misp-circl-feed/feeds/circl/stix-2.1/b6ae21ad-670a-4c81-a61f-78d76ae3bdfa.json

2701 lines
120 KiB
JSON
Raw Permalink Normal View History

2024-08-07 08:13:15 +00:00
{
"type": "bundle",
"id": "bundle--b6ae21ad-670a-4c81-a61f-78d76ae3bdfa",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-12-15T12:52:45.000Z",
"modified": "2023-12-15T12:52:45.000Z",
"name": "CIRCL",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--b6ae21ad-670a-4c81-a61f-78d76ae3bdfa",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-12-15T12:52:45.000Z",
"modified": "2023-12-15T12:52:45.000Z",
"name": "The Golden Tax Department and the Emergence of GoldenSpy Malware",
"published": "2023-12-15T12:52:57Z",
"object_refs": [
"indicator--525ac4e2-92ac-446a-8130-0dfbe5ac0ede",
"x-misp-attribute--7cf786d3-1687-4276-a71e-03a00f8c527f",
"x-misp-attribute--9870518f-225b-4215-b9c6-6ef8a6a250cb",
"x-misp-attribute--8768e6c6-c703-48a6-9001-77aba7921f96",
"x-misp-attribute--e85e5781-0cb7-48fe-b710-26e2c3c6bca4",
"x-misp-attribute--865b179b-37d2-4c6d-b43a-8bcaba2ffb6c",
"indicator--c2cb668d-ecf5-4b02-8945-809e70013f93",
"indicator--b8a987ee-113e-43b0-bd1d-d9138c6f50b3",
"indicator--69e13243-e7e0-4726-a10a-01fd046ded89",
"indicator--d6ff3893-5b58-412d-a38f-a42ff6b55ce2",
"indicator--83c0441c-7262-46b2-b3e0-242171581ba0",
"indicator--99bd5142-86d7-44d9-a1b9-c214a5eb64f9",
"indicator--a1913402-5d6f-4fd1-b158-17c06372b82e",
"indicator--a061ac22-6146-43e0-b80a-1242186ce324",
"indicator--30195ad0-624f-4596-9d38-f297186985f4",
"indicator--e1b6ab63-47f0-4397-9ec5-d4db06cc1b0f",
"indicator--2e14ffc4-b52c-462c-b75c-5769dd873b3c",
"indicator--91755780-edb5-4184-a85a-8038b21037a9",
"indicator--d42c7cfa-02c3-417a-8fda-d78beedcb5be",
"indicator--0ce35428-7b9f-4966-b5c9-915a963a2025",
"indicator--9a2b3b20-3490-4963-8e55-8a78269c262c",
"indicator--64ca88c1-8b48-43e5-b094-77cc69d934e7",
"indicator--f340ee1b-2a40-4f2b-afbe-45e79140cec1",
"indicator--2c00384b-57eb-4d4a-8261-7b29f2fd8f11",
"indicator--87ce2eff-30a0-4fee-9641-186684286abd",
"indicator--3b6f337e-e0ae-4da5-880c-089bd8222795",
"indicator--67afd357-6025-414b-951f-8d5fd7c2393c",
"indicator--a0cb4750-bc13-48ad-b4c7-0e088f5fe571",
"indicator--56181b68-145d-4240-bdc9-ab7b8bcba590",
"indicator--66621b84-e9d8-4f2f-849a-51e535149fe6",
"indicator--55b1382d-9f32-4276-89fe-2e7266944439",
"indicator--3320cfa3-936e-41ef-9c53-d63c110b20c5",
"indicator--4fdc1c30-e026-4ff3-afd3-55527f7c790a",
"indicator--bf153833-d88e-4154-8d50-4ac02ad8296a",
"indicator--55c42baa-eda4-4bcd-b58f-0d4ae5e46465",
"indicator--f5a1bd3a-32ae-45fb-89c6-7b0e5f961cb2",
"indicator--fc241f3d-1a7a-4f8f-a5b9-2e14e74252aa",
"indicator--91004b93-92fb-46cb-a690-ee49d550fd87",
"indicator--5c497b29-bca4-4702-ae5e-a8df8e26165b",
"indicator--288d3f46-333a-400f-b20d-8e742292776a",
"indicator--47becfed-220a-4ae7-ac67-b4c3c4e67f66",
"indicator--4c20a6ae-008e-4d33-aa13-6286d7c1fc47",
"indicator--ef75e372-c372-416a-bc51-c54fd64cc47c",
"indicator--a2571d1b-5251-49d6-a06a-6b2cd55c33fe",
"indicator--0c820525-3995-48df-b0f7-29543d3bb91e",
"indicator--864dad3f-719f-4dba-8c9f-92f673fa87b7",
"indicator--d6f1a0e7-5a66-48a0-a6ed-597558d2b5f3",
"indicator--47df59a7-8382-486b-8de2-2745eaad8bcb",
"indicator--eb8e2be7-0f90-4150-a98b-b00ea054991a",
"indicator--d1f42381-a3f9-43ac-bd4a-0af2049dc70d",
"indicator--57a4955c-6c61-494c-9c18-b6b144cfcfae",
"indicator--56678941-6891-43a3-9b44-372c1dc4acc5",
"indicator--354eb109-0414-4137-bc65-273dead6fd36",
"indicator--a0c09246-2a75-4b64-998b-2ce88008946b",
"indicator--81f03e90-ce30-4ba2-b79c-a142e06c1323",
"indicator--68928c6b-59d5-4d04-a1f7-9d70b4b9f0fa",
"indicator--56518dcb-1ead-4b1e-95ba-c07253f392a2",
"indicator--734c8381-f0a4-4eaf-80c6-ef93743c0445",
"indicator--8a96e601-a86d-498e-9ea0-6d9052443f2d",
"indicator--51b9a083-6bb7-453e-a3d1-70137283f004",
"indicator--29908be1-f56d-4e97-9892-8830c9d29241",
"indicator--1ec351fd-aba4-44ce-abfc-ae24e2007297",
"indicator--f36ce21a-4c59-4731-9929-1af4ff97f21f",
"indicator--8e56f0cf-4efb-4ce4-9de0-61467c133f58",
"indicator--858c9869-c1a4-46a1-9075-cd11ead979ef",
"indicator--3a99c93d-3e6f-492a-ae6c-b05c00c23275",
"indicator--e14f5aa2-9045-444e-80f1-fa2ef5d0953c",
"indicator--499f7525-508b-463d-8124-ba263c1727a5",
"indicator--8bd144dd-eea0-448e-87c0-67a556c36700",
"indicator--3f3839ec-a575-4603-a292-fab98e7c6038",
"indicator--657df46a-50d1-4010-b30a-a7f64574e0d9",
"indicator--fe41ce79-dc2a-4fc1-93e5-8e7ff38e727f",
"indicator--98843b28-2cbc-4195-aced-0460e2b8d8b6",
"indicator--76062895-7556-47cf-9bb4-f02dd5d7ac09",
"indicator--4daa6a76-e7d6-4094-a9fa-fd3a36e6a9d0",
"indicator--cb1e3793-c635-4787-95ef-170010d073d5",
"indicator--f0f1cf7c-3ca1-4fb3-9dd3-f25340b7f3b8",
"relationship--5cf87a94-dea8-4386-99cb-5a2a83378f79",
"relationship--6c9c94ea-046b-4905-b94e-265ce5c9461d",
"relationship--c3e0fccc-5d17-4ec4-ba72-6151cdb41942",
"relationship--62bb6a6d-b5e2-4dff-a4a8-fd51fc9f2c18",
"relationship--a3a8e4f8-f7f5-4219-a38a-4a20842776aa",
"relationship--4edbaf7c-74c0-4200-a402-04d25c9d631f",
"relationship--265ad043-5977-4055-92a5-36d10a571ece",
"relationship--e89f5ebe-462f-48a2-a69b-d2cab6043e41",
"relationship--612cabf4-e8c6-4f54-ba1e-35b23876fc3f",
"relationship--a8c29673-56c1-4bf3-b520-8f31d1f02f38",
"relationship--0b3e45ce-dac4-41e0-8c0c-6b43bd0e6492",
"relationship--79180f78-089a-4bc7-b3b4-461a6712d16b",
"relationship--0d33f5a5-2c93-4d8a-8d05-b88f966e47ad",
"relationship--0c00d85b-5706-428c-9ea2-13a97062a094",
"relationship--24e6e30b-abe0-43f1-9cb7-69ed86e8a9d7",
"relationship--ebbd089f-d730-4eb2-af93-0da028efa1be",
"relationship--694f63f4-0f44-40d9-95f5-1d906f31c212",
"relationship--b4048948-b225-4b05-8dc7-de0abc1b6391",
"relationship--c6ecb131-0b2f-428d-b528-0463444fd11c",
"relationship--1b4d14d5-2936-47e0-a10e-d546a5fc27a3",
"relationship--1c733e32-c60d-48af-882c-5322e9142efd",
"relationship--67983c4b-db37-480c-8e66-2141200f03c6",
"relationship--6084a002-082e-4c3a-97e2-836654bab0c7",
"relationship--a3ffba2f-7c7a-49b6-bbe5-6097591a98f1",
"relationship--5aa270ca-dc42-4104-9fc0-613dffa0ac72",
"relationship--1d798377-ecb6-43f8-b8b8-d0e0823c5c8a",
"relationship--d59a1a36-1897-4aa8-865a-671fd7df3122",
"relationship--b505428d-c455-4517-91ed-b26cce9153e6",
"relationship--48a6d75a-583e-4900-939c-19294a094dbb",
"relationship--0ca088bd-4274-4883-bd03-cf32d48fc384",
"relationship--69498f5c-b8b4-4ef3-bf49-7eec30ebed29",
"relationship--63d58588-a887-4c44-95e8-3c556a0d1bc8",
"relationship--dc0bc7f1-bcc9-4ea2-8c49-4185334e98ae",
"relationship--0bb76f41-fa8f-467b-8f11-1727f39e2278",
"relationship--01dc082d-8bb8-4902-9a5d-daf592320aba",
"relationship--48d9733d-a91c-4987-bba7-5937b1efba5c",
"relationship--481dd726-9de9-4020-8a2b-1ce343178661",
"relationship--d0b18561-f4d7-49da-9e4c-6b3a94929afc",
"relationship--d0aeb295-0c5e-4f8f-9e5c-b9939f29f853",
"relationship--45eb8e38-f0df-4bee-bd36-f4e21be94915",
"relationship--9f415eb3-ad6e-4c11-893f-3cdc1ae18e71",
"relationship--bef9fcdb-21a1-4dfb-bbd2-cc7aea749f56",
"relationship--37e042c1-4be0-496d-9dbc-8c060ccf67ad",
"relationship--3cf2989a-9849-4c07-9b6b-10c8d7d001ab",
"relationship--86f21d9a-41b2-4764-9272-bd1bdf42666c",
"relationship--d2956e81-8bce-445a-974c-4acd6a755501",
"relationship--544f7d4b-3b24-42cb-9d02-f293eb08233b",
"relationship--757bf6f7-0026-42c9-8841-df6c97d49c9b",
"relationship--c4f798f2-57df-4cbf-82b9-58a2120d512b",
"relationship--ad12dc12-dba2-4102-a524-3eae030fb998",
"relationship--10a82c44-b31c-4529-8f94-b6d75397d354",
"relationship--cf5f291c-65e7-4f76-bfd0-291a684f7f5d",
"relationship--acbb85ec-3bb5-4d2d-9dc0-ffb5d5a69acb",
"relationship--bb81260e-9fac-4f1d-9488-7b267a559077",
"relationship--c3185e04-cf3c-4509-92e5-5c13ca2cd0fc",
"relationship--a56f8a43-4763-4fe7-9860-bad1d366a82c",
"relationship--aa027fff-e63c-402c-9929-6cdd43488a45",
"relationship--46275f75-80b8-4578-9fb1-87514c50c3f5",
"relationship--2aeb06be-2d23-404e-842c-e1bdf4269486",
"relationship--605db18e-ea9f-4765-aa0c-8081311019ae",
"relationship--b71474d7-9336-4568-b954-54b030c82f97",
"relationship--2c15ef39-ed42-4853-8bec-3d4996bc5c6e",
"relationship--59be2af3-6013-4317-b114-e10547ec69b5",
"relationship--b5086870-5ea0-438f-a255-1d97b1f38f35",
"relationship--6c929f96-cb74-4b51-bf2d-d2863141571a",
"relationship--3a0be396-3d3e-4e94-8b87-8655cf4904e2",
"relationship--420c7e81-ebc9-404e-9500-81cae958fea4",
"relationship--6f34fdef-716d-47e6-9334-3bc633a0ba05",
"relationship--204b7956-44ba-4f15-b920-c5a1b34f9c38",
"relationship--6c47ca88-5dad-45ac-9bee-ba52abf44c65",
"relationship--f6c6acea-bc23-4784-93ac-0eac0be40fa1",
"relationship--0698f2ae-6531-4c05-a2da-55220ffdf1c6",
"relationship--2fe36b3f-f032-41c9-aa72-022c3df4e4dc"
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"type:OSINT",
