misp-circl-feed/feeds/circl/stix-2.1/5aaa8a97-0cac-48bd-877a-41b5950d210f.json

6923 lines
618 KiB
JSON
Raw Normal View History

2023-04-21 14:44:17 +00:00
{
"type": "bundle",
"id": "bundle--5aaa8a97-0cac-48bd-877a-41b5950d210f",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-20T20:07:59.000Z",
"modified": "2018-03-20T20:07:59.000Z",
"name": "CIRCL",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--5aaa8a97-0cac-48bd-877a-41b5950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-20T20:07:59.000Z",
"modified": "2018-03-20T20:07:59.000Z",
"name": "OSINT - Alert (TA18-074A) Russian Government Cyber Activity Targeting Energy and Other Critical Infrastructure Sectors",
"published": "2018-03-20T20:08:07Z",
"object_refs": [
"observed-data--5aaa8b2c-9870-4e66-8b85-42df950d210f",
"url--5aaa8b2c-9870-4e66-8b85-42df950d210f",
"indicator--5aab8032-4d74-4135-881e-4dd3950d210f",
"indicator--5aab8032-65bc-4a14-bd0d-4706950d210f",
"indicator--5aab8032-2648-489a-b335-4a84950d210f",
"indicator--5aab8033-dce8-4863-a177-44a5950d210f",
"indicator--5aab8033-99c0-44a2-ad2e-4965950d210f",
"indicator--5aab8034-c1e0-406f-914b-4829950d210f",
"indicator--5aab8034-2124-459a-9f15-41e3950d210f",
"indicator--5aab8034-583c-4daf-afdf-4ce4950d210f",
"indicator--5aab8035-5834-4055-9ecd-4604950d210f",
"indicator--5aab8035-0e5c-4488-bdfd-4eed950d210f",
"indicator--5aab8036-1270-45b5-8a8a-4b09950d210f",
"indicator--5aab8036-0898-4514-87cb-4dec950d210f",
"indicator--5aab8036-1c10-4eb6-a9c5-4ed2950d210f",
"observed-data--5aabb437-d698-4ee1-911a-38bc950d210f",
"file--5aabb437-d698-4ee1-911a-38bc950d210f",
"artifact--5aabb437-d698-4ee1-911a-38bc950d210f",
"observed-data--5aaf6851-39f8-4366-8927-4a0a950d210f",
"url--5aaf6851-39f8-4366-8927-4a0a950d210f",
"observed-data--5aaf6851-376c-45b2-a61b-4317950d210f",
"url--5aaf6851-376c-45b2-a61b-4317950d210f",
"observed-data--5aaf6851-027c-4060-a698-46d7950d210f",
"url--5aaf6851-027c-4060-a698-46d7950d210f",
"observed-data--5aaf6851-342c-4497-9963-47dc950d210f",
"url--5aaf6851-342c-4497-9963-47dc950d210f",
"observed-data--5aaf6851-1a5c-4917-b05f-4794950d210f",
"url--5aaf6851-1a5c-4917-b05f-4794950d210f",
"observed-data--5aaf6851-c720-4ff2-968d-4a0d950d210f",
"url--5aaf6851-c720-4ff2-968d-4a0d950d210f",
"observed-data--5aaf6851-71f0-4809-a12d-40ea950d210f",
"url--5aaf6851-71f0-4809-a12d-40ea950d210f",
"observed-data--5aaf6851-1874-46fe-b7dc-45e3950d210f",
"url--5aaf6851-1874-46fe-b7dc-45e3950d210f",
"observed-data--5aaf6851-19b4-4d1d-ac9a-4b86950d210f",
"url--5aaf6851-19b4-4d1d-ac9a-4b86950d210f",
"observed-data--5aaf6851-87d4-41cf-8a05-4918950d210f",
"url--5aaf6851-87d4-41cf-8a05-4918950d210f",
"observed-data--5aaf6851-839c-43aa-ae8b-455e950d210f",
"url--5aaf6851-839c-43aa-ae8b-455e950d210f",
"observed-data--5aaf6851-18a8-4952-80ce-4007950d210f",
"url--5aaf6851-18a8-4952-80ce-4007950d210f",
"observed-data--5aaf6851-5cb4-4aaf-b026-4e97950d210f",
"url--5aaf6851-5cb4-4aaf-b026-4e97950d210f",
"observed-data--5aaf6851-d9c8-469a-b348-42ab950d210f",
"url--5aaf6851-d9c8-469a-b348-42ab950d210f",
"indicator--5aaf7073-dc2c-4e31-82a8-4a41950d210f",
"indicator--5aaf982c-1118-489e-b7ff-4f4d950d210f",
"indicator--5aaf9cab-e298-487c-9dda-4755950d210f",
"indicator--5aaf9cab-f820-4bf0-bbb6-4b9c950d210f",
"indicator--5aaf9cac-325c-458d-bb6b-47de950d210f",
"indicator--5aaf9cd4-e97c-4b38-8307-467b950d210f",
"indicator--5aaf9cd5-4b70-40d6-bf68-4d34950d210f",
"indicator--5aaf9cd5-e9c8-420a-9778-4268950d210f",
"observed-data--5aaf9ddc-77ec-45d3-a654-4526950d210f",
"file--5aaf9ddc-77ec-45d3-a654-4526950d210f",
"artifact--5aaf9ddc-77ec-45d3-a654-4526950d210f",
"indicator--5aafa25c-ed90-4c3b-b416-440d950d210f",
"indicator--5aafa25c-30fc-40eb-948c-4f24950d210f",
"indicator--5aafa25d-ae18-45ba-ad07-49cc950d210f",
"indicator--5aafa25d-5abc-4c94-91df-45dd950d210f",
