee0b1f" ,
"target_ref" : "x-misp-object--f42a3c68-34e4-4281-87a8-13f447260663"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2024-08-07 08:13:15 +00:00
"id" : "relationship--5fd8ca97-b256-482a-886f-f86cf1039d16" ,
2023-04-21 14:44:17 +00:00
"created" : "2019-01-17T11:02:08.000Z" ,
"modified" : "2019-01-17T11:02:08.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "indicator--cef977f5-1919-4bf8-b68b-5f94e2f8769a" ,
"target_ref" : "x-misp-object--bff9298c-ae77-4030-ac91-f375560dd069"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2024-08-07 08:13:15 +00:00
"id" : "relationship--cb350524-b191-4f88-ac6a-7287bb104987" ,
2023-04-21 14:44:17 +00:00
"created" : "2019-01-17T11:02:08.000Z" ,
"modified" : "2019-01-17T11:02:08.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "indicator--ed80d4f6-49a7-414e-bbde-eb9b532ef6cc" ,
"target_ref" : "x-misp-object--b22383ff-b594-4bc9-8447-42ac0ff61d0d"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2024-08-07 08:13:15 +00:00
"id" : "relationship--764ef028-6c84-4fca-903b-b81b593b617d" ,
2023-04-21 14:44:17 +00:00
"created" : "2019-01-17T11:02:08.000Z" ,
"modified" : "2019-01-17T11:02:08.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "indicator--6ed686f8-db20-4a43-85ec-952321137954" ,
"target_ref" : "x-misp-object--88ab7095-b2f6-4e5b-80fd-8e13b5715468"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2024-08-07 08:13:15 +00:00
"id" : "relationship--d4ef7f9c-6238-4b75-96f2-7fc09833d136" ,
2023-04-21 14:44:17 +00:00
"created" : "2019-01-17T11:02:09.000Z" ,
"modified" : "2019-01-17T11:02:09.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "indicator--9fd48389-887a-4962-befb-892a01897907" ,
"target_ref" : "x-misp-object--2398ac62-b417-4202-99e0-b929dc2ab683"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2024-08-07 08:13:15 +00:00
"id" : "relationship--4f229fd9-9c5b-438e-8c35-ebaa8fbc083e" ,
2023-04-21 14:44:17 +00:00
"created" : "2019-01-17T11:02:09.000Z" ,
"modified" : "2019-01-17T11:02:09.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "indicator--1db5f0d2-4366-4d6b-8b76-63c78bebd8c1" ,
"target_ref" : "x-misp-object--3e3a2a7a-c7e7-4d8d-96c7-53005aa1f2c5"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2024-08-07 08:13:15 +00:00
"id" : "relationship--3ad9804d-23ff-4eab-9960-d05c7dd53ffe" ,
2023-04-21 14:44:17 +00:00
"created" : "2019-01-17T11:02:09.000Z" ,
"modified" : "2019-01-17T11:02:09.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "indicator--275652a1-94fb-4eb9-bd65-55f3e5cb690f" ,
"target_ref" : "x-misp-object--54a26bc3-3229-4ef3-8a0b-091f4fa8c849"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2024-08-07 08:13:15 +00:00
"id" : "relationship--063d33a2-4b80-4d3e-a93d-b8aafe73753d" ,
2023-04-21 14:44:17 +00:00
"created" : "2019-01-17T11:02:09.000Z" ,
"modified" : "2019-01-17T11:02:09.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "indicator--c3ccabe7-4ad6-4766-8b0e-90420c63cb3f" ,
"target_ref" : "x-misp-object--cb769b53-031c-4ad6-b179-075e755bd1ca"
} ,
{
"type" : "marking-definition" ,
"spec_version" : "2.1" ,
"id" : "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ,
"created" : "2017-01-20T00:00:00.000Z" ,
"definition_type" : "tlp" ,
"name" : "TLP:WHITE" ,
"definition" : {
"tlp" : "white"
}
}
]
}