"osint:lifetime=\"perpetual\"",
"tlp:clear",
"misp-galaxy:country=\"china\"",
"misp-galaxy:mitre-attack-pattern=\"Compromise Software Supply Chain - T1195.002\""
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--525ac4e2-92ac-446a-8130-0dfbe5ac0ede",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-12-07T13:34:30.000Z",
"modified": "2023-12-07T13:34:30.000Z",
"pattern": "[url:value = 'http://upgrade.i-xinnuo.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-12-07T13:34:30Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--7cf786d3-1687-4276-a71e-03a00f8c527f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-12-12T08:05:10.000Z",
"modified": "2023-12-12T08:05:10.000Z",
"labels": [
"misp:type=\"port\"",
"misp:category=\"Network activity\""
],
"x_misp_category": "Network activity",
"x_misp_comment": "Ports used for svm.exe network traffic.",
"x_misp_type": "port",
"x_misp_value": "9005"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--9870518f-225b-4215-b9c6-6ef8a6a250cb",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-12-12T08:05:12.000Z",
"modified": "2023-12-12T08:05:12.000Z",
"labels": [
"misp:type=\"port\"",
"misp:category=\"Network activity\""
],
"x_misp_category": "Network activity",
"x_misp_comment": "Ports used for svm.exe network traffic.",
"x_misp_type": "port",
"x_misp_value": "9006"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--8768e6c6-c703-48a6-9001-77aba7921f96",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-12-12T08:05:18.000Z",
"modified": "2023-12-12T08:05:18.000Z",
"labels": [
"misp:type=\"port\"",
"misp:category=\"Network activity\""
],
"x_misp_category": "Network activity",
"x_misp_comment": "Used by updater service to request a link to download svm.exe.",
"x_misp_type": "port",
"x_misp_value": "9002"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--e85e5781-0cb7-48fe-b710-26e2c3c6bca4",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-12-12T08:05:33.000Z",
"modified": "2023-12-12T08:05:33.000Z",
"labels": [
"misp:type=\"port\"",
"misp:category=\"Network activity\""
],
"x_misp_category": "Network activity",
"x_misp_comment": "While we didn\u2019t observe this directly in our analysis, there are indicators on public scan sites that svm is downloaded over this port in some circumstances.",
"x_misp_type": "port",
"x_misp_value": "8090"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--865b179b-37d2-4c6d-b43a-8bcaba2ffb6c",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-12-12T08:05:45.000Z",
"modified": "2023-12-12T08:05:45.000Z",
"labels": [
"misp:type=\"port\"",
"misp:category=\"Network activity\""
],
"x_misp_category": "Network activity",
"x_misp_comment": "WebSocket established by Golden Tax software on installation.",
"x_misp_type": "port",
"x_misp_value": "33666"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--c2cb668d-ecf5-4b02-8945-809e70013f93",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-11-28T12:44:17.000Z",
"modified": "2023-11-28T12:44:17.000Z",
"pattern": "[domain-name:value = 'www.ningzhidata.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-11-28T12:44:17Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"domain-ip\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--b8a987ee-113e-43b0-bd1d-d9138c6f50b3",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-11-28T12:44:27.000Z",
"modified": "2023-11-28T12:44:27.000Z",
"pattern": "[domain-name:resolves_to_refs[*].value = '223.112.21.2']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-11-28T12:44:27Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"domain-ip\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--69e13243-e7e0-4726-a10a-01fd046ded89",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-11-28T12:45:01.000Z",
"modified": "2023-11-28T12:45:01.000Z",
"pattern": "[domain-name:resolves_to_refs[*].value = '42.56.76.93']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-11-28T12:45:01Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"domain-ip\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--d6ff3893-5b58-412d-a38f-a42ff6b55ce2",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-11-28T12:45:22.000Z",
"modified": "2023-11-28T12:45:22.000Z",
"pattern": "[domain-name:value = 'ningzhidata.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-11-28T12:45:22Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"domain-ip\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--83c0441c-7262-46b2-b3e0-242171581ba0",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-11-28T12:45:36.000Z",
"modified": "2023-11-28T12:45:36.000Z",
"pattern": "[domain-name:resolves_to_refs[*].value = '49.232.156.177']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-11-28T12:45:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"domain-ip\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--99bd5142-86d7-44d9-a1b9-c214a5eb64f9",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-11-28T12:53:25.000Z",
"modified": "2023-11-28T12:53:25.000Z",
"pattern": "[domain-name:resolves_to_refs[*].value = '59.83.204.14']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-11-28T12:53:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"domain-ip\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--a1913402-5d6f-4fd1-b158-17c06372b82e",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-11-28T12:53:33.000Z",
"modified": "2023-11-28T12:53:33.000Z",
"pattern": "[domain-name:resolves_to_refs[*].value = '124.152.41.85']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-11-28T12:53:33Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"domain-ip\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--a061ac22-6146-43e0-b80a-1242186ce324",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-11-30T09:22:01.000Z",
"modified": "2023-11-30T09:22:01.000Z",
"pattern": "[file:hashes.SHA256 = '534da7cf722968de28eceff23e2924e180bf2c59f3852fb58a4653f8a54fa69a' AND file:x_misp_compilation_timestamp = '2020-03-27T02:53:00+00:00']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-11-30T09:22:01Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--30195ad0-624f-4596-9d38-f297186985f4",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-11-30T09:37:13.000Z",
"modified": "2023-11-30T09:37:13.000Z",
"pattern": "[file:hashes.SHA256 = '6366f009e4c0303d7f5ba0bb6a529039618ff8715972713c3b6645d1aef3d4c1' AND file:x_misp_compilation_timestamp = '2020-03-27T03:10:00+00:00']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-11-30T09:37:13Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--e1b6ab63-47f0-4397-9ec5-d4db06cc1b0f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-11-30T09:37:34.000Z",
"modified": "2023-11-30T09:37:34.000Z",
"pattern": "[file:hashes.SHA256 = '68472c7468b931dbbea1900bdeb4dcf10bdbfe1384e0984f4272f1a036659202' AND file:x_misp_compilation_timestamp = '2020-03-27T02:53:00+00:00']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-11-30T09:37:34Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--2e14ffc4-b52c-462c-b75c-5769dd873b3c",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-11-30T09:38:20.000Z",
"modified": "2023-11-30T09:38:20.000Z",
"pattern": "[file:hashes.SHA256 = '323d0cf9ac1c750761f66482154dbd3144dae7336c955a4576cb4cce6438a6ba' AND file:name = 'dgb.exe' AND file:name = 'dga.exe' AND file:x_misp_compilation_timestamp = '2020-03-27T03:05:00+00:00']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-11-30T09:38:20Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--91755780-edb5-4184-a85a-8038b21037a9",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-11-30T09:39:09.000Z",
"modified": "2023-11-30T09:39:09.000Z",
"pattern": "[file:hashes.SHA256 = '67316d574d0e05549bf314b4764842e2b598f2ffae1ac82123b3dd592f605751' AND file:name = 'svm.exe' AND file:name = 'svmm.exe' AND file:x_misp_compilation_timestamp = '2020-03-27T03:06:00+00:00']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-11-30T09:39:09Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--d42c7cfa-02c3-417a-8fda-d78beedcb5be",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-11-30T09:39:44.000Z",
"modified": "2023-11-30T09:39:44.000Z",
"pattern": "[file:hashes.SHA256 = 'a8169c566bf4566c6c4ba98ce7f9ecf143ae6c21dc0d7b15779c936e1ff60269' AND file:name = 'svm.exe' AND file:name = 'svmm.exe' AND file:x_misp_compilation_timestamp = '2020-04-07T08:44:00+00:00']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-11-30T09:39:44Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--0ce35428-7b9f-4966-b5c9-915a963a2025",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-12-05T13:09:46.000Z",
"modified": "2023-12-05T13:09:46.000Z",
"description": "Remote Access Trojan",