"indicator--5aafa25e-ad70-436d-8a73-4bc1950d210f",
"indicator--5aafa25e-fd58-4bc0-b276-471b950d210f",
"indicator--5aafa25f-e520-4a9c-a67c-43e3950d210f",
"indicator--5aafa25f-c14c-47e8-b2d0-443f950d210f",
"indicator--5aafa25f-5158-45ad-968a-4ba1950d210f",
"indicator--5aafa260-a274-4dfd-8438-47bb950d210f",
"indicator--5aafb4a2-c004-4745-81c5-4a39950d210f",
"indicator--5aafb4a3-d350-4081-b38e-44ee950d210f",
"indicator--5aafb4a3-adf0-464b-824a-4414950d210f",
"indicator--5aafb4a4-9098-4ae9-ac4e-4faf950d210f",
"indicator--5aafcf32-a0d0-472c-ad6d-47d6950d210f",
"indicator--5aafcf32-0a20-4249-a2ed-42ac950d210f",
"indicator--5aafcf33-d740-4658-9a3a-4593950d210f",
"indicator--5aafcf33-5330-452f-89ce-4fa3950d210f",
"indicator--5aafcf33-13b0-4998-9fd7-4bcd950d210f",
"indicator--5aafcf34-5978-47ac-99e3-48ca950d210f",
"indicator--5aafcf49-00b4-494e-991b-4089950d210f",
"indicator--5ab0b986-831c-4e6a-b8eb-4034950d210f",
"indicator--5ab0b9a7-7e68-4a8b-8381-4d90950d210f",
"indicator--5ab0b9bd-c70c-4f9b-892c-4455950d210f",
"indicator--5ab0b9d5-57e8-46be-a71b-4f02950d210f",
"indicator--5ab0b9e6-07f8-4b37-82dd-4ff1950d210f",
"indicator--5ab0bb05-aeb8-4762-a58b-42a7950d210f",
"observed-data--5ab0bd04-6bd0-4e34-9a8b-40b0950d210f",
"windows-registry-key--5ab0bd04-6bd0-4e34-9a8b-40b0950d210f",
"observed-data--5ab0bd04-aa44-47e9-807e-4899950d210f",
"windows-registry-key--5ab0bd04-aa44-47e9-807e-4899950d210f",
"observed-data--5ab0bd05-daf0-4b0f-b50a-4ce2950d210f",
"windows-registry-key--5ab0bd05-daf0-4b0f-b50a-4ce2950d210f",
"observed-data--5ab0bd05-d250-4e32-8805-4fbd950d210f",
"windows-registry-key--5ab0bd05-d250-4e32-8805-4fbd950d210f",
"observed-data--5ab0bd06-0ac0-4069-9545-4f16950d210f",
"windows-registry-key--5ab0bd06-0ac0-4069-9545-4f16950d210f",
"observed-data--5ab0bd06-a30c-46f0-9311-4ec2950d210f",
"windows-registry-key--5ab0bd06-a30c-46f0-9311-4ec2950d210f",
"observed-data--5ab0bd06-b0c8-4bfb-8db2-4b0d950d210f",
"windows-registry-key--5ab0bd06-b0c8-4bfb-8db2-4b0d950d210f",
"observed-data--5ab0bd07-7ffc-4f86-b728-462e950d210f",
"windows-registry-key--5ab0bd07-7ffc-4f86-b728-462e950d210f",
"observed-data--5ab0be76-d008-415c-b8b4-45b7950d210f",
"windows-registry-key--5ab0be76-d008-415c-b8b4-45b7950d210f",
"indicator--5ab0c9fd-d968-4d33-95f2-48c6950d210f",
"indicator--5ab0c9fe-b52c-447c-89db-4450950d210f",
"indicator--5ab0c9fe-0458-4fa9-a611-4deb950d210f",
"indicator--5ab0c9fe-51c0-4a4a-8d15-420b950d210f",
"indicator--5ab0c9ff-2d9c-484f-ab37-486a950d210f",
"indicator--5ab0c9ff-5138-4e91-80db-40e2950d210f",
"indicator--5ab0c9ff-0e68-4bb8-93fe-42fb950d210f",
"indicator--5ab0ca00-4fe4-4625-8105-45a4950d210f",
"indicator--5ab0ca00-9b98-4190-b87c-4e7b950d210f",
"indicator--5ab0ca6e-ecb0-4544-8ce9-4e11950d210f",
"indicator--5ab0ca6e-b890-4400-a29c-4f52950d210f",
"indicator--5aab7c2b-3394-4760-97a3-4343950d210f",
"indicator--5aab7c75-a4b8-4062-ba32-47ea950d210f",
"indicator--5aab7cc4-3de4-4beb-937b-460e950d210f",
"indicator--5aab7d70-a138-4131-9843-466d950d210f",
"indicator--5aab7e3e-425c-4c16-850e-4251950d210f",
"indicator--5aab7e5b-5de0-4266-90c3-4131950d210f",
"indicator--5aab7ece-54c4-4627-b9f3-4eee950d210f",
"indicator--5aab7efd-30a0-467e-b13e-448f950d210f",
"indicator--5aab7f0e-d540-40a3-b119-4cf3950d210f",
"indicator--5aab7f21-1d04-4b67-97ad-4e8b950d210f",
"indicator--5aab7f33-5c08-4572-9b7e-4961950d210f",
"indicator--b9b261fe-ac0d-4eaa-bc84-91ee824ca271",
"x-misp-object--52fdb810-ffc9-4914-a550-f04c633a6914",
"indicator--d603127a-dca4-4067-9982-fbf3c37e55b2",
"x-misp-object--7970257f-14eb-43dc-bd7f-5cab16a9baf3",
"indicator--bf47e63b-3eb3-4434-ae79-81368e8f4084",
"x-misp-object--9ff8d207-0de1-4965-836f-b1226b92c8f6",
"indicator--5aaf6f7d-5698-489d-9b33-4c5c950d210f",
"indicator--5aaf6fb7-2d4c-48f6-a5a6-4936950d210f",
