misp-circl-feed/feeds/circl/stix-2.1/5b597959-6310-43e8-80b2-4d30950d210f.json

{
    "type": "bundle",
    "id": "bundle--5b597959-6310-43e8-80b2-4d30950d210f",
    "objects": [
        {
            "type": "identity",
            "spec_version": "2.1",
            "id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2018-07-26T13:13:44.000Z",
            "modified": "2018-07-26T13:13:44.000Z",
            "name": "CIRCL",
            "identity_class": "organization"
        },
        {
            "type": "report",
            "spec_version": "2.1",
            "id": "report--5b597959-6310-43e8-80b2-4d30950d210f",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2018-07-26T13:13:44.000Z",
            "modified": "2018-07-26T13:13:44.000Z",
            "name": "OSINT - Kronos Reborn",
            "published": "2018-07-26T13:14:29Z",
            "object_refs": [
                "x-misp-attribute--5b597e9e-b88c-4bc1-8f11-af6a950d210f",
                "observed-data--5b597ee4-7370-4258-88b5-b098950d210f",
                "url--5b597ee4-7370-4258-88b5-b098950d210f",
                "indicator--5b59c078-03e4-4a71-a48f-4503950d210f",
                "indicator--5b59c078-3b9c-4f25-9aeb-4691950d210f",
                "indicator--5b59c079-0180-477e-b041-457e950d210f",
                "indicator--5b59c079-cd18-4e05-a267-451f950d210f",
                "indicator--5b59c07a-1d28-454c-94ba-4f0f950d210f",
                "indicator--5b59c07a-8cd8-4b86-ad8e-4635950d210f",
                "indicator--5b59c07b-bb84-4c15-baa0-4135950d210f",
                "indicator--5b59c07b-09f8-4fdd-b9f2-41f3950d210f",
                "indicator--5b59c07c-c7fc-4ea5-9afe-4bd6950d210f",
                "indicator--5b59c07c-1cc4-453a-8c26-495a950d210f",
                "indicator--5b59c07d-f114-401d-af89-4f4e950d210f",
                "indicator--5b59c07d-22e0-48c4-8b04-4ec0950d210f",
                "indicator--5b59c07e-f9f4-4770-b1cc-428e950d210f",
                "indicator--5b59c07e-d050-4843-9c9a-4cba950d210f",
                "indicator--5b59c07f-d42c-469e-846a-4fa3950d210f",
                "indicator--5b59c07f-732c-4cb6-adb4-4d48950d210f",
                "indicator--5b59bea3-9a30-4e9f-b748-4239950d210f",
                "indicator--5b59beb5-0e9c-4f68-85f4-4a77950d210f",
                "indicator--5b59bef2-cdf8-40b2-8000-4298950d210f",
                "indicator--5b59bf0c-5950-4f90-9596-43da950d210f",
                "indicator--5b59bf19-3770-40b1-aa0e-4824950d210f",
                "indicator--5b59bf31-2514-482c-9f84-4a20950d210f",
                "indicator--5b59bf47-4fc4-44cc-b7bc-4967950d210f",
                "indicator--5b59c3d7-c760-41e4-9afd-40b7950d210f",
                "indicator--5b59c3e9-d500-4e86-9f7f-45f3950d210f",
                "indicator--716245aa-e298-4be6-a638-f2073e0af588",
                "x-misp-object--e3d7369a-27c2-41f0-96fc-d35aaa499890",
                "indicator--a2a94c03-111d-4ec9-a615-dfff35bc1a0d",
                "x-misp-object--823ec556-3163-4a3f-b1c2-a15ba60baee8",
                "indicator--fb02d0e7-a2f6-4398-8968-619c6a329054",
                "x-misp-object--5b3ad0ca-d0ae-4326-9bc1-889ddbafc549",
                "indicator--e935fea1-ffe1-40eb-ba18-16cc432874f8",
                "x-misp-object--df90c284-e467-445b-a51e-7837ec98db7a",
                "indicator--2238785f-23bd-467b-b588-484fba9e78f9",
                "x-misp-object--812d0386-43e0-4813-ac94-b8248cb565d5",
                "indicator--dccb7ee7-e104-44bf-8971-0e90e34d244d",
                "x-misp-object--8b19e923-dfa2-4dab-80ee-5a291ebe7b30",
                "indicator--02c92c9e-6ed0-4a26-8913-4cb0b61c6eb1",
                "x-misp-object--8c660602-2e65-4d92-82c1-9a70525e6c19",
                "relationship--a0059ae9-3479-436b-8de5-d7427751a38f",
                "relationship--72c09189-617a-4577-8baf-ee613b81e376",
                "relationship--15ec5eef-62e0-4e20-b227-fcdbaf919c31",
                "relationship--e7543c21-532b-4b83-ab54-28af2ba05e37",
                "relationship--0323fc3b-3415-4def-9f3f-a293c236914b",
                "relationship--6d8007e4-5e76-4197-b5dc-c3d842a7e4b6",
                "relationship--dd954547-2bac-473d-9aa0-e822d7312d11"
            ],
            "labels": [
                "Threat-Report",
                "misp:tool=\"MISP-STIX-Converter\"",
                "osint:source-type=\"blog-post\"",
                "misp-galaxy:tool=\"Smoke Loader\"",
                "misp-galaxy:mitre-enterprise-attack-malware=\"Smoke Loader - S0226\"",
                "misp-galaxy:banker=\"Kronos\"",
                "ms-caro-malware-full:malware-family=\"Banker\"",
                "malware_classification:malware-category=\"Trojan\""
            ],
            "object_marking_refs": [
                "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
            ]
        },
        {
            "type": "x-misp-attribute",
            "spec_version": "2.1",
            "id": "x-misp-attribute--5b597e9e-b88c-4bc1-8f11-af6a950d210f",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2018-07-26T12:20:53.000Z",
            "modified": "2018-07-26T12:20:53.000Z",
            "labels": [