"pattern": "[file:hashes.SHA256 = '20932b2151de5f0dc5c1159fbc1d2d004f069bb04d32d66dc7fa5b7b9eac1aa7' AND file:name = 'svminstall.exe' AND file:x_misp_compilation_timestamp = '2016-12-19T15:41:22+00:00']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-12-05T13:09:46Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--9a2b3b20-3490-4963-8e55-8a78269c262c",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-11-30T13:44:04.000Z",
"modified": "2023-11-30T13:44:04.000Z",
"pattern": "[file:hashes.SHA256 = '2878ad6d386bc3fd9f0625195a3a60fc5056ff7ff24e57cf466e54af07d0217e' AND file:name = '0750e344e12de0b653de4e7d600d00c2.virus' AND file:x_misp_compilation_timestamp = '2020-03-27T03:05:00+00:00']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-11-30T13:44:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--64ca88c1-8b48-43e5-b094-77cc69d934e7",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-12-05T12:37:35.000Z",
"modified": "2023-12-05T12:37:35.000Z",
"description": "Zip archive containing malicious code",
"pattern": "[file:hashes.SHA256 = '2f65238e7b3a8ddd719fb19a506cd1d964fc7b5cab6f3f4e95235c235cac2190' AND file:name = 'svminstall.exe.zip' AND file:x_misp_compilation_timestamp = '2020-05-07T22:21:26+00:00']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-12-05T12:37:35Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--f340ee1b-2a40-4f2b-afbe-45e79140cec1",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-12-05T12:30:05.000Z",
"modified": "2023-12-05T12:30:05.000Z",
"description": "Remote Access Trojan",
"pattern": "[file:hashes.SHA256 = '39b914c8064becf3df1df39b0517bda05371e90b8b5fe15aad275faac634876f' AND file:name = 'usv.exe' AND file:x_misp_compilation_timestamp = '2020-03-27T03:12:24+00:00']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-12-05T12:30:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--2c00384b-57eb-4d4a-8261-7b29f2fd8f11",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-11-30T13:44:05.000Z",
"modified": "2023-11-30T13:44:05.000Z",
"pattern": "[file:hashes.SHA256 = '3b63900e56a7eccee43d42a77fcb6d7834943f5236adae063abe32111f35152d' AND file:name = '71f7e61c2686b4bc1d67745e859b3ca1.virus' AND file:x_misp_compilation_timestamp = '2020-03-27T03:10:00+00:00']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-11-30T13:44:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--87ce2eff-30a0-4fee-9641-186684286abd",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-12-05T10:32:21.000Z",
"modified": "2023-12-05T10:32:21.000Z",
"description": "Remote Access Trojan",
"pattern": "[file:hashes.SHA256 = '41103f32f247ba744a8fbe17deac4bd26aeba323f3161e44adc35f8dd81ce4d3' AND file:name = 'SVMV1.0-20200310.exe' AND file:x_misp_compilation_timestamp = '2016-12-19T15:41:22+00:00']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-12-05T10:32:21Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--3b6f337e-e0ae-4da5-880c-089bd8222795",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-12-05T10:31:40.000Z",
"modified": "2023-12-05T10:31:40.000Z",
"description": "Remote Access Trojan",
"pattern": "[file:hashes.SHA256 = '4f86175e5500be87cc95ea9fcaf565970e15a86b2aa3223f8ef8d25e72cec376' AND file:name = 'IDG-MINZONGV1.0-20200310.exe' AND file:x_misp_compilation_timestamp = '2016-12-19T15:41:22+00:00']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-12-05T10:31:40Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--67afd357-6025-414b-951f-8d5fd7c2393c",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-11-30T13:44:05.000Z",
"modified": "2023-11-30T13:44:05.000Z",
"pattern": "[file:hashes.SHA256 = '5246fc50cce0b3492939a169082eebfde63c9ebc312267eef6d1bb47b44c44aa' AND file:name = '392b5b60444fa9e27c1de9d977ec9248.virus' AND file:x_misp_compilation_timestamp = '2020-03-27T03:05:00+00:00']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-11-30T13:44:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--a0cb4750-bc13-48ad-b4c7-0e088f5fe571",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-11-30T13:44:05.000Z",
"modified": "2023-11-30T13:44:05.000Z",
"pattern": "[file:hashes.SHA256 = '55429a6085d50782be52bb2150cfabecfdaa4eb843350399c3cf88a9ab9fa4c1' AND file:name = 'idgclient.exe' AND file:x_misp_compilation_timestamp = '2020-03-27T03:11:00+00:00']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-11-30T13:44:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56181b68-145d-4240-bdc9-ab7b8bcba590",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-11-30T13:44:05.000Z",
"modified": "2023-11-30T13:44:05.000Z",
"pattern": "[file:hashes.SHA256 = '561f89c566af35a90ae19285177cedaae3a0cbd7c8d415c57766e7988503c686' AND file:name = 'dga.exe' AND file:x_misp_compilation_timestamp = '2020-03-27T02:53:00+00:00']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-11-30T13:44:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--66621b84-e9d8-4f2f-849a-51e535149fe6",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-12-05T12:31:29.000Z",
"modified": "2023-12-05T12:31:29.000Z",
"description": "Remote Access Trojan",
"pattern": "[file:hashes.SHA256 = '77ee7b0a10f3c0ab08c1b1f88ceb0dd979e9c2fee17ac5fd14c9ce27002f6078' AND file:name = 'IDG-FEILONGV1.0-20200310.exe' AND file:x_misp_compilation_timestamp = '2016-12-19T15:41:22+00:00']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-12-05T12:31:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55b1382d-9f32-4276-89fe-2e7266944439",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-11-30T13:44:05.000Z",
"modified": "2023-11-30T13:44:05.000Z",
"pattern": "[file:hashes.SHA256 = '7bf45c75dca3362331d5a9a116bf9c7a52e1352905a5dee66f0cf123acc461b2' AND file:name = 'svm.exe' AND file:x_misp_compilation_timestamp = '2020-03-27T03:17:00+00:00']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-11-30T13:44:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--3320cfa3-936e-41ef-9c53-d63c110b20c5",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-11-30T13:44:05.000Z",
"modified": "2023-11-30T13:44:05.000Z",
"pattern": "[file:hashes.SHA256 = '817887f4e977443cb446579f080ae848a2235b79f8c174e7201cebf62e9ccd94' AND file:name = 'idgclient.exe' AND file:x_misp_compilation_timestamp = '2020-03-27T03:01:00+00:00']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-11-30T13:44:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--4fdc1c30-e026-4ff3-afd3-55527f7c790a",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-12-05T12:48:11.000Z",
"modified": "2023-12-05T12:48:11.000Z",
"description": "Remote Access Trojan",
"pattern": "[file:hashes.SHA256 = '853ef8130b50e9fce5f7575afc04374de0232fa5fe6b7b4d97fda7bf17ec58c9' AND file:name = 'usv.exe' AND file:x_misp_compilation_timestamp = '2020-03-27T03:06:00+00:00']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-12-05T12:48:11Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--bf153833-d88e-4154-8d50-4ac02ad8296a",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-11-30T13:44:06.000Z",
"modified": "2023-11-30T13:44:06.000Z",
"pattern": "[file:hashes.SHA256 = '862115c6d8d6e6addeb408c45ac0a7f8a25126d5ccca6d9356143a7a683c009d' AND file:name = '7bc6b5c6da04a231f5fa011944ce5a31.virus' AND file:x_misp_compilation_timestamp = '2020-03-23T13:05:00+00:00']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-11-30T13:44:06Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55c42baa-eda4-4bcd-b58f-0d4ae5e46465",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-11-30T13:44:06.000Z",
"modified": "2023-11-30T13:44:06.000Z",
"pattern": "[file:hashes.SHA256 = '8b0e1be70409238e7577429df3eaa84a6b12f36d9dbb6e47607f7fc354ddb961' AND file:name = 'svm.exe' AND file:x_misp_compilation_timestamp = '2020-03-27T02:51:00+00:00']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-11-30T13:44:06Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--f5a1bd3a-32ae-45fb-89c6-7b0e5f961cb2",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-12-05T12:52:02.000Z",
"modified": "2023-12-05T12:52:02.000Z",
"description": "Remote Access Trojan",
"pattern": "[file:hashes.SHA256 = '98b5320e7464fc69b12eb626b6336604efcbf6502adc38c77f6db41666da9dd1' AND file:name = 'usv.exe' AND file:x_misp_compilation_timestamp = '2020-03-27T02:24:01+00:00']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-12-05T12:52:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--fc241f3d-1a7a-4f8f-a5b9-2e14e74252aa",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-11-30T13:44:06.000Z",
"modified": "2023-11-30T13:44:06.000Z",