"indicator--5aaf6fc9-3500-45cd-8315-42e1950d210f",
"indicator--5aaf6fdc-d6d0-4c8d-aec4-485d950d210f",
"indicator--5aaf6ff0-8384-42d9-a402-4107950d210f",
"indicator--5aaf7025-6398-4599-869d-4abb950d210f",
"indicator--5aaf7035-27fc-4569-ba36-4e69950d210f",
"indicator--5aaf7051-9700-436b-8bec-4598950d210f",
"indicator--5aaf9a4a-3250-4b88-bbe1-4834950d210f",
"indicator--5aaf9c9e-bd24-4ade-b019-45ab950d210f",
"indicator--5aafbc42-27c4-4a0f-bf40-4f01950d210f",
"indicator--5aafc6e9-77f8-4860-bb6b-430e950d210f",
"indicator--5aafc7a7-dc20-4498-a53b-4202950d210f",
"indicator--5aafcfda-50d0-446b-8591-4212950d210f",
"indicator--5aafd016-ae84-45c4-b14f-43a6950d210f",
"indicator--5aafd060-eb10-4e15-84cf-40ca950d210f",
"indicator--5aafd146-b384-4965-9fd3-46a9950d210f",
"indicator--5aafd2b1-0b34-4136-9ee8-4e7b950d210f",
"indicator--5aafd4cf-7630-4d4b-ba7e-474b950d210f",
"indicator--5aafd4e4-32ec-4efd-8e1c-4f87950d210f",
"indicator--5aafd4f9-e618-456b-b1b2-495d950d210f",
"indicator--5aafd80c-ddd8-4fb3-ab18-4df7950d210f",
"indicator--5aafd820-7680-4d33-b9b3-49a2950d210f",
"indicator--5aafd832-89d8-4f6d-9075-4b79950d210f",
"indicator--5aafd853-4398-4544-bb59-47d7950d210f",
"indicator--5aafd892-9f98-41a5-b34d-4ba3950d210f",
"indicator--5aafd8ad-f9b0-4f8c-b332-4ce3950d210f",
"indicator--5aafd8be-76e4-4c72-b99b-400f950d210f",
"x-misp-object--68aa5eb6-0404-4285-b4b9-3f6bd1ac804c",
"indicator--ee89f074-993e-4d98-ab7e-bf03843107c1",
"x-misp-object--60e4dfd5-2356-436c-b272-ed04a971d8a9",
"indicator--f813c138-e77b-46f1-96dd-e7379a6aeb0a",
"x-misp-object--d80c3aaa-a450-4349-9cc8-59ff3e6e8334",
"x-misp-object--a5cf7d41-3fd8-4f9e-8efa-17f99229ab80",
"x-misp-object--db67a0ca-ab6e-4d10-ba16-96b2c18ef120",
"x-misp-object--c90cf7a2-c522-4055-a791-65fe451876bc",
"x-misp-object--a8098016-54d1-4580-9c9c-0f774f7e5e71",
"x-misp-object--4e6ace53-c11b-490e-85cd-9b18d139fd3b",
"x-misp-object--174f8d3f-dc51-4988-bcf3-ca5b2afea2b9",
"x-misp-object--a466a89c-d8ef-4782-8897-f0b39085bf55",
"indicator--5ab0b706-4d88-4569-94fb-4661950d210f",
"indicator--5ab0b73f-8870-4960-8a24-46ec950d210f",
"indicator--5ab0b750-2024-42d7-b8dc-4058950d210f",
"indicator--5ab0b762-6fec-47d5-85a8-44c2950d210f",
"indicator--5ab0b77e-2250-48df-a9a7-48e3950d210f",
"indicator--5ab0b78e-6180-4143-bcfa-422a950d210f",
"indicator--5ab0b7ae-8d44-48c7-908f-409c950d210f",
"indicator--5ab0b7c6-0ecc-4b84-aacf-44a2950d210f",
"indicator--5ab0b7d7-7530-4c12-9360-4d17950d210f",
"indicator--5ab0b7e9-12cc-49c0-8673-4e90950d210f",
"indicator--5ab0b7fb-c138-4d71-914f-4317950d210f",
"indicator--5ab0b80c-f79c-4c30-a9d9-4e52950d210f",
"indicator--5ab0b819-f650-498e-8a51-46d8950d210f",
"indicator--5ab0b8a0-36e0-4917-a97c-4fc2950d210f",
"indicator--5ab0b8b1-9700-4b9d-9c32-453d950d210f",
"indicator--5ab0b8c4-8ed0-450a-946a-4ed6950d210f",
"indicator--5ab0b8d7-c5e4-4619-98b1-4440950d210f",
"indicator--5ab0b8e6-7054-49c9-8240-4c8d950d210f",
"indicator--5ab0b8f8-4c70-4a36-8577-46a9950d210f",
"indicator--5ab0b908-ba78-4823-8e63-460d950d210f",
"indicator--5ab0b917-4c34-4939-99f3-44a3950d210f",
"indicator--5ab0b927-621c-4f5d-a42c-4751950d210f",
"indicator--5ab0b938-b34c-4237-845e-4521950d210f",
"indicator--5ab0c6cb-e050-4cff-be31-4b78950d210f",
"indicator--817e8e7e-d4e7-4d2b-8f02-03c20544d73a",
"x-misp-object--f11d0914-a6a8-43e8-b34b-e9b56d9ccda5",
"indicator--ed4e8187-7d82-43a5-ae76-c7457f3a3858",
"x-misp-object--2a950e9f-1c9e-4125-bf95-c935bf9096b6",
"indicator--91368a58-21e1-420a-9d26-97e0385d5748",
"x-misp-object--62b12042-f234-4857-9d1b-721399c22094",
"indicator--dc3dc085-889d-438e-b1a2-d37315215674",
"x-misp-object--7716d649-a1a1-46f5-b491-ed742857eb80",
"indicator--15fc0f64-5c84-4c0c-972e-d7cfbc940bb5",
"x-misp-object--2a28b918-0b88-4f5f-9084-202f5324905b",
"indicator--36581bf5-7984-4225-9f75-b9ae6c3a895d",