                "misp:type=\"text\"",
                "misp:category=\"External analysis\"",
                "osint:source-type=\"blog-post\""
            ],
            "x_misp_category": "External analysis",
            "x_misp_type": "text",
            "x_misp_value": "The Kronos banking Trojan was first discovered in 2014 and was a steady fixture in the threat landscape for a few years before largely disappearing. Now a new variant has appeared, with at least three distinct campaigns targeting Germany, Japan, and Poland respectively, to date.\r\n\r\nIn April 2018, the first samples of a new variant of the banking Trojan appeared in the wild. The most notable new feature is that the command and control (C&C) mechanism has been refactored to use the Tor anonymizing network. There is some speculation and circumstantial evidence suggesting that this new version of Kronos has been rebranded \u00e2\u20ac\u0153Osiris\u00e2\u20ac\u009d and is being sold on underground markets. In this blog, we present information on the German, Japanese, and Polish campaigns as well as a fourth campaign that looks to be a work in progress and still being tested."
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--5b597ee4-7370-4258-88b5-b098950d210f",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2018-07-26T12:20:46.000Z",
            "modified": "2018-07-26T12:20:46.000Z",
            "first_observed": "2018-07-26T12:20:46Z",
            "last_observed": "2018-07-26T12:20:46Z",
            "number_observed": 1,
            "object_refs": [
                "url--5b597ee4-7370-4258-88b5-b098950d210f"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\"",
                "osint:source-type=\"blog-post\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--5b597ee4-7370-4258-88b5-b098950d210f",
            "value": "https://www.proofpoint.com/us/threat-insight/post/kronos-reborn"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--5b59c078-03e4-4a71-a48f-4503950d210f",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2018-07-26T12:37:12.000Z",
            "modified": "2018-07-26T12:37:12.000Z",
            "description": "Mahnung_9415171.doc payload used in German campaign",
            "pattern": "[url:value = 'https://dkb-agbs.com/25062018.exe']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2018-07-26T12:37:12Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"url\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--5b59c078-3b9c-4f25-9aeb-4691950d210f",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2018-07-26T12:37:12.000Z",
            "modified": "2018-07-26T12:37:12.000Z",
            "pattern": "[file:name = 'Mahnung_9415171.doc']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2018-07-26T12:37:12Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload delivery"
                }
            ],
            "labels": [
                "misp:type=\"filename\"",
                "misp:category=\"Payload delivery\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--5b59c079-0180-477e-b041-457e950d210f",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2018-07-26T12:37:13.000Z",
            "modified": "2018-07-26T12:37:13.000Z",
            "description": "Kronos C&C used in German campaign",
            "pattern": "[url:value = 'http://jhrppbnh4d674kzh.onion/kpanel/connect.php']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2018-07-26T12:37:13Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"url\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--5b59c079-cd18-4e05-a267-451f950d210f",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2018-07-26T12:37:13.000Z",
            "modified": "2018-07-26T12:37:13.000Z",
            "description": "Webinject C&C used in the German campaign",
            "pattern": "[url:value = 'https://startupbulawayo.website/d03ohi2e3232/']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2018-07-26T12:37:13Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"url\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--5b59c07a-1d28-454c-94ba-4f0f950d210f",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2018-07-26T12:37:14.000Z",
            "modified": "2018-07-26T12:37:14.000Z",
            "description": "Contains malicious redirect to RIG EK used in the Japan campaign",
            "pattern": "[url:value = 'http://envirodry.ca']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2018-07-26T12:37:14Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"url\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--5b59c07a-8cd8-4b86-ad8e-4635950d210f",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2018-07-26T12:37:14.000Z",
            "modified": "2018-07-26T12:37:14.000Z",
            "description": "RIG EK used in the Japan campaign",
            "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '5.23.54.158']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2018-07-26T12:37:14Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"ip-dst\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--5b59c07b-bb84-4c15-baa0-4135950d210f",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2018-07-26T12:37:15.000Z",