"pattern": "[file:hashes.SHA256 = 'a44e6b87dc1165c4c6839554dd412e98fade0a7e7c6341b9d44c0ee0dd034160' AND file:name = 'cce1df224e63ff1aab5f74e2fb1559e3.virus' AND file:x_misp_compilation_timestamp = '2020-03-27T03:10:00+00:00']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-11-30T13:44:06Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--91004b93-92fb-46cb-a690-ee49d550fd87",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-12-05T13:13:18.000Z",
"modified": "2023-12-05T13:13:18.000Z",
"description": "Remote Access Trojan",
"pattern": "[file:hashes.SHA256 = 'a6e9d6c145668c4fc6e6dbd3d1fe4bc394211d9c09d31c12730ceddf3e5056be' AND file:name = 'svminstall.exe' AND file:x_misp_compilation_timestamp = '2016-12-19T15:41:22+00:00']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-12-05T13:13:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5c497b29-bca4-4702-ae5e-a8df8e26165b",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-11-30T13:44:06.000Z",
"modified": "2023-11-30T13:44:06.000Z",
"pattern": "[file:hashes.SHA256 = 'af120f411c2c1f3ec52516006a25c734a5a0e4952c3eb942ad99858420c9135e' AND file:name = 'svm.exe' AND file:x_misp_compilation_timestamp = '2020-04-07T08:44:00+00:00']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-11-30T13:44:06Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--288d3f46-333a-400f-b20d-8e742292776a",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-12-05T10:32:40.000Z",
"modified": "2023-12-05T10:32:40.000Z",
"description": "Zip archive containing malicious code",
"pattern": "[file:hashes.SHA256 = 'afcc4ccc4ac0f1eaded6fc2ea704f4e9650942fc317728150676de3af19fb72d' AND file:name = 'svminstall.exe.zip' AND file:x_misp_compilation_timestamp = '2020-05-14T01:29:22+00:00']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-12-05T10:32:40Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--47becfed-220a-4ae7-ac67-b4c3c4e67f66",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-12-05T12:55:12.000Z",
"modified": "2023-12-05T12:55:12.000Z",
"description": "Remote Access Trojan",
"pattern": "[file:hashes.SHA256 = 'afe2bcd5cb2de6349329c42631bfbbdba46d672f6dc515a5bee63cb4265e49f8' AND file:name = 'usv.exe' AND file:x_misp_compilation_timestamp = '2020-03-27T03:17:53+00:00']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-12-05T12:55:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--4c20a6ae-008e-4d33-aa13-6286d7c1fc47",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-12-05T13:16:44.000Z",
"modified": "2023-12-05T13:16:44.000Z",
"description": "Remote Access Trojan",
"pattern": "[file:hashes.SHA256 = 'b67913449618756dcc815a242a270257cce4d5ae71911bb6716bdecc2f1c0c7f' AND file:name = 'svminstall.exe' AND file:x_misp_compilation_timestamp = '2016-12-19T15:41:22+00:00']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-12-05T13:16:44Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--ef75e372-c372-416a-bc51-c54fd64cc47c",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-11-30T13:44:06.000Z",
"modified": "2023-11-30T13:44:06.000Z",
"pattern": "[file:hashes.SHA256 = 'b6982fe4ab882cfdcba091c6617b9d279a9bcfd3e28a76d5fb2c0cdfc0c23064' AND file:name = '126599da0c79ce196c960d0ba28aacda.virus' AND file:x_misp_compilation_timestamp = '2020-03-27T03:17:00+00:00']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-11-30T13:44:06Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--a2571d1b-5251-49d6-a06a-6b2cd55c33fe",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-11-30T13:44:06.000Z",
"modified": "2023-11-30T13:44:06.000Z",
"pattern": "[file:hashes.SHA256 = 'c12e099fb5e825be513c75cff8b4f064b9d4ea8435bab254d69e126b74959372' AND file:name = 'dga.exe' AND file:x_misp_compilation_timestamp = '2020-03-27T03:10:00+00:00']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-11-30T13:44:06Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--0c820525-3995-48df-b0f7-29543d3bb91e",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-11-30T13:44:06.000Z",
"modified": "2023-11-30T13:44:06.000Z",
"pattern": "[file:hashes.SHA256 = 'c4fc73dbfc0d61a0a60239971225321b882af5923babf26c324726b80db612a2' AND file:name = 'idgclient.exe' AND file:x_misp_compilation_timestamp = '2020-03-27T03:06:00+00:00']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-11-30T13:44:06Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--864dad3f-719f-4dba-8c9f-92f673fa87b7",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-12-05T10:32:12.000Z",
"modified": "2023-12-05T10:32:12.000Z",
"description": "Remote Access Trojan",
"pattern": "[file:hashes.SHA256 = 'c5c5e59bb18bad1427714d0007b676e658d8e08faf5a0632ed88912f5816d525' AND file:name = 'IDG-NJCKV1.0-20200320.exe' AND file:x_misp_compilation_timestamp = '2016-12-19T15:41:22+00:00']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-12-05T10:32:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--d6f1a0e7-5a66-48a0-a6ed-597558d2b5f3",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-11-30T13:44:07.000Z",
"modified": "2023-11-30T13:44:07.000Z",
"pattern": "[file:hashes.SHA256 = 'c9d1ec32df1b134aa809bc8b3ad475b690347294693f6c5b65ab1df94fa4d1fd' AND file:name = '433F8727.vsc_svm.exe_archive_level0_1_NSIS.unc' AND file:x_misp_compilation_timestamp = '2020-03-23T13:05:00+00:00']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-11-30T13:44:07Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--47df59a7-8382-486b-8de2-2745eaad8bcb",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-11-30T13:44:07.000Z",
"modified": "2023-11-30T13:44:07.000Z",
"pattern": "[file:hashes.SHA256 = 'ce3d64f8ad4dcbbf5324e05c81a716c5d2493e149edafbc5cb73c01836bea5f2' AND file:name = '8497a9301e74d3611c2df3e3c0ea24f4.virus' AND file:x_misp_compilation_timestamp = '2020-03-27T03:10:00+00:00']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-11-30T13:44:07Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--eb8e2be7-0f90-4150-a98b-b00ea054991a",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-11-30T13:44:07.000Z",
"modified": "2023-11-30T13:44:07.000Z",
"pattern": "[file:hashes.SHA256 = 'd41081969a212dec0ca623d848fb51907d8cdb1cb7bd86e1354e3041052858fb' AND file:name = 'svm.exe' AND file:x_misp_compilation_timestamp = '2020-03-27T03:11:00+00:00']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-11-30T13:44:07Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--d1f42381-a3f9-43ac-bd4a-0af2049dc70d",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-11-30T13:44:07.000Z",
"modified": "2023-11-30T13:44:07.000Z",
"pattern": "[file:hashes.SHA256 = 'e0e7b4f6878483bdc8c3e01d4daa11c71e61385e85a6eaa2be8fec04d250b74e' AND file:name = 'dga.exe' AND file:x_misp_compilation_timestamp = '2020-03-27T03:16:00+00:00']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-11-30T13:44:07Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57a4955c-6c61-494c-9c18-b6b144cfcfae",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-11-30T13:44:07.000Z",
"modified": "2023-11-30T13:44:07.000Z",
"pattern": "[file:hashes.SHA256 = 'e8118cb2941c0421a2f6942919f8541b5fab348e2334102eab8654d2c4bff8ed' AND file:name = 'idgclient.exe' AND file:x_misp_compilation_timestamp = '2020-03-27T03:16:00+00:00']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-11-30T13:44:07Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56678941-6891-43a3-9b44-372c1dc4acc5",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-12-05T13:41:45.000Z",
"modified": "2023-12-05T13:41:45.000Z",
"description": "Remote Access Trojan",
"pattern": "[file:hashes.SHA256 = 'f21623311a947d8a9f2dd05c098f45c3ef12be3cbf79fb49659e5bfc1588cdfe' AND file:name = 'IDG-NINGZHIV1.0-20200310.exe' AND file:x_misp_compilation_timestamp = '2016-12-19T15:41:22+00:00']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-12-05T13:41:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--354eb109-0414-4137-bc65-273dead6fd36",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-11-30T13:44:07.000Z",
"modified": "2023-11-30T13:44:07.000Z",
"pattern": "[file:hashes.SHA256 = 'f89e898ea40e10901c0c9f9100f269a227323ace1f7248293bfd57982dea1a67' AND file:name = 'svm.exe' AND file:x_misp_compilation_timestamp = '2020-03-23T13:05:00+00:00']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-11-30T13:44:07Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--a0c09246-2a75-4b64-998b-2ce88008946b",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-12-05T13:03:09.000Z",
"modified": "2023-12-05T13:03:09.000Z",
"description": "Remote Access Trojan",
"pattern": "[file:hashes.SHA256 = 'ffbeaa5947fc467fce27c765a4e8dc08e45c8ca13e583f5271b19e944e0cb8e3' AND file:name = 'svm.exe' AND file:x_misp_compilation_timestamp = '2016-12-19T15:41:22+00:00']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-12-05T13:03:09Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--81f03e90-ce30-4ba2-b79c-a142e06c1323",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-11-30T14:24:52.000Z",