"x-misp-object--78564b68-ca38-4f83-8610-0780016cc9c6",
"indicator--26df7c7f-c892-4128-a50f-3dfacc30e475",
"x-misp-object--c526bab4-b450-4b9b-a857-d625ca2b9df4",
"indicator--e96ec051-cdad-45ba-b7ed-278e1fbf1c0d",
"x-misp-object--9ae0d6cc-6be6-4cf7-ae00-bf9836bc7347",
"indicator--eb510916-5440-457d-8b5a-2e67dbd8f5c8",
"x-misp-object--b3c5a480-22df-4ca6-a89d-67ab89e1ef8e",
"indicator--769ce047-ff32-42fa-aca3-aa3f3cd47615",
"x-misp-object--38489708-7681-4bf1-b940-d0497914665d",
"x-misp-object--a377dd67-a104-4cf0-a517-c6a7aa915ec7",
"x-misp-object--fa75388a-9fbe-4682-82db-1a02068aac41",
"x-misp-object--da511a48-fb7c-48e9-af7b-87959d26df32",
"x-misp-object--43871de9-0fbb-4042-979d-c05a03f7591b",
"x-misp-object--e5412ec5-9117-48af-ad6a-302b656170d5",
"x-misp-object--eed7ce27-e8b2-4d01-bf3b-8540ba85e2c6",
"x-misp-object--cced1e71-a4a2-4b3f-9dba-4e0d6f790640",
"x-misp-object--31025798-921f-4e1f-94ad-160e77001592",
"x-misp-object--c4f3b65c-59cf-439d-845e-e1e147898568",
"x-misp-object--dbf7cd6d-1439-4c5c-990a-cd5af23dea49",
"x-misp-object--5aab8a40-e18c-4560-ac9b-4e12950d210f",
"x-misp-object--5aab8b85-d4b4-4c9a-a26f-4bfd950d210f",
"x-misp-object--5aab8bf6-1b00-4a4e-98fc-0bd1950d210f",
"x-misp-object--5aab8c8a-e97c-4431-af73-4776950d210f",
"x-misp-object--5aab91aa-635c-4a4f-872f-4190950d210f",
"x-misp-object--5aab91de-98e8-400c-a319-4045950d210f",
"x-misp-object--5aab9268-8cb4-4684-9bcd-44e4950d210f",
"x-misp-object--5aab92c6-8684-42c3-8984-411c950d210f",
"x-misp-object--5aab92f3-a7f8-4912-a0ce-4c01950d210f",
"x-misp-object--5aab9379-a5d0-4403-8e3c-4ec0950d210f",
"x-misp-object--5aabe1e5-11e8-44c8-a00f-6dc8950d210f",
"x-misp-object--5aabe215-add8-476f-86ee-c0c7950d210f",
"x-misp-object--5aabe27a-e1ac-45f6-bf89-edc1950d210f",
"x-misp-object--5aabe29d-7114-4661-8dc7-eda9950d210f",
"x-misp-object--5aabe2be-9a78-4ad8-ae9c-38bc950d210f",
"relationship--3320cc47-a8d0-4efb-b3d2-4cb6c5247617",
"relationship--aecfff8f-9a11-4712-ae00-bda086f7452e",
"relationship--3717b79c-5889-4104-b6cd-860b916429ee",
"relationship--544d5b69-e045-4b8c-bc39-9f2c58a0c2ea",
"relationship--a0fb44e7-057e-4f81-b4d2-7e760104d80e",
"relationship--bbdfe547-c244-4915-b8b3-7c91b3afceb5",
"relationship--8e7d0d52-1924-4f25-9adf-ad1be0f556b9",
"relationship--9affc325-d70f-4a5b-825f-9a56a1268b8c",
"relationship--b82f1947-8904-479b-9ae0-dc7e08bbb5f8",
"relationship--e6f47723-24ca-4cc1-9719-3084115f4d96",
"relationship--3ed63f32-6db7-407e-aaac-b5e5a5a10d35",
"relationship--f70562b1-778a-4f2f-8d32-dd65cbb65b40",
"relationship--f77cbb8b-8bb7-4f9b-9b8f-faf0fa817dc9",
"relationship--572952c0-b963-4328-98a4-62aa6bf9ca38",
"relationship--b8d56d1c-35fd-4441-aa4f-073f3b6b3d1b",
"relationship--bd16590e-5e24-4bc8-9cff-e1a161e2b8d1",
"relationship--73176cdb-9ab5-456c-9807-71a7ecfb9679",
"relationship--f6aae0cb-e0b9-4713-8c5d-86f4d718dd8f",
"relationship--05d33806-6ec7-4c6d-b331-d971af093c78",
"relationship--2be40a15-dd63-4118-9298-f4e85392d5e2",
"relationship--62a34b7c-1ea8-4063-bde1-ae9ab7f117f3",
"relationship--63e580c9-140f-4e02-b7dc-4c57818df84a",
"relationship--fac0a7bf-bf78-4685-8b61-7e1ff9a01815",
"relationship--027e9e08-27b7-4480-bfca-91165650d1fa",
"relationship--80792e3d-ed41-49ee-afea-7e2b9ff68703",
"relationship--fcab7f7e-6dd0-4d17-bd19-ed78fb48cf05",
"relationship--eacf6f5f-f002-483d-9ce9-a0299a0d2aa3",
"relationship--2ec97fb3-5ea3-48d5-9053-6a290d55de91",
"relationship--8e8cfc5f-d0ee-45a3-9765-823e92a75995",
"relationship--4584a40b-3342-407a-96e1-942fcf493919",
"relationship--d1560ed9-6eee-428c-b020-fd0cb7d2a56c",
"relationship--aa40b1e8-d9d7-4fbb-ba93-b92fc071d8d2",
"relationship--a7c508f9-8a4e-448c-b76a-a35ca966f186",
"relationship--797d5d14-21f8-45bc-9fd8-598819f71da9",
"relationship--440cbee9-12c3-4e9d-a708-acd49740dd04",
"relationship--193fc0f5-3030-499e-b8d6-46832254c253",