            "modified": "2018-07-26T12:37:15.000Z",
            "description": "SmokeLoader C&C used in the Japan campaign",
            "pattern": "[url:value = 'http://lionoi.adygeya.su']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2018-07-26T12:37:15Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"url\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--5b59c07b-09f8-4fdd-b9f2-41f3950d210f",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2018-07-26T12:37:15.000Z",
            "modified": "2018-07-26T12:37:15.000Z",
            "description": "SmokeLoader C&C used in the Japan campaign",
            "pattern": "[url:value = 'http://milliaoin.info']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2018-07-26T12:37:15Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"url\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--5b59c07c-c7fc-4ea5-9afe-4bd6950d210f",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2018-07-26T12:37:16.000Z",
            "modified": "2018-07-26T12:37:16.000Z",
            "description": "New version of Kronos download link used in the Japan campaign",
            "pattern": "[url:value = 'http://fritsy83.website/Osiris.exe']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2018-07-26T12:37:16Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"url\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--5b59c07c-1cc4-453a-8c26-495a950d210f",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2018-07-26T12:37:16.000Z",
            "modified": "2018-07-26T12:37:16.000Z",
            "description": "New version of Kronos download link used in the Japan campaign",
            "pattern": "[url:value = 'http://oo00mika84.website/Osiris_jmjp_auto2_noinj.exe']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2018-07-26T12:37:16Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"url\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--5b59c07d-f114-401d-af89-4f4e950d210f",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2018-07-26T12:37:17.000Z",
            "modified": "2018-07-26T12:37:17.000Z",
            "description": "Kronos C&C used in the Japan campaign",
            "pattern": "[url:value = 'http://jmjp2l7yqgaj5xvv.onion/kpanel/connect.php']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2018-07-26T12:37:17Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"url\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--5b59c07d-22e0-48c4-8b04-4ec0950d210f",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2018-07-26T12:37:17.000Z",
            "modified": "2018-07-26T12:37:17.000Z",
            "description": "Webinject C&C used in the Japan campaign",
            "pattern": "[url:value = 'https://kioxixu.abkhazia.su/']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2018-07-26T12:37:17Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"url\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--5b59c07e-f9f4-4770-b1cc-428e950d210f",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2018-07-26T12:37:18.000Z",
            "modified": "2018-07-26T12:37:18.000Z",
            "description": "New version of Kronos download link used in the Poland campaign",
            "pattern": "[url:value = 'http://mysit.space/123//v/0jLHzUW']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2018-07-26T12:37:18Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"url\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--5b59c07e-d050-4843-9c9a-4cba950d210f",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2018-07-26T12:37:18.000Z",
            "modified": "2018-07-26T12:37:18.000Z",
            "description": "Kronos C&C used in the Poland campaign",
            "pattern": "[url:value = 'http://suzfjfguuis326qw.onion/kpanel/connect.php']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2018-07-26T12:37:18Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"url\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--5b59c07f-d42c-469e-846a-4fa3950d210f",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2018-07-26T12:37:19.000Z",
            "modified": "2018-07-26T12:37:19.000Z",
            "description": "New version of Kronos download link used in \u00e2\u20ac\u0153Work in progress\u00e2\u20ac\u009d campaign",
            "pattern": "[url:value = 'http://gameboosts.net/app/Player_v1.02.exe']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2018-07-26T12:37:19Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"url\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--5b59c07f-732c-4cb6-adb4-4d48950d210f",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2018-07-26T12:37:19.000Z",
            "modified": "2018-07-26T12:37:19.000Z",
            "description": "Kronos C&C used in \u00e2\u20ac\u0153Work in progress\u00e2\u20ac\u009d campaign",
            "pattern": "[url:value = 'http://mysmo35wlwhrkeez.onion/kpanel/connect.php']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2018-07-26T12:37:19Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"url\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--5b59bea3-9a30-4e9f-b748-4239950d210f",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2018-07-26T12:29:23.000Z",