"modified": "2023-11-30T14:24:52.000Z",
"pattern": "[domain-name:value = 'download.ningzhidata.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-11-30T14:24:52Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"domain-ip\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--68928c6b-59d5-4d04-a1f7-9d70b4b9f0fa",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-12-05T10:31:18.000Z",
"modified": "2023-12-05T10:31:18.000Z",
"description": "Remote Access Trojan",
"pattern": "[file:hashes.SHA256 = '3b8761d2e19bc5185f55cc2f575bbe54a45a52fc1c8650a60f1bd13e01e24655' AND file:name = 'svm.exe' AND file:x_misp_compilation_timestamp = '2016-12-19T15:41:22+00:00']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-12-05T10:31:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56518dcb-1ead-4b1e-95ba-c07253f392a2",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-12-13T09:30:40.000Z",
"modified": "2023-12-13T09:30:40.000Z",
"description": "Installs the tax invoice gatherer, running as a service",
"pattern": "[file:hashes.MD5 = '39393db9ff05b587ef42ae6340f03a85' AND file:name = 'XYRZSetup.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-12-13T09:30:40Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--734c8381-f0a4-4eaf-80c6-ef93743c0445",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-12-13T09:33:18.000Z",
"modified": "2023-12-13T09:33:18.000Z",
"description": "Installs the plugin manager \u2013 plugin.exe and mplugin.exe and also downloads the backdoor installer svminstall.exe",
"pattern": "[file:hashes.MD5 = '84ff122838c0da5ab5ddcaa8f45f7011' AND file:name = 'PluginSetup.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-12-13T09:33:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--8a96e601-a86d-498e-9ea0-6d9052443f2d",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-12-08T10:44:28.000Z",
"modified": "2023-12-08T10:44:28.000Z",
"description": "PKCS11 Library",
"pattern": "[file:hashes.MD5 = '7b8d8a81b32209a80fb974cf89697116' AND file:name = 'libp11.dll']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-12-08T10:44:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--51b9a083-6bb7-453e-a3d1-70137283f004",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-12-08T10:44:38.000Z",
"modified": "2023-12-08T10:44:38.000Z",
"description": "Configuration file",
"pattern": "[file:hashes.MD5 = '2d9427f26131249333c60139d0995f88' AND file:name = 'serverjsp.ini']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-12-08T10:44:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--29908be1-f56d-4e97-9892-8830c9d29241",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-12-08T10:49:41.000Z",
"modified": "2023-12-08T10:49:41.000Z",
"description": "SQLite Library",
"pattern": "[file:hashes.MD5 = '7593a2422d0ea17fac214af4a1efa194' AND file:name = 'sqlite3.dll']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-12-08T10:49:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--1ec351fd-aba4-44ce-abfc-ae24e2007297",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-12-08T10:50:07.000Z",
"modified": "2023-12-08T10:50:07.000Z",
"description": "SSL Library",
"pattern": "[file:hashes.MD5 = '3cb5a5dc5701c2961742bdb05a43c6d0' AND file:name = 'SSLeay32.dll']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-12-08T10:50:07Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--f36ce21a-4c59-4731-9929-1af4ff97f21f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-12-08T10:50:17.000Z",
"modified": "2023-12-08T10:50:17.000Z",
"description": "Program uninstaller",
"pattern": "[file:hashes.MD5 = '8d5692af55e44e471a27a0fc401ac6ba' AND file:name = 'uninst.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-12-08T10:50:17Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--8e56f0cf-4efb-4ce4-9de0-61467c133f58",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-12-08T10:50:59.000Z",
"modified": "2023-12-08T10:50:59.000Z",
"description": "Tax Invoice Gatherer and Uploaded",
"pattern": "[file:hashes.MD5 = '52a64ae155ef5ec37966e787ab1678a2' AND file:name = 'xyrzsvc.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-12-08T10:50:59Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--858c9869-c1a4-46a1-9075-cd11ead979ef",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-12-08T10:51:13.000Z",
"modified": "2023-12-08T10:51:13.000Z",
"description": "SQLite schema",
"pattern": "[file:hashes.MD5 = 'cf9933a40f9a348b412da0953a7de6f3' AND file:name = 'Aisino.dll']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-12-08T10:51:13Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--3a99c93d-3e6f-492a-ae6c-b05c00c23275",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-12-08T10:51:55.000Z",
"modified": "2023-12-08T10:51:55.000Z",
"description": "Public Key Cryptography Standard",
"pattern": "[file:hashes.MD5 = '696721fb92e109010b03304fda0c960f' AND file:name = 'CTptkcs.dll']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-12-08T10:51:55Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--e14f5aa2-9045-444e-80f1-fa2ef5d0953c",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-12-08T10:52:17.000Z",
"modified": "2023-12-08T10:52:17.000Z",
"description": "Tax Card Code Library",
"pattern": "[file:hashes.MD5 = '7c348eac40b9dbf6bd52db2985abee42' AND file:name = 'JsDevInfoDll.dll']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-12-08T10:52:17Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--499f7525-508b-463d-8124-ba263c1727a5",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-12-12T10:53:09.000Z",
"modified": "2023-12-12T10:53:09.000Z",
"description": "is a setup file that installs the electronic signing application. The program and component files are installed under the folder %ProgramFiles%\\Signtool",
"pattern": "[file:hashes.MD5 = '04f100f771ed8dd238fdf41a0f85977a' AND file:name = 'SignToolSetup.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-12-12T10:53:09Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--8bd144dd-eea0-448e-87c0-67a556c36700",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-12-08T13:14:21.000Z",
"modified": "2023-12-08T13:14:21.000Z",
"description": "HELP file",
"pattern": "[file:hashes.MD5 = 'b94c7fc5528f5e233a9900991c7757ca' AND file:name = 'help.pdf']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-12-08T13:14:21Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--3f3839ec-a575-4603-a292-fab98e7c6038",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-12-08T13:21:34.000Z",
"modified": "2023-12-08T13:21:34.000Z",
"description": "CURL Library",
"pattern": "[file:hashes.MD5 = 'b672963bb8fc75b7c122082b5e567058' AND file:name = 'libcurl.dll']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-12-08T13:21:34Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--657df46a-50d1-4010-b30a-a7f64574e0d9",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-12-08T13:24:24.000Z",
"modified": "2023-12-08T13:24:24.000Z",
"description": "OpenSSL Library",
"pattern": "[file:hashes.MD5 = '0852402f8f75c9a75a74114af75f34c5' AND file:name = 'libeay32.dll']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-12-08T13:24:24Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--fe41ce79-dc2a-4fc1-93e5-8e7ff38e727f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-12-08T13:59:09.000Z",
"modified": "2023-12-08T13:59:09.000Z",
"description": "QR Generator Library",
"pattern": "[file:hashes.MD5 = 'f8246f3e4391c50c53c2417b9fea3a33' AND file:name = 'QRGenerator.dll']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-12-08T13:59:09Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--98843b28-2cbc-4195-aced-0460e2b8d8b6",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-12-08T14:12:46.000Z",
"modified": "2023-12-08T14:12:46.000Z",
"description": "Electronic contract signing tool and document file uploader",
"pattern": "[file:hashes.MD5 = '05b0e15a989182e97e6068344840406f' AND file:name = 'SignTool.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-12-08T14:12:46Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--76062895-7556-47cf-9bb4-f02dd5d7ac09",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-12-08T14:41:23.000Z",
"modified": "2023-12-08T14:41:23.000Z",
"description": "this executable file monitors and makes sure that plugin.exe process is running. When plugin.exe is terminated, it will respawn it. It also checks tax software update from the host: http://upgrade.i-xinnuo[.]com",
"pattern": "[file:hashes.MD5 = '946945ee4555fc7f7aced80904fe802f' AND file:name = 'MPlugin.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-12-08T14:41:23Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--4daa6a76-e7d6-4094-a9fa-fd3a36e6a9d0",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-12-12T10:25:52.000Z",