"relationship--0ecaa41d-26d4-4927-a932-17e3140217e4",
"relationship--f770f880-28c0-4e4d-9dc9-2f7bcf36311f",
"relationship--2e21006c-5f14-4b2b-9fe7-ec98258616f2",
"relationship--36aedde6-660f-4319-affa-69f3f93c19fe",
"relationship--c9d0fb17-1102-4f2b-9dc1-2b3709d29714",
"relationship--91ce199e-bb3f-4ee7-ad47-1f8cc8384745",
"relationship--fb3cbb87-5270-4b65-81a0-2425a7a2598e",
"relationship--6d5fce30-b01b-4486-8ea9-797150145319",
"relationship--b5d7e92c-2abd-4f12-aa8d-4d4a95688429",
"relationship--3c2e75c4-ff8e-4827-94b5-8a651047c620",
"relationship--7779d01b-8db6-4c8d-9c08-757a56dea184",
"relationship--1afb1681-1f93-448f-915d-e35225e957b8",
"relationship--40cc07ab-4647-44a8-8be7-ef01cbed307d",
"relationship--983707d2-1d24-46e0-a206-9a8265196a88",
"relationship--786826dc-d4a1-4dd3-af05-95d721d2febc",
"relationship--b4a2e6e6-e3e7-4da9-a8be-e2cddb7929d0",
"relationship--5e62ee25-c319-4a02-9392-ba874da07e3c",
"relationship--53936b4a-c0b3-409f-9208-543c015b52ac",
"relationship--0a2e9b63-13eb-4098-af3a-63e997c8d3b4",
"relationship--f7d300fa-7865-4303-8978-3afa5cd9c1be",
"relationship--f8120248-4093-4f17-b467-cb8eda5c6bee",
"relationship--81d70ae3-e4b3-477e-bef0-cee43fa2c984",
"relationship--d10a9a66-31c3-4221-bcf1-cb7b3fce0157",
"relationship--3e036413-f8d9-4b1f-b92f-50ccd9a9da33",
"relationship--9afa0b3b-cb8a-4410-ab42-72089b5258dd",
"relationship--6f2b5833-3ab6-459e-925a-26030b41eb23",
"relationship--0fae3d0a-77cf-4737-bb58-c5f1e4acc739",
"relationship--ab9e96f6-b20e-46a7-aad3-f18ed945e299",
"relationship--4e110927-1c13-4906-80ba-c7471eaad1da",
"relationship--a1ae2d46-3f2d-45a7-a94d-5a85ba6f4ebe",
"relationship--94dbdfcd-dea9-4031-b9ee-f8230c47114c",
"relationship--c9f77d08-1b3b-4b16-9545-118414234485",
"relationship--bbc75a36-1796-4670-8694-c95042eb9ac9",
"relationship--ba119a89-50c0-4eca-b1fe-ded72cd4b4e2",
"relationship--dca951c4-9306-4ca3-ad13-f1fae9a6cf9b",
"relationship--7bf09607-898b-4746-b1bd-c8d218d21e62",
"relationship--f374b129-f5c7-4c9b-8170-96e0c36b7775",
"relationship--402296f7-41ed-43bc-a4ab-4f6530490ab2",
"relationship--6e46da2d-42a5-4ce3-9bca-92515d206bd3",
"relationship--eb2c2d08-60bb-4037-87a7-97608d8ebc2d",
"relationship--fab2732c-116f-4455-bd0e-2ec17b5a88c9",
"relationship--8208cc5c-d913-4e9d-8bf5-94ba85f71a67",
"relationship--6339191e-1779-4486-ae19-0f72f3d36ee3",
"relationship--bbcc595a-e548-41d3-b89f-e0f1fbdab8fa",
"relationship--e7fe9af0-88bd-4ba6-af6f-922b46f74687",
"relationship--4c2f41b4-ff6b-41fd-9d42-a38af937e5f9",
"relationship--fa74ffd3-1ee0-4968-b9a6-2f545fc97108",
"relationship--465b2a67-44a8-4f06-b7b5-4e6e143f86ca",
"relationship--c10437db-cf95-4684-8250-362689e9f3a8"
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"osint:source-type=\"technical-report\""
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5aaa8b2c-9870-4e66-8b85-42df950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-20T18:49:51.000Z",
"modified": "2018-03-20T18:49:51.000Z",
"first_observed": "2018-03-20T18:49:51Z",
"last_observed": "2018-03-20T18:49:51Z",
"number_observed": 1,
"object_refs": [
"url--5aaa8b2c-9870-4e66-8b85-42df950d210f"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\"",
"osint:source-type=\"technical-report\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5aaa8b2c-9870-4e66-8b85-42df950d210f",
"value": "https://www.us-cert.gov/ncas/alerts/TA18-074A"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5aab8032-4d74-4135-881e-4dd3950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-20T18:49:51.000Z",
"modified": "2018-03-20T18:49:51.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '187.130.251.249']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-03-20T18:49:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5aab8032-65bc-4a14-bd0d-4706950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-20T18:49:52.000Z",