            "modified": "2018-07-26T12:29:23.000Z",
            "description": "used in German campaign",
            "pattern": "[file:hashes.SHA256 = 'bb308bf53944e0c7c74695095169363d1323fe9ce6c6117feda2ee429ebf530d' AND file:name = 'Mahnung_9415171.doc' AND file:x_misp_state = 'Malicious']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2018-07-26T12:29:23Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "file"
                }
            ],
            "labels": [
                "misp:name=\"file\"",
                "misp:meta-category=\"file\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--5b59beb5-0e9c-4f68-85f4-4a77950d210f",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2018-07-26T12:29:41.000Z",
            "modified": "2018-07-26T12:29:41.000Z",
            "description": "New version of Kronos used in German campaign",
            "pattern": "[file:hashes.SHA256 = '4af17e81e9badf3d03572e808e0a881f6c61969157052903cd68962b9e084177' AND file:x_misp_state = 'Malicious']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2018-07-26T12:29:41Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "file"
                }
            ],
            "labels": [
                "misp:name=\"file\"",
                "misp:meta-category=\"file\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--5b59bef2-cdf8-40b2-8000-4298950d210f",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2018-07-26T12:30:42.000Z",
            "modified": "2018-07-26T12:30:42.000Z",
            "description": "SmokeLoader used in the Japan campaign",
            "pattern": "[file:hashes.SHA256 = '3cc154a1ea3070d008c9210d31364246889a61b77ed92b733c5bf7f81e774c40' AND file:x_misp_state = 'Malicious']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2018-07-26T12:30:42Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "file"
                }
            ],
            "labels": [
                "misp:name=\"file\"",
                "misp:meta-category=\"file\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--5b59bf0c-5950-4f90-9596-43da950d210f",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2018-07-26T12:31:08.000Z",
            "modified": "2018-07-26T12:31:08.000Z",
            "description": "\u00e2\u20ac\u0153Faktura 2018.07.16.doc\u00e2\u20ac\u009d used in the Poland campaign",
            "pattern": "[file:hashes.SHA256 = '045acd6de0321223ff1f1c579c03ea47a6abd32b11d01874d1723b48525c9108' AND file:name = 'Faktura 2018.07.16.doc' AND file:x_misp_state = 'Malicious']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2018-07-26T12:31:08Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "file"
                }
            ],
            "labels": [
                "misp:name=\"file\"",
                "misp:meta-category=\"file\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--5b59bf19-3770-40b1-aa0e-4824950d210f",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2018-07-26T12:31:21.000Z",
            "modified": "2018-07-26T12:31:21.000Z",
            "description": "New version of Kronos used in the Japan campaign",
            "pattern": "[file:hashes.SHA256 = '3eb389ea6d4882b0d4a613dba89a04f4c454448ff7a60a282986bdded6750741' AND file:x_misp_state = 'Malicious']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2018-07-26T12:31:21Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "file"
                }
            ],
            "labels": [
                "misp:name=\"file\"",
                "misp:meta-category=\"file\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--5b59bf31-2514-482c-9f84-4a20950d210f",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2018-07-26T12:31:45.000Z",
            "modified": "2018-07-26T12:31:45.000Z",
            "description": "New version of Kronos used in the Poland campaign",
            "pattern": "[file:hashes.SHA256 = 'e7d3181ef643d77bb33fe328d1ea58f512b4f27c8e6ed71935a2e7548f2facc0' AND file:x_misp_state = 'Malicious']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2018-07-26T12:31:45Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "file"
                }
            ],
            "labels": [
                "misp:name=\"file\"",
                "misp:meta-category=\"file\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--5b59bf47-4fc4-44cc-b7bc-4967950d210f",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2018-07-26T12:32:07.000Z",
            "modified": "2018-07-26T12:32:07.000Z",
            "description": "New version of Kronos used in \u00e2\u20ac\u0153Work in progress\u00e2\u20ac\u009d campaign",
            "pattern": "[file:hashes.SHA256 = '93590cb4e88a5f779c5b062c9ade75f9a5239cd11b3deafb749346620c5e1218' AND file:x_misp_state = 'Malicious']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2018-07-26T12:32:07Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "file"
                }
            ],
            "labels": [
                "misp:name=\"file\"",
                "misp:meta-category=\"file\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--5b59c3d7-c760-41e4-9afd-40b7950d210f",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2018-07-26T12:51:35.000Z",