"modified": "2023-12-12T10:25:52.000Z",
"pattern": "[file:hashes.MD5 = '85223e82337f409697b951207a2d91e6']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-12-12T10:25:52Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--cb1e3793-c635-4787-95ef-170010d073d5",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-12-12T09:07:39.000Z",
"modified": "2023-12-12T09:07:39.000Z",
"pattern": "[file:hashes.MD5 = '8ecc9a53cc99bde757df9e718fd3af17' AND file:name = 'PluginManagerSetup.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-12-12T09:07:39Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--f0f1cf7c-3ca1-4fb3-9dd3-f25340b7f3b8",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2023-12-13T14:27:35.000Z",
"modified": "2023-12-13T14:27:35.000Z",
"description": "This is the main plugin manager program. A thread is created to get instructions from the execute commands from the remote host http://upgrade.i-xinnuo[.]com mainly for managing tax",
"pattern": "[file:hashes.MD5 = '134d9ffc9c65366e690c2a4852ec6835' AND file:name = 'plugin.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2023-12-13T14:27:35Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--5cf87a94-dea8-4386-99cb-5a2a83378f79",
"created": "2023-12-05T13:09:19.000Z",
"modified": "2023-12-05T13:09:19.000Z",
"relationship_type": "communicates-with",
"source_ref": "indicator--0ce35428-7b9f-4966-b5c9-915a963a2025",
"target_ref": "indicator--c2cb668d-ecf5-4b02-8945-809e70013f93"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--6c9c94ea-046b-4905-b94e-265ce5c9461d",
"created": "2023-12-05T13:09:31.000Z",
"modified": "2023-12-05T13:09:31.000Z",
"relationship_type": "communicates-with",
"source_ref": "indicator--0ce35428-7b9f-4966-b5c9-915a963a2025",
"target_ref": "indicator--d6ff3893-5b58-412d-a38f-a42ff6b55ce2"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--c3e0fccc-5d17-4ec4-ba72-6151cdb41942",
"created": "2023-12-05T13:09:46.000Z",
"modified": "2023-12-05T13:09:46.000Z",
"relationship_type": "communicates-with",
"source_ref": "indicator--0ce35428-7b9f-4966-b5c9-915a963a2025",
"target_ref": "indicator--83c0441c-7262-46b2-b3e0-242171581ba0"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--62bb6a6d-b5e2-4dff-a4a8-fd51fc9f2c18",
"created": "2023-12-05T12:37:18.000Z",
"modified": "2023-12-05T12:37:18.000Z",
"relationship_type": "communicates-with",
"source_ref": "indicator--64ca88c1-8b48-43e5-b094-77cc69d934e7",
"target_ref": "indicator--d6ff3893-5b58-412d-a38f-a42ff6b55ce2"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--a3a8e4f8-f7f5-4219-a38a-4a20842776aa",
"created": "2023-12-05T12:37:35.000Z",
"modified": "2023-12-05T12:37:35.000Z",
"relationship_type": "communicates-with",
"source_ref": "indicator--64ca88c1-8b48-43e5-b094-77cc69d934e7",
"target_ref": "indicator--b8a987ee-113e-43b0-bd1d-d9138c6f50b3"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--4edbaf7c-74c0-4200-a402-04d25c9d631f",
"created": "2023-12-05T12:29:19.000Z",
"modified": "2023-12-05T12:29:19.000Z",
"relationship_type": "communicates-with",
"source_ref": "indicator--f340ee1b-2a40-4f2b-afbe-45e79140cec1",
"target_ref": "indicator--c2cb668d-ecf5-4b02-8945-809e70013f93"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--265ad043-5977-4055-92a5-36d10a571ece",
"created": "2023-12-05T12:29:36.000Z",
"modified": "2023-12-05T12:29:36.000Z",
"relationship_type": "communicates-with",
"source_ref": "indicator--f340ee1b-2a40-4f2b-afbe-45e79140cec1",
"target_ref": "indicator--83c0441c-7262-46b2-b3e0-242171581ba0"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--e89f5ebe-462f-48a2-a69b-d2cab6043e41",
"created": "2023-12-04T13:18:45.000Z",
"modified": "2023-12-04T13:18:45.000Z",
"relationship_type": "communicates-with",
"source_ref": "indicator--87ce2eff-30a0-4fee-9641-186684286abd",
"target_ref": "indicator--c2cb668d-ecf5-4b02-8945-809e70013f93"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--612cabf4-e8c6-4f54-ba1e-35b23876fc3f",
"created": "2023-12-04T13:19:08.000Z",
"modified": "2023-12-04T13:19:08.000Z",
"relationship_type": "communicates-with",
"source_ref": "indicator--87ce2eff-30a0-4fee-9641-186684286abd",
"target_ref": "indicator--d6ff3893-5b58-412d-a38f-a42ff6b55ce2"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--a8c29673-56c1-4bf3-b520-8f31d1f02f38",
"created": "2023-12-04T13:19:30.000Z",
"modified": "2023-12-04T13:19:30.000Z",
"relationship_type": "communicates-with",
"source_ref": "indicator--87ce2eff-30a0-4fee-9641-186684286abd",
"target_ref": "indicator--83c0441c-7262-46b2-b3e0-242171581ba0"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--0b3e45ce-dac4-41e0-8c0c-6b43bd0e6492",
"created": "2023-12-04T09:48:29.000Z",
"modified": "2023-12-04T09:48:29.000Z",
"relationship_type": "communicates-with",
"source_ref": "indicator--3b6f337e-e0ae-4da5-880c-089bd8222795",
"target_ref": "indicator--c2cb668d-ecf5-4b02-8945-809e70013f93"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--79180f78-089a-4bc7-b3b4-461a6712d16b",
"created": "2023-12-04T09:48:45.000Z",
"modified": "2023-12-04T09:48:45.000Z",
"relationship_type": "communicates-with",
"source_ref": "indicator--3b6f337e-e0ae-4da5-880c-089bd8222795",
"target_ref": "indicator--d6ff3893-5b58-412d-a38f-a42ff6b55ce2"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--0d33f5a5-2c93-4d8a-8d05-b88f966e47ad",
"created": "2023-12-04T09:48:57.000Z",
"modified": "2023-12-04T09:48:57.000Z",
"relationship_type": "communicates-with",
"source_ref": "indicator--3b6f337e-e0ae-4da5-880c-089bd8222795",
"target_ref": "indicator--83c0441c-7262-46b2-b3e0-242171581ba0"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--0c00d85b-5706-428c-9ea2-13a97062a094",
"created": "2023-12-05T12:31:02.000Z",
"modified": "2023-12-05T12:31:02.000Z",
"relationship_type": "communicates-with",
"source_ref": "indicator--66621b84-e9d8-4f2f-849a-51e535149fe6",
"target_ref": "indicator--c2cb668d-ecf5-4b02-8945-809e70013f93"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--24e6e30b-abe0-43f1-9cb7-69ed86e8a9d7",
"created": "2023-12-05T12:31:16.000Z",
"modified": "2023-12-05T12:31:16.000Z",
"relationship_type": "communicates-with",
"source_ref": "indicator--66621b84-e9d8-4f2f-849a-51e535149fe6",
"target_ref": "indicator--d6ff3893-5b58-412d-a38f-a42ff6b55ce2"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--ebbd089f-d730-4eb2-af93-0da028efa1be",
"created": "2023-12-05T12:31:29.000Z",
"modified": "2023-12-05T12:31:29.000Z",
"relationship_type": "communicates-with",
"source_ref": "indicator--66621b84-e9d8-4f2f-849a-51e535149fe6",
"target_ref": "indicator--83c0441c-7262-46b2-b3e0-242171581ba0"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--694f63f4-0f44-40d9-95f5-1d906f31c212",
"created": "2023-12-05T12:47:51.000Z",
"modified": "2023-12-05T12:47:51.000Z",
"relationship_type": "communicates-with",
"source_ref": "indicator--4fdc1c30-e026-4ff3-afd3-55527f7c790a",
"target_ref": "indicator--c2cb668d-ecf5-4b02-8945-809e70013f93"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--b4048948-b225-4b05-8dc7-de0abc1b6391",
"created": "2023-12-05T12:48:11.000Z",
"modified": "2023-12-05T12:48:11.000Z",
"relationship_type": "communicates-with",
"source_ref": "indicator--4fdc1c30-e026-4ff3-afd3-55527f7c790a",
"target_ref": "indicator--83c0441c-7262-46b2-b3e0-242171581ba0"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--c6ecb131-0b2f-428d-b528-0463444fd11c",
"created": "2023-12-05T12:51:47.000Z",
"modified": "2023-12-05T12:51:47.000Z",
"relationship_type": "communicates-with",
"source_ref": "indicator--f5a1bd3a-32ae-45fb-89c6-7b0e5f961cb2",
"target_ref": "indicator--c2cb668d-ecf5-4b02-8945-809e70013f93"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--1b4d14d5-2936-47e0-a10e-d546a5fc27a3",
"created": "2023-12-05T12:52:02.000Z",
"modified": "2023-12-05T12:52:02.000Z",
"relationship_type": "communicates-with",
"source_ref": "indicator--f5a1bd3a-32ae-45fb-89c6-7b0e5f961cb2",
"target_ref": "indicator--83c0441c-7262-46b2-b3e0-242171581ba0"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--1c733e32-c60d-48af-882c-5322e9142efd",
"created": "2023-12-05T13:12:49.000Z",
"modified": "2023-12-05T13:12:49.000Z",
"relationship_type": "communicates-with",
"source_ref": "indicator--91004b93-92fb-46cb-a690-ee49d550fd87",
"target_ref": "indicator--c2cb668d-ecf5-4b02-8945-809e70013f93"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--67983c4b-db37-480c-8e66-2141200f03c6",
"created": "2023-12-05T13:13:03.000Z",
"modified": "2023-12-05T13:13:03.000Z",
"relationship_type": "communicates-with",