"modified": "2018-03-20T18:49:52.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '184.154.150.66']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-03-20T18:49:52Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5aab8032-2648-489a-b335-4a84950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-20T18:49:52.000Z",
"modified": "2018-03-20T18:49:52.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '2.229.10.193']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-03-20T18:49:52Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5aab8033-dce8-4863-a177-44a5950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-20T18:49:53.000Z",
"modified": "2018-03-20T18:49:53.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '41.78.157.34']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-03-20T18:49:53Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5aab8033-99c0-44a2-ad2e-4965950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-20T18:49:53.000Z",
"modified": "2018-03-20T18:49:53.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '176.53.11.130']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-03-20T18:49:53Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5aab8034-c1e0-406f-914b-4829950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-20T18:49:54.000Z",
"modified": "2018-03-20T18:49:54.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '82.222.188.18']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-03-20T18:49:54Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5aab8034-2124-459a-9f15-41e3950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-20T18:49:54.000Z",
"modified": "2018-03-20T18:49:54.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '130.25.10.158']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-03-20T18:49:54Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5aab8034-583c-4daf-afdf-4ce4950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-20T18:49:55.000Z",
"modified": "2018-03-20T18:49:55.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '41.205.61.221']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-03-20T18:49:55Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5aab8035-5834-4055-9ecd-4604950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-20T18:49:55.000Z",
"modified": "2018-03-20T18:49:55.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '5.150.143.107']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-03-20T18:49:55Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5aab8035-0e5c-4488-bdfd-4eed950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-20T18:49:56.000Z",
"modified": "2018-03-20T18:49:56.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '193.213.49.115']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-03-20T18:49:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5aab8036-1270-45b5-8a8a-4b09950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-20T18:49:56.000Z",
"modified": "2018-03-20T18:49:56.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '195.87.199.197']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-03-20T18:49:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5aab8036-0898-4514-87cb-4dec950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-20T18:49:57.000Z",
"modified": "2018-03-20T18:49:57.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '167.114.44.147']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-03-20T18:49:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5aab8036-1c10-4eb6-a9c5-4ed2950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-20T18:49:57.000Z",
"modified": "2018-03-20T18:49:57.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '5.153.58.45']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-03-20T18:49:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5aabb437-d698-4ee1-911a-38bc950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-20T18:49:58.000Z",