            "modified": "2018-07-26T12:51:35.000Z",
            "pattern": "[file:name = 'agb_9415166.doc' AND file:x_misp_state = 'Malicious']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2018-07-26T12:51:35Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "file"
                }
            ],
            "labels": [
                "misp:name=\"file\"",
                "misp:meta-category=\"file\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--5b59c3e9-d500-4e86-9f7f-45f3950d210f",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2018-07-26T12:51:53.000Z",
            "modified": "2018-07-26T12:51:53.000Z",
            "pattern": "[file:name = 'Mahnung_9415167.doc' AND file:x_misp_state = 'Malicious']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2018-07-26T12:51:53Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "file"
                }
            ],
            "labels": [
                "misp:name=\"file\"",
                "misp:meta-category=\"file\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--716245aa-e298-4be6-a638-f2073e0af588",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2018-07-26T13:13:19.000Z",
            "modified": "2018-07-26T13:13:19.000Z",
            "pattern": "[file:hashes.MD5 = '0248465d9edd866d7d8929af1f9685b4' AND file:hashes.SHA1 = '00135cbca3057dced3f9b6305a5645b92ba4cc0f' AND file:hashes.SHA256 = '3cc154a1ea3070d008c9210d31364246889a61b77ed92b733c5bf7f81e774c40']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2018-07-26T13:13:19Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "file"
                }
            ],
            "labels": [
                "misp:name=\"file\"",
                "misp:meta-category=\"file\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "x-misp-object",
            "spec_version": "2.1",
            "id": "x-misp-object--e3d7369a-27c2-41f0-96fc-d35aaa499890",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2018-07-26T13:13:18.000Z",
            "modified": "2018-07-26T13:13:18.000Z",
            "labels": [
                "misp:name=\"virustotal-report\"",
                "misp:meta-category=\"misc\""
            ],
            "x_misp_attributes": [
                {
                    "type": "datetime",
                    "object_relation": "last-submission",
                    "value": "2018-07-26T00:33:17",
                    "category": "Other",
                    "uuid": "51255631-b21f-4261-ada2-7ca685b3ed85"
                },
                {
                    "type": "link",
                    "object_relation": "permalink",
                    "value": "https://www.virustotal.com/file/3cc154a1ea3070d008c9210d31364246889a61b77ed92b733c5bf7f81e774c40/analysis/1532565197/",
                    "category": "External analysis",
                    "uuid": "680b979e-19fc-4a05-b706-c9031fc50a65"
                },
                {
                    "type": "text",
                    "object_relation": "detection-ratio",
                    "value": "51/67",
                    "category": "Other",
                    "uuid": "ade9ad59-02f1-438b-87c2-7d19be304bb6"
                }
            ],
            "x_misp_meta_category": "misc",
            "x_misp_name": "virustotal-report"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--a2a94c03-111d-4ec9-a615-dfff35bc1a0d",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2018-07-26T13:13:22.000Z",
            "modified": "2018-07-26T13:13:22.000Z",
            "pattern": "[file:hashes.MD5 = 'a301ee7f1cdb9b1f71deda6c29bb0a32' AND file:hashes.SHA1 = '8d6bc587e3abfcfd6b4a771c85a8af90f528d2c7' AND file:hashes.SHA256 = '3eb389ea6d4882b0d4a613dba89a04f4c454448ff7a60a282986bdded6750741']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2018-07-26T13:13:22Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "file"
                }
            ],
            "labels": [
                "misp:name=\"file\"",
                "misp:meta-category=\"file\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "x-misp-object",
            "spec_version": "2.1",
            "id": "x-misp-object--823ec556-3163-4a3f-b1c2-a15ba60baee8",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2018-07-26T13:13:20.000Z",
            "modified": "2018-07-26T13:13:20.000Z",
            "labels": [
                "misp:name=\"virustotal-report\"",
                "misp:meta-category=\"misc\""
            ],
            "x_misp_attributes": [
                {
                    "type": "datetime",
                    "object_relation": "last-submission",
                    "value": "2018-07-26T00:37:33",
                    "category": "Other",
                    "uuid": "f224913c-b4e7-49e3-9834-f4faac6a3c75"
                },
                {
                    "type": "link",
                    "object_relation": "permalink",
                    "value": "https://www.virustotal.com/file/3eb389ea6d4882b0d4a613dba89a04f4c454448ff7a60a282986bdded6750741/analysis/1532565453/",
                    "category": "External analysis",
                    "uuid": "4fa5dab3-b72e-4426-bea1-fb759d9aa71f"