"source_ref": "indicator--91004b93-92fb-46cb-a690-ee49d550fd87",
"target_ref": "indicator--d6ff3893-5b58-412d-a38f-a42ff6b55ce2"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--6084a002-082e-4c3a-97e2-836654bab0c7",
"created": "2023-12-05T13:13:18.000Z",
"modified": "2023-12-05T13:13:18.000Z",
"relationship_type": "communicates-with",
"source_ref": "indicator--91004b93-92fb-46cb-a690-ee49d550fd87",
"target_ref": "indicator--83c0441c-7262-46b2-b3e0-242171581ba0"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--a3ffba2f-7c7a-49b6-bbe5-6097591a98f1",
"created": "2023-12-05T10:30:32.000Z",
"modified": "2023-12-05T10:30:32.000Z",
"relationship_type": "communicates-with",
"source_ref": "indicator--288d3f46-333a-400f-b20d-8e742292776a",
"target_ref": "indicator--d6ff3893-5b58-412d-a38f-a42ff6b55ce2"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--5aa270ca-dc42-4104-9fc0-613dffa0ac72",
"created": "2023-12-05T10:30:45.000Z",
"modified": "2023-12-05T10:30:45.000Z",
"relationship_type": "communicates-with",
"source_ref": "indicator--288d3f46-333a-400f-b20d-8e742292776a",
"target_ref": "indicator--b8a987ee-113e-43b0-bd1d-d9138c6f50b3"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--1d798377-ecb6-43f8-b8b8-d0e0823c5c8a",
"created": "2023-12-05T12:54:37.000Z",
"modified": "2023-12-05T12:54:37.000Z",
"relationship_type": "communicates-with",
"source_ref": "indicator--47becfed-220a-4ae7-ac67-b4c3c4e67f66",
"target_ref": "indicator--c2cb668d-ecf5-4b02-8945-809e70013f93"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--d59a1a36-1897-4aa8-865a-671fd7df3122",
"created": "2023-12-05T12:55:12.000Z",
"modified": "2023-12-05T12:55:12.000Z",
"relationship_type": "communicates-with",
"source_ref": "indicator--47becfed-220a-4ae7-ac67-b4c3c4e67f66",
"target_ref": "indicator--83c0441c-7262-46b2-b3e0-242171581ba0"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--b505428d-c455-4517-91ed-b26cce9153e6",
"created": "2023-12-05T13:16:14.000Z",
"modified": "2023-12-05T13:16:14.000Z",
"relationship_type": "communicates-with",
"source_ref": "indicator--4c20a6ae-008e-4d33-aa13-6286d7c1fc47",
"target_ref": "indicator--c2cb668d-ecf5-4b02-8945-809e70013f93"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--48a6d75a-583e-4900-939c-19294a094dbb",
"created": "2023-12-05T13:16:30.000Z",
"modified": "2023-12-05T13:16:30.000Z",
"relationship_type": "communicates-with",
"source_ref": "indicator--4c20a6ae-008e-4d33-aa13-6286d7c1fc47",
"target_ref": "indicator--d6ff3893-5b58-412d-a38f-a42ff6b55ce2"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--0ca088bd-4274-4883-bd03-cf32d48fc384",
"created": "2023-12-05T13:16:44.000Z",
"modified": "2023-12-05T13:16:44.000Z",
"relationship_type": "communicates-with",
"source_ref": "indicator--4c20a6ae-008e-4d33-aa13-6286d7c1fc47",
"target_ref": "indicator--83c0441c-7262-46b2-b3e0-242171581ba0"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--69498f5c-b8b4-4ef3-bf49-7eec30ebed29",
"created": "2023-12-04T13:17:08.000Z",
"modified": "2023-12-04T13:17:08.000Z",
"relationship_type": "communicates-with",
"source_ref": "indicator--864dad3f-719f-4dba-8c9f-92f673fa87b7",
"target_ref": "indicator--c2cb668d-ecf5-4b02-8945-809e70013f93"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--63d58588-a887-4c44-95e8-3c556a0d1bc8",
"created": "2023-12-04T13:17:19.000Z",
"modified": "2023-12-04T13:17:19.000Z",
"relationship_type": "communicates-with",
"source_ref": "indicator--864dad3f-719f-4dba-8c9f-92f673fa87b7",
"target_ref": "indicator--d6ff3893-5b58-412d-a38f-a42ff6b55ce2"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--dc0bc7f1-bcc9-4ea2-8c49-4185334e98ae",
"created": "2023-12-04T13:17:33.000Z",
"modified": "2023-12-04T13:17:33.000Z",
"relationship_type": "communicates-with",
"source_ref": "indicator--864dad3f-719f-4dba-8c9f-92f673fa87b7",
"target_ref": "indicator--83c0441c-7262-46b2-b3e0-242171581ba0"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--0bb76f41-fa8f-467b-8f11-1727f39e2278",
"created": "2023-12-05T13:41:20.000Z",
"modified": "2023-12-05T13:41:20.000Z",
"relationship_type": "communicates-with",
"source_ref": "indicator--56678941-6891-43a3-9b44-372c1dc4acc5",
"target_ref": "indicator--c2cb668d-ecf5-4b02-8945-809e70013f93"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--01dc082d-8bb8-4902-9a5d-daf592320aba",
"created": "2023-12-05T13:41:33.000Z",
"modified": "2023-12-05T13:41:33.000Z",
"relationship_type": "communicates-with",
"source_ref": "indicator--56678941-6891-43a3-9b44-372c1dc4acc5",
"target_ref": "indicator--d6ff3893-5b58-412d-a38f-a42ff6b55ce2"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--48d9733d-a91c-4987-bba7-5937b1efba5c",
"created": "2023-12-05T13:41:45.000Z",
"modified": "2023-12-05T13:41:45.000Z",
"relationship_type": "communicates-with",
"source_ref": "indicator--56678941-6891-43a3-9b44-372c1dc4acc5",
"target_ref": "indicator--83c0441c-7262-46b2-b3e0-242171581ba0"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--481dd726-9de9-4020-8a2b-1ce343178661",
"created": "2023-12-05T13:02:42.000Z",
"modified": "2023-12-05T13:02:42.000Z",
"relationship_type": "communicates-with",
"source_ref": "indicator--a0c09246-2a75-4b64-998b-2ce88008946b",
"target_ref": "indicator--c2cb668d-ecf5-4b02-8945-809e70013f93"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--d0b18561-f4d7-49da-9e4c-6b3a94929afc",
"created": "2023-12-05T13:02:54.000Z",
"modified": "2023-12-05T13:02:54.000Z",
"relationship_type": "communicates-with",
"source_ref": "indicator--a0c09246-2a75-4b64-998b-2ce88008946b",
"target_ref": "indicator--d6ff3893-5b58-412d-a38f-a42ff6b55ce2"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--d0aeb295-0c5e-4f8f-9e5c-b9939f29f853",
"created": "2023-12-05T13:03:09.000Z",
"modified": "2023-12-05T13:03:09.000Z",
"relationship_type": "communicates-with",
"source_ref": "indicator--a0c09246-2a75-4b64-998b-2ce88008946b",
"target_ref": "indicator--83c0441c-7262-46b2-b3e0-242171581ba0"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--45eb8e38-f0df-4bee-bd36-f4e21be94915",
"created": "2023-11-30T14:54:01.000Z",
"modified": "2023-11-30T14:54:01.000Z",
"relationship_type": "communicates-with",
"source_ref": "indicator--68928c6b-59d5-4d04-a1f7-9d70b4b9f0fa",
"target_ref": "indicator--c2cb668d-ecf5-4b02-8945-809e70013f93"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--9f415eb3-ad6e-4c11-893f-3cdc1ae18e71",
"created": "2023-11-30T14:54:21.000Z",
"modified": "2023-11-30T14:54:21.000Z",
"relationship_type": "communicates-with",
"source_ref": "indicator--68928c6b-59d5-4d04-a1f7-9d70b4b9f0fa",
"target_ref": "indicator--d6ff3893-5b58-412d-a38f-a42ff6b55ce2"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--bef9fcdb-21a1-4dfb-bbd2-cc7aea749f56",
"created": "2023-11-30T14:57:20.000Z",
"modified": "2023-11-30T14:57:20.000Z",
"relationship_type": "communicates-with",
"source_ref": "indicator--68928c6b-59d5-4d04-a1f7-9d70b4b9f0fa",
"target_ref": "indicator--83c0441c-7262-46b2-b3e0-242171581ba0"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--37e042c1-4be0-496d-9dbc-8c060ccf67ad",
"created": "2023-11-30T14:57:33.000Z",
"modified": "2023-11-30T14:57:33.000Z",
"relationship_type": "communicates-with",
"source_ref": "indicator--68928c6b-59d5-4d04-a1f7-9d70b4b9f0fa",
"target_ref": "indicator--69e13243-e7e0-4726-a10a-01fd046ded89"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--3cf2989a-9849-4c07-9b6b-10c8d7d001ab",
"created": "2023-11-30T14:57:48.000Z",
"modified": "2023-11-30T14:57:48.000Z",
"relationship_type": "communicates-with",
"source_ref": "indicator--68928c6b-59d5-4d04-a1f7-9d70b4b9f0fa",
"target_ref": "indicator--a1913402-5d6f-4fd1-b158-17c06372b82e"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--86f21d9a-41b2-4764-9272-bd1bdf42666c",
"created": "2023-11-30T14:58:18.000Z",
"modified": "2023-11-30T14:58:18.000Z",
"relationship_type": "communicates-with",
"source_ref": "indicator--68928c6b-59d5-4d04-a1f7-9d70b4b9f0fa",
"target_ref": "indicator--99bd5142-86d7-44d9-a1b9-c214a5eb64f9"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--d2956e81-8bce-445a-974c-4acd6a755501",
"created": "2023-12-12T09:49:15.000Z",
"modified": "2023-12-12T09:49:15.000Z",
"relationship_type": "drops",
"source_ref": "indicator--56518dcb-1ead-4b1e-95ba-c07253f392a2",
"target_ref": "indicator--8a96e601-a86d-498e-9ea0-6d9052443f2d"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--544f7d4b-3b24-42cb-9d02-f293eb08233b",
"created": "2023-12-12T09:49:31.000Z",
"modified": "2023-12-12T09:49:31.000Z",
"relationship_type": "drops",
"source_ref": "indicator--56518dcb-1ead-4b1e-95ba-c07253f392a2",