                },
                {
                    "type": "text",
                    "object_relation": "detection-ratio",
                    "value": "48/67",
                    "category": "Other",
                    "uuid": "b5e75892-ebc1-4a65-aa68-601fc9df3dcc"
                }
            ],
            "x_misp_meta_category": "misc",
            "x_misp_name": "virustotal-report"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--fb02d0e7-a2f6-4398-8968-619c6a329054",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2018-07-26T13:13:24.000Z",
            "modified": "2018-07-26T13:13:24.000Z",
            "pattern": "[file:hashes.MD5 = 'b2ddd1a228db47234dad1fb164573d82' AND file:hashes.SHA1 = '7fd8631ab719eca44457630014674a95bc431b91' AND file:hashes.SHA256 = 'bb308bf53944e0c7c74695095169363d1323fe9ce6c6117feda2ee429ebf530d']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2018-07-26T13:13:24Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "file"
                }
            ],
            "labels": [
                "misp:name=\"file\"",
                "misp:meta-category=\"file\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "x-misp-object",
            "spec_version": "2.1",
            "id": "x-misp-object--5b3ad0ca-d0ae-4326-9bc1-889ddbafc549",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2018-07-26T13:13:22.000Z",
            "modified": "2018-07-26T13:13:22.000Z",
            "labels": [
                "misp:name=\"virustotal-report\"",
                "misp:meta-category=\"misc\""
            ],
            "x_misp_attributes": [
                {
                    "type": "datetime",
                    "object_relation": "last-submission",
                    "value": "2018-07-26T01:29:15",
                    "category": "Other",
                    "uuid": "dff34f97-1b1d-491b-865e-64884359e723"
                },
                {
                    "type": "link",
                    "object_relation": "permalink",
                    "value": "https://www.virustotal.com/file/bb308bf53944e0c7c74695095169363d1323fe9ce6c6117feda2ee429ebf530d/analysis/1532568555/",
                    "category": "External analysis",
                    "uuid": "3d44fe98-1dac-4ea3-b4d9-cd70307f0786"
                },
                {
                    "type": "text",
                    "object_relation": "detection-ratio",
                    "value": "35/60",
                    "category": "Other",
                    "uuid": "202c5da7-96a7-42b0-a002-f403095b9dcb"
                }
            ],
            "x_misp_meta_category": "misc",
            "x_misp_name": "virustotal-report"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--e935fea1-ffe1-40eb-ba18-16cc432874f8",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2018-07-26T13:13:26.000Z",
            "modified": "2018-07-26T13:13:26.000Z",
            "pattern": "[file:hashes.MD5 = 'd475c84d99c2bf461c294d75769b7707' AND file:hashes.SHA1 = 'aecaf84953641d835e7c754f559fc555169d8aec' AND file:hashes.SHA256 = '045acd6de0321223ff1f1c579c03ea47a6abd32b11d01874d1723b48525c9108']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2018-07-26T13:13:26Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "file"
                }
            ],
            "labels": [
                "misp:name=\"file\"",
                "misp:meta-category=\"file\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "x-misp-object",
            "spec_version": "2.1",
            "id": "x-misp-object--df90c284-e467-445b-a51e-7837ec98db7a",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2018-07-26T13:13:25.000Z",
            "modified": "2018-07-26T13:13:25.000Z",
            "labels": [
                "misp:name=\"virustotal-report\"",
                "misp:meta-category=\"misc\""
            ],
            "x_misp_attributes": [
                {
                    "type": "datetime",
                    "object_relation": "last-submission",
                    "value": "2018-07-26T00:38:31",
                    "category": "Other",
                    "uuid": "5678e189-dcf2-4434-8f88-9313120fd768"
                },
                {
                    "type": "link",
                    "object_relation": "permalink",
                    "value": "https://www.virustotal.com/file/045acd6de0321223ff1f1c579c03ea47a6abd32b11d01874d1723b48525c9108/analysis/1532565511/",
                    "category": "External analysis",
                    "uuid": "b3f70f28-c3cd-41ef-88f6-36ce3cebe80c"
                },
                {
                    "type": "text",
                    "object_relation": "detection-ratio",
                    "value": "35/60",
                    "category": "Other",
                    "uuid": "77caf24b-6b28-4ed6-8d35-e773b7793f1d"
                }
            ],
            "x_misp_meta_category": "misc",
            "x_misp_name": "virustotal-report"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--2238785f-23bd-467b-b588-484fba9e78f9",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2018-07-26T13:13:29.000Z",
            "modified": "2018-07-26T13:13:29.000Z",
            "pattern": "[file:hashes.MD5 = '5e6764534b3a1e4d3abacc4810b6985d' AND file:hashes.SHA1 = 'f10ad287f126f577f197070453812a7e88c2cc52' AND file:hashes.SHA256 = 'e7d3181ef643d77bb33fe328d1ea58f512b4f27c8e6ed71935a2e7548f2facc0']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2018-07-26T13:13:29Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "file"
                }
            ],
            "labels": [
                "misp:name=\"file\"",
                "misp:meta-category=\"file\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "x-misp-object",
            "spec_version": "2.1",
            "id": "x-misp-object--812d0386-43e0-4813-ac94-b8248cb565d5",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2018-07-26T13:13:27.000Z",
            "modified": "2018-07-26T13:13:27.000Z",
            "labels": [
                "misp:name=\"virustotal-report\"",
                "misp:meta-category=\"misc\""
            ],
            "x_misp_attributes": [
                {
                    "type": "datetime",
                    "object_relation": "last-submission",
                    "value": "2018-07-26T09:13:49",
                    "category": "Other",
                    "uuid": "b1d7c0e1-f10b-43cb-ace4-1ce0276e6da5"
                },
                {
                    "type": "link",
                    "object_relation": "permalink",
                    "value": "https://www.virustotal.com/file/e7d3181ef643d77bb33fe328d1ea58f512b4f27c8e6ed71935a2e7548f2facc0/analysis/1532596429/",
                    "category": "External analysis",
                    "uuid": "63646768-523d-40d4-8ce0-4c25dd4bd7b6"
                },
                {
                    "type": "text",
                    "object_relation": "detection-ratio",
                    "value": "46/66",
                    "category": "Other",
                    "uuid": "69d98df9-22d5-4184-bec4-65ab26cb4def"
                }
            ],
            "x_misp_meta_category": "misc",
            "x_misp_name": "virustotal-report"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--dccb7ee7-e104-44bf-8971-0e90e34d244d",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2018-07-26T13:13:31.000Z",
            "modified": "2018-07-26T13:13:31.000Z",
            "pattern": "[file:hashes.MD5 = '820d3fb49af10fa714c4bdd5745d865b' AND file:hashes.SHA1 = '49b42b7ed9c3db0b1a4d45e37e4a6bc2b8079ff6' AND file:hashes.SHA256 = '93590cb4e88a5f779c5b062c9ade75f9a5239cd11b3deafb749346620c5e1218']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2018-07-26T13:13:31Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "file"
                }
            ],
            "labels": [
                "misp:name=\"file\"",
                "misp:meta-category=\"file\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "x-misp-object",
            "spec_version": "2.1",
            "id": "x-misp-object--8b19e923-dfa2-4dab-80ee-5a291ebe7b30",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2018-07-26T13:13:30.000Z",
            "modified": "2018-07-26T13:13:30.000Z",
            "labels": [
                "misp:name=\"virustotal-report\"",
                "misp:meta-category=\"misc\""
            ],
            "x_misp_attributes": [
                {
                    "type": "datetime",
                    "object_relation": "last-submission",
                    "value": "2018-07-26T10:11:06",
                    "category": "Other",
                    "uuid": "5fa195bf-7dd4-44d9-afe7-37503dd49378"
                },
                {
                    "type": "link",
                    "object_relation": "permalink",
                    "value": "https://www.virustotal.com/file/93590cb4e88a5f779c5b062c9ade75f9a5239cd11b3deafb749346620c5e1218/analysis/1532599866/",
                    "category": "External analysis",
                    "uuid": "2f69c414-6dbe-4eed-90b1-2737b06676eb"
                },
                {
                    "type": "text",
                    "object_relation": "detection-ratio",
                    "value": "29/67",
                    "category": "Other",
                    "uuid": "702d3ac7-5146-4cc5-a11a-a4341696d973"
                }
            ],
            "x_misp_meta_category": "misc",
            "x_misp_name": "virustotal-report"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--02c92c9e-6ed0-4a26-8913-4cb0b61c6eb1",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2018-07-26T13:13:34.000Z",
            "modified": "2018-07-26T13:13:34.000Z",
            "pattern": "[file:hashes.MD5 = '17903c3d83125a5fc3e3f77d8a775bfe' AND file:hashes.SHA1 = '91da487143d931e00e935245e698ea2a582871e4' AND file:hashes.SHA256 = '4af17e81e9badf3d03572e808e0a881f6c61969157052903cd68962b9e084177']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2018-07-26T13:13:34Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "file"
                }
            ],
            "labels": [
                "misp:name=\"file\"",
                "misp:meta-category=\"file\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "x-misp-object",