"target_ref": "indicator--51b9a083-6bb7-453e-a3d1-70137283f004"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--757bf6f7-0026-42c9-8841-df6c97d49c9b",
"created": "2023-12-12T09:49:47.000Z",
"modified": "2023-12-12T09:49:47.000Z",
"relationship_type": "drops",
"source_ref": "indicator--56518dcb-1ead-4b1e-95ba-c07253f392a2",
"target_ref": "indicator--1ec351fd-aba4-44ce-abfc-ae24e2007297"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--c4f798f2-57df-4cbf-82b9-58a2120d512b",
"created": "2023-12-12T09:49:59.000Z",
"modified": "2023-12-12T09:49:59.000Z",
"relationship_type": "drops",
"source_ref": "indicator--56518dcb-1ead-4b1e-95ba-c07253f392a2",
"target_ref": "indicator--29908be1-f56d-4e97-9892-8830c9d29241"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--ad12dc12-dba2-4102-a524-3eae030fb998",
"created": "2023-12-12T09:50:10.000Z",
"modified": "2023-12-12T09:50:10.000Z",
"relationship_type": "drops",
"source_ref": "indicator--56518dcb-1ead-4b1e-95ba-c07253f392a2",
"target_ref": "indicator--f36ce21a-4c59-4731-9929-1af4ff97f21f"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--10a82c44-b31c-4529-8f94-b6d75397d354",
"created": "2023-12-12T09:50:23.000Z",
"modified": "2023-12-12T09:50:23.000Z",
"relationship_type": "drops",
"source_ref": "indicator--56518dcb-1ead-4b1e-95ba-c07253f392a2",
"target_ref": "indicator--8e56f0cf-4efb-4ce4-9de0-61467c133f58"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--cf5f291c-65e7-4f76-bfd0-291a684f7f5d",
"created": "2023-12-12T09:50:35.000Z",
"modified": "2023-12-12T09:50:35.000Z",
"relationship_type": "drops",
"source_ref": "indicator--56518dcb-1ead-4b1e-95ba-c07253f392a2",
"target_ref": "indicator--858c9869-c1a4-46a1-9075-cd11ead979ef"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--acbb85ec-3bb5-4d2d-9dc0-ffb5d5a69acb",
"created": "2023-12-12T09:50:47.000Z",
"modified": "2023-12-12T09:50:47.000Z",
"relationship_type": "drops",
"source_ref": "indicator--56518dcb-1ead-4b1e-95ba-c07253f392a2",
"target_ref": "indicator--3a99c93d-3e6f-492a-ae6c-b05c00c23275"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--bb81260e-9fac-4f1d-9488-7b267a559077",
"created": "2023-12-12T09:51:00.000Z",
"modified": "2023-12-12T09:51:00.000Z",
"relationship_type": "drops",
"source_ref": "indicator--56518dcb-1ead-4b1e-95ba-c07253f392a2",
"target_ref": "indicator--e14f5aa2-9045-444e-80f1-fa2ef5d0953c"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--c3185e04-cf3c-4509-92e5-5c13ca2cd0fc",
"created": "2023-12-13T09:32:34.000Z",
"modified": "2023-12-13T09:32:34.000Z",
"relationship_type": "downloads",
"source_ref": "indicator--734c8381-f0a4-4eaf-80c6-ef93743c0445",
"target_ref": "indicator--0ce35428-7b9f-4966-b5c9-915a963a2025"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--a56f8a43-4763-4fe7-9860-bad1d366a82c",
"created": "2023-12-13T09:32:49.000Z",
"modified": "2023-12-13T09:32:49.000Z",
"relationship_type": "downloads",
"source_ref": "indicator--734c8381-f0a4-4eaf-80c6-ef93743c0445",
"target_ref": "indicator--64ca88c1-8b48-43e5-b094-77cc69d934e7"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--aa027fff-e63c-402c-9929-6cdd43488a45",
"created": "2023-12-13T09:32:58.000Z",
"modified": "2023-12-13T09:32:58.000Z",
"relationship_type": "downloads",
"source_ref": "indicator--734c8381-f0a4-4eaf-80c6-ef93743c0445",
"target_ref": "indicator--91004b93-92fb-46cb-a690-ee49d550fd87"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--46275f75-80b8-4578-9fb1-87514c50c3f5",
"created": "2023-12-13T09:33:09.000Z",
"modified": "2023-12-13T09:33:09.000Z",
"relationship_type": "downloads",
"source_ref": "indicator--734c8381-f0a4-4eaf-80c6-ef93743c0445",
"target_ref": "indicator--288d3f46-333a-400f-b20d-8e742292776a"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--2aeb06be-2d23-404e-842c-e1bdf4269486",
"created": "2023-12-13T09:33:18.000Z",
"modified": "2023-12-13T09:33:18.000Z",
"relationship_type": "downloads",
"source_ref": "indicator--734c8381-f0a4-4eaf-80c6-ef93743c0445",
"target_ref": "indicator--4c20a6ae-008e-4d33-aa13-6286d7c1fc47"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--605db18e-ea9f-4765-aa0c-8081311019ae",
"created": "2023-12-12T10:41:32.000Z",
"modified": "2023-12-12T10:41:32.000Z",
"relationship_type": "drops",
"source_ref": "indicator--499f7525-508b-463d-8124-ba263c1727a5",
"target_ref": "indicator--8bd144dd-eea0-448e-87c0-67a556c36700"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--b71474d7-9336-4568-b954-54b030c82f97",
"created": "2023-12-12T10:41:48.000Z",
"modified": "2023-12-12T10:41:48.000Z",
"relationship_type": "drops",
"source_ref": "indicator--499f7525-508b-463d-8124-ba263c1727a5",
"target_ref": "indicator--3a99c93d-3e6f-492a-ae6c-b05c00c23275"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--2c15ef39-ed42-4853-8bec-3d4996bc5c6e",
"created": "2023-12-12T10:42:04.000Z",
"modified": "2023-12-12T10:42:04.000Z",
"relationship_type": "drops",
"source_ref": "indicator--499f7525-508b-463d-8124-ba263c1727a5",
"target_ref": "indicator--e14f5aa2-9045-444e-80f1-fa2ef5d0953c"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--59be2af3-6013-4317-b114-e10547ec69b5",
"created": "2023-12-12T10:43:06.000Z",
"modified": "2023-12-12T10:43:06.000Z",
"relationship_type": "drops",
"source_ref": "indicator--499f7525-508b-463d-8124-ba263c1727a5",
"target_ref": "indicator--3f3839ec-a575-4603-a292-fab98e7c6038"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--b5086870-5ea0-438f-a255-1d97b1f38f35",
"created": "2023-12-12T10:43:18.000Z",
"modified": "2023-12-12T10:43:18.000Z",
"relationship_type": "drops",
"source_ref": "indicator--499f7525-508b-463d-8124-ba263c1727a5",
"target_ref": "indicator--3f3839ec-a575-4603-a292-fab98e7c6038"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--6c929f96-cb74-4b51-bf2d-d2863141571a",
"created": "2023-12-12T10:43:52.000Z",
"modified": "2023-12-12T10:43:52.000Z",
"relationship_type": "drops",
"source_ref": "indicator--499f7525-508b-463d-8124-ba263c1727a5",
"target_ref": "indicator--657df46a-50d1-4010-b30a-a7f64574e0d9"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--3a0be396-3d3e-4e94-8b87-8655cf4904e2",
"created": "2023-12-12T10:45:36.000Z",
"modified": "2023-12-12T10:45:36.000Z",
"relationship_type": "drops",
"source_ref": "indicator--499f7525-508b-463d-8124-ba263c1727a5",
"target_ref": "indicator--8a96e601-a86d-498e-9ea0-6d9052443f2d"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--420c7e81-ebc9-404e-9500-81cae958fea4",
"created": "2023-12-12T10:52:42.000Z",
"modified": "2023-12-12T10:52:42.000Z",
"relationship_type": "drops",
"source_ref": "indicator--499f7525-508b-463d-8124-ba263c1727a5",
"target_ref": "indicator--fe41ce79-dc2a-4fc1-93e5-8e7ff38e727f"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--6f34fdef-716d-47e6-9334-3bc633a0ba05",
"created": "2023-12-12T10:52:54.000Z",
"modified": "2023-12-12T10:52:54.000Z",
"relationship_type": "drops",
"source_ref": "indicator--499f7525-508b-463d-8124-ba263c1727a5",
"target_ref": "indicator--98843b28-2cbc-4195-aced-0460e2b8d8b6"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--204b7956-44ba-4f15-b920-c5a1b34f9c38",
"created": "2023-12-12T10:53:09.000Z",
"modified": "2023-12-12T10:53:09.000Z",
"relationship_type": "drops",
"source_ref": "indicator--499f7525-508b-463d-8124-ba263c1727a5",
"target_ref": "indicator--1ec351fd-aba4-44ce-abfc-ae24e2007297"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--6c47ca88-5dad-45ac-9bee-ba52abf44c65",
"created": "2023-12-12T09:04:48.000Z",
"modified": "2023-12-12T09:04:48.000Z",
"relationship_type": "contains",
"source_ref": "indicator--4daa6a76-e7d6-4094-a9fa-fd3a36e6a9d0",
"target_ref": "indicator--cb1e3793-c635-4787-95ef-170010d073d5"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--f6c6acea-bc23-4784-93ac-0eac0be40fa1",
"created": "2023-12-12T10:25:52.000Z",
"modified": "2023-12-12T10:25:52.000Z",
"relationship_type": "contains",
"source_ref": "indicator--4daa6a76-e7d6-4094-a9fa-fd3a36e6a9d0",
"target_ref": "indicator--499f7525-508b-463d-8124-ba263c1727a5"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--0698f2ae-6531-4c05-a2da-55220ffdf1c6",
"created": "2023-12-12T09:07:17.000Z",
"modified": "2023-12-12T09:07:17.000Z",
"relationship_type": "contains",
"source_ref": "indicator--cb1e3793-c635-4787-95ef-170010d073d5",
"target_ref": "indicator--56518dcb-1ead-4b1e-95ba-c07253f392a2"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--2fe36b3f-f032-41c9-aa72-022c3df4e4dc",
"created": "2023-12-12T09:07:39.000Z",
"modified": "2023-12-12T09:07:39.000Z",
"relationship_type": "contains",
"source_ref": "indicator--cb1e3793-c635-4787-95ef-170010d073d5",
"target_ref": "indicator--734c8381-f0a4-4eaf-80c6-ef93743c0445"
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
]
}