            "spec_version": "2.1",
            "id": "x-misp-object--8c660602-2e65-4d92-82c1-9a70525e6c19",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2018-07-26T13:13:32.000Z",
            "modified": "2018-07-26T13:13:32.000Z",
            "labels": [
                "misp:name=\"virustotal-report\"",
                "misp:meta-category=\"misc\""
            ],
            "x_misp_attributes": [
                {
                    "type": "datetime",
                    "object_relation": "last-submission",
                    "value": "2018-07-26T07:37:11",
                    "category": "Other",
                    "uuid": "34bd7968-4830-4d15-8875-ddd51c4c740f"
                },
                {
                    "type": "link",
                    "object_relation": "permalink",
                    "value": "https://www.virustotal.com/file/4af17e81e9badf3d03572e808e0a881f6c61969157052903cd68962b9e084177/analysis/1532590631/",
                    "category": "External analysis",
                    "uuid": "fcaa4c90-8b64-40b0-89ec-57b498f2aa8b"
                },
                {
                    "type": "text",
                    "object_relation": "detection-ratio",
                    "value": "41/66",
                    "category": "Other",
                    "uuid": "f3ebb8a4-7d00-49ad-ae82-0d93cb2fd3e9"
                }
            ],
            "x_misp_meta_category": "misc",
            "x_misp_name": "virustotal-report"
        },
        {
            "type": "relationship",
            "spec_version": "2.1",
            "id": "relationship--a0059ae9-3479-436b-8de5-d7427751a38f",
            "created": "2018-07-26T13:13:33.000Z",
            "modified": "2018-07-26T13:13:33.000Z",
            "relationship_type": "analysed-with",
            "source_ref": "indicator--716245aa-e298-4be6-a638-f2073e0af588",
            "target_ref": "x-misp-object--e3d7369a-27c2-41f0-96fc-d35aaa499890"
        },
        {
            "type": "relationship",
            "spec_version": "2.1",
            "id": "relationship--72c09189-617a-4577-8baf-ee613b81e376",
            "created": "2018-07-26T13:13:33.000Z",
            "modified": "2018-07-26T13:13:33.000Z",
            "relationship_type": "analysed-with",
            "source_ref": "indicator--a2a94c03-111d-4ec9-a615-dfff35bc1a0d",
            "target_ref": "x-misp-object--823ec556-3163-4a3f-b1c2-a15ba60baee8"
        },
        {
            "type": "relationship",
            "spec_version": "2.1",
            "id": "relationship--15ec5eef-62e0-4e20-b227-fcdbaf919c31",
            "created": "2018-07-26T13:13:33.000Z",
            "modified": "2018-07-26T13:13:33.000Z",
            "relationship_type": "analysed-with",
            "source_ref": "indicator--fb02d0e7-a2f6-4398-8968-619c6a329054",
            "target_ref": "x-misp-object--5b3ad0ca-d0ae-4326-9bc1-889ddbafc549"
        },
        {
            "type": "relationship",
            "spec_version": "2.1",
            "id": "relationship--e7543c21-532b-4b83-ab54-28af2ba05e37",
            "created": "2018-07-26T13:13:33.000Z",
            "modified": "2018-07-26T13:13:33.000Z",
            "relationship_type": "analysed-with",
            "source_ref": "indicator--e935fea1-ffe1-40eb-ba18-16cc432874f8",
            "target_ref": "x-misp-object--df90c284-e467-445b-a51e-7837ec98db7a"
        },
        {
            "type": "relationship",
            "spec_version": "2.1",
            "id": "relationship--0323fc3b-3415-4def-9f3f-a293c236914b",
            "created": "2018-07-26T13:13:33.000Z",
            "modified": "2018-07-26T13:13:33.000Z",
            "relationship_type": "analysed-with",
            "source_ref": "indicator--2238785f-23bd-467b-b588-484fba9e78f9",
            "target_ref": "x-misp-object--812d0386-43e0-4813-ac94-b8248cb565d5"
        },
        {
            "type": "relationship",
            "spec_version": "2.1",
            "id": "relationship--6d8007e4-5e76-4197-b5dc-c3d842a7e4b6",
            "created": "2018-07-26T13:13:33.000Z",
            "modified": "2018-07-26T13:13:33.000Z",
            "relationship_type": "analysed-with",
            "source_ref": "indicator--dccb7ee7-e104-44bf-8971-0e90e34d244d",
            "target_ref": "x-misp-object--8b19e923-dfa2-4dab-80ee-5a291ebe7b30"
        },
        {
            "type": "relationship",
            "spec_version": "2.1",
            "id": "relationship--dd954547-2bac-473d-9aa0-e822d7312d11",
            "created": "2018-07-26T13:13:33.000Z",
            "modified": "2018-07-26T13:13:33.000Z",
            "relationship_type": "analysed-with",
            "source_ref": "indicator--02c92c9e-6ed0-4a26-8913-4cb0b61c6eb1",
            "target_ref": "x-misp-object--8c660602-2e65-4d92-82c1-9a70525e6c19"
        },
        {
            "type": "marking-definition",
            "spec_version": "2.1",
            "id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
            "created": "2017-01-20T00:00:00.000Z",
            "definition_type": "tlp",
            "name": "TLP:WHITE",
            "definition": {
                "tlp": "white"
            }
        }
    ]
}