"modified": "2018-03-20T18:49:58.000Z",
"first_observed": "2018-03-20T18:49:58Z",
"last_observed": "2018-03-20T18:49:58Z",
"number_observed": 1,
"object_refs": [
"file--5aabb437-d698-4ee1-911a-38bc950d210f",
"artifact--5aabb437-d698-4ee1-911a-38bc950d210f"
],
"labels": [
"misp:type=\"attachment\"",
"misp:category=\"External analysis\""
]
},
{
"type": "file",
"spec_version": "2.1",
"id": "file--5aabb437-d698-4ee1-911a-38bc950d210f",
"name": "Svcsrv.bat_screenshot.png",
"content_ref": "artifact--5aabb437-d698-4ee1-911a-38bc950d210f"
},
{
"type": "artifact",
"spec_version": "2.1",
"id": "artifact--5aabb437-d698-4ee1-911a-38bc950d210f",
"payload_bin": "iVBORw0KGgoAAAANSUhEUgAAAlgAAAC/CAYAAAAiuKLPAAAABHNCSVQICAgIfAhkiAAAIABJREFUeJzMvXWclNXbwP29e3JnZme76C5FSkUJARUxsAuxO7BFAbswsBMTFQvjUX52YP3sTjp22d6dzjveP2Z3mR12kXie932vz2c5c99z4jrXufqcMwiTZ19rffXV15imSkoHTXWRTOlIioJhGSBYIJiACYhgyYDUVuqIQhKBNDsNlrTzbQFLsHapvWiZ3X2T8yzkDCyCYLaNn91HTjsrp12n79vaC13gYOWO3w0eW+GZ21cOfXLGEs3uxvm/B0sAQxByptSGT8f820sh5317J+ZWFNgBDEDQ2Zpm2ePmNtny3hREEIS2umZGVizaPrf3aea0y56fiYiJkMWDQu56dbTaGkdDAEMQu0W1M7TjkT0XkCyRnRUhCwGQsRAx29ewK14GaJuj1DZWZkwx87eVjGzn+G2yY3U35r+AYJkIGF3Sdgvk8lv2+gvogrx1nR2CHHnsBhehCz1lCSJYYoYPdxZyadddX+3jt5eCiWhl+DWbf6yt9FMWrlu9FBFNiZ2lnyWYIKS7XP+teVrc6n1G/7C1St1uMBEtCwGzo1+xjT+yu7Ta3hjtKkwAU6CtrY7QblthG3q/DbL0ioWMgQa021BrS52OeebwV7f6q+v6Wyaxo0ri32VSREfAQEBnZ+YPIhZyJ/3Rrj9z5ajdSuTyZ5d8uZ0gWiaKaWCTYry7fAmVxRpGLIBdVbCSGR9J3oKY2Yn42zlEG9K7IuC7ZuDNnVSuAKK1DQJv0zGiA28rWzgyX3RZb0u/Yk5Vky5dBKEbqd9qjbaXIbeuL1rdK8T/N2DXXGNod2rM7RDmbUNXNOyGrl3yi9n5847wpCV2ZrVuHP7u3Uhh+wjZDZ/v2vqLHUOLFlucrO0GMzP3XUAhE97snA4RhUwP5jbplyv3W5DdJb33/1ew2Ho9uqGPKYBkdg4JutOnXes4EAQLMHYC0XYHq+u+xa3mIHaM2fGqDbNdAyHDB239mm0fxByadRh4oW1EK2O7RMQ2RNrx216eEv8P+G9XabGjIAJG2zx2fP7Qpr+y27Tpz1yeaNdzW/GnJe6E3spAptm2eVfedvTWVa9mm/PRPhF52/X/FXa1/c4zhSmQWZBsg7iVIOZmUroAwdwOxyenX6stctheY/yvGa0OU7cFp0545I5jtkW+/18aieyouDtHt5s2iJkvhRQIO6egM9mTtgj6X4OLLqSwO0PUTfTY1fgZ4c51urenbRfjdgk5mauuFP8uODhie8bu38bvAizBxBKMXQiSREDZjrXrBjMBsEDcKorvArY5xv+eYWo3DLl6OdcwdJXR2iWwxK1VCVnP3TgsxlYGcTvXQsgQ35BSXQy4vdC+bluPaeauVye92/7O6ghydw6yjHN7Bqs9S7WVgW/jt5xsvQkgSDvAw9IW3W5lzz07NSfm1NkCXTsT2fYvp69uIde+dNFXFnTnZxiCRGZHbCfmD207aVkgdC0/3Tn4u2L/2nNl2wJZsDKpLqst1dmOWNfbBu3bhDlYCvIWIdzRMnvrp91R2ZGSXdlibBMwgRzHSszBU8h6zh6/nVtzjdS22ufW307r1iHI2eOTM042U0lbtqw64Z07X3H7cegWrIziEnawRAT0XRtatHLmtYOloZChVftUuuKzbtp30NzK+tz+t53QzkP/q3xNlqLMTf+LZLY22rYIyN2i3ZExMvmjDimw2ma+A/2Z4g5m/DqBCGabHO6M/mgz0GaXAVIOdJLXbCb4fzvqz0C7w7Wz0XfXnW5PpQz/dAo8u8q2b5P+bXXaA6NdWf9OTgZbHKhO8syWuXUyqjsoq93h0O5kWlm9tY0vWgJmh75r45tOelClg57bq7c6cO/CudohyNZvnTr/X4Zt0bjdQdqF+bfjn0Xnbh2qTvX4F72/7dIU/l3+ZKHNsersM5l0S2yrbWPAys6AmFlCsyNljlOzw2WuI7ODZTbe2QucbXS28nJzM1pWF/1uqz2d8f5XxjI7P29Fhxya5s4vd9zs+kBHBmenoV1JiTteCl057N1BW6WOCLR97doctZ3iv7boqav1+Dc6t+PQaX8k9/vsL7sy4tm4Z5Wdqmxjbaysv1wjlbP+Yse/mTGFDj7tOgOwfZDjUO6gsc9sD+YGJzvcwZY57Kj+ADqc2e3FYStF2310/n8BXW+H7sL4W/FkN311ktFsnukiENgu+reNJYi5ne8AtK19pz32HH3aVYY2O5i22vXRzgzf7lzlGustVcwO+5il7zrm3Q5d0TBXpnLWyWrL5FjdOPnbu66dMlG7wsed2+bKhNCFPWo/Q4iws/PPHjvXrnQHuQEC28mvXZTWv++cyJlDthknK9PSzMpebXm3Bb22DBfCTp67yIZsA2vuZJlloHe07PQ5q7+tcuLd4Nlpi4uc9u3QRr9sRsmuL/wb/jn1t5p/bv2c9+2LKXTxfacIYCdKsp47BGIHyraDk12a9048mF1rixdjApgyiO2CuqMZjG3R79/o3I6bteWiRHsGq21emYOsdD4A3sEjXfSVq4T+TbayDcRWGbDOVIN2Vmg/jZA5/2F29LMTZdvH7Gy3KLDlTFMX+LcHkB3YWdCxRbBL67cT+gP+fZytaN6Zf8U2PSBYIpawo+XW3e8c7GSAk9U2d6s3W8Q7RtkqAOhmAttF/3aQ2elAOXvA7MCrk13oQuY64fl/BLlyLeSU2fzXjluuHekyaGpv0/6cZosbt+OBktiV3tmCOeJOnVHKda7aZcZCyM6UWSYd2ef2Z9iB+Zvd2xey6ma/26reLvgf2wFy+7Zg5qi18C83ijLeciZuFBEw6IigdwIyC7ez52c6euF/LQLveEdWn+1lG56dTyQjknsLLdfTzsVtC7HMf7Wg27OIOcTfisFy+8jFVei8hjtSdmyPbR+z5ULmFlJ3bf+lT0vMKBVLa6u6MwbGZMstwm6YeFvRkJUzB8ts8x4yzx35oq1uPrbNcKsbqFv3v5Wv3x2OFmTf9BLbOhA61oksxypTZtLcu7D+7bKz1U207IetZdPqiABFMNsziDvjYJlktph3UYd0KE6ri7IbENodq8yaC208tEPlNrrf3ttN7Q5eBna0pIOOnVnM3HI8iS3r1SlY6Nhi+Tc57W6SbTJoKey8/tZBSNOR5YctfbWP27EF3x0OO6e7OtpbkL1FuAWLbJnbgo65VbCdiw9bIpDs77rUsSZiBx/S+WB/dhBDdiJkSz8iWc5PFyAKtOfYu4SuWnY+YtROgy0OlZjl8JiIiFb2JaWdmL9lgJB9USw3M5Urx+26ub3NznvZIvpWlxlyQRYtE4G2v5yfTMhsVbZPzMoYkzaD0h61i7vApO1mLRPV7ngE2D7NnVewJplzAGbO8SARwTLanoWsoEnsVC8zg9xr3v/mYG2RAhMRK/uQXreR87bo24WXv5WX3JUD2abErazIZweNrGhlGRhLwNrBMhsykZK5jdJsywiJbarZxLTkrOv+O1O20UpoPweW7YBlzXUbUUd7JndL5a3vNLZfw+64sde2zmJ7BNZN9x1uWvv3HRmr3FpZ1hCjQzaFNmWekdcMfkJHmwxGGSd1J9e/TW+IVkZCOg6Nt2PWaaumaxBNsQvluJ2lYCJhsGvn+LL73BFnP0MEAToMh8kOlt0mgAQEy8zSi1nYZjk5W3SvhYDRRurtL7d0LHYY2nbnO6Pn2ta13ZkVcpwsgPYguxNFt9Crq62hDN0sLCQsS2JnMi/tuAqC3jGnLW8BS+jQbxmZMbJ+zsLIVuI7Dx2O+RZbKFhiR8CV+RmGLeRpz2hbHQFZm71trye00b1NrrbYnXY+aLM/neTYYIveal/TrCCyzYZn1q0t09VuX6zMOnR7INzqvKOV6/RvS2Iy/JIJ8LY4XW382taf1FZPaJ/nTsxfbMvgmVn6teN8okUnh07o0ItWm4OVwWJnuSDzEyXb9n1EQ0+jJxMU5vuoKC9DTyURTAs9nUaWZYjF8Pl80NhE7z49cdhtyIKInk5iV0TyXXby7AqylaaypAAjEUG20ng
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5aaf6851-39f8-4366-8927-4a0a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-20T18:49:58.000Z",
"modified": "2018-03-20T18:49:58.000Z",
"first_observed": "2018-03-20T18:49:58Z",
"last_observed": "2018-03-20T18:49:58Z",
"number_observed": 1,
"object_refs": [
"url--5aaf6851-39f8-4366-8927-4a0a950d210f"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\"",
"osint:source-type=\"technical-report\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5aaf6851-39f8-4366-8927-4a0a950d210f",
"value": "https://www.us-cert.gov/sites/default/files/publications/TA18-074A_WHITE.csv"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5aaf6851-376c-45b2-a61b-4317950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-20T18:49:59.000Z",
"modified": "2018-03-20T18:49:59.000Z",
"first_observed": "2018-03-20T18:49:59Z",
"last_observed": "2018-03-20T18:49:59Z",
"number_observed": 1,
"object_refs": [
"url--5aaf6851-376c-45b2-a61b-4317950d210f"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\"",
"osint:source-type=\"technical-report\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5aaf6851-376c-45b2-a61b-4317950d210f",
"value": "https://www.us-cert.gov/sites/default/files/publications/TA18-074A_WHITE_STIX.xml"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5aaf6851-027c-4060-a698-46d7950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-20T18:49:59.000Z",
"modified": "2018-03-20T18:49:59.000Z",
"first_observed": "2018-03-20T18:49:59Z",
"last_observed": "2018-03-20T18:49:59Z",
"number_observed": 1,
"object_refs": [
"url--5aaf6851-027c-4060-a698-46d7950d210f"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\"",
"osint:source-type=\"technical-report\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5aaf6851-027c-4060-a698-46d7950d210f",
"value": "https://www.us-cert.gov/sites/default/files/publications/MIFR-10127623_TLP_WHITE.pdf"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5aaf6851-342c-4497-9963-47dc950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-20T18:50:00.000Z",
"modified": "2018-03-20T18:50:00.000Z",
"first_observed": "2018-03-20T18:50:00Z",
"last_observed": "2018-03-20T18:50:00Z",
"number_observed": 1,
"object_refs": [
"url--5aaf6851-342c-4497-9963-47dc950d210f"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\"",
"osint:source-type=\"technical-report\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5aaf6851-342c-4497-9963-47dc950d210f",
"value": "https://www.us-cert.gov/sites/default/files/publications/MIFR-10127623_TLP_WHITE_stix.xml"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5aaf6851-1a5c-4917-b05f-4794950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-20T18:50:00.000Z",
"modified": "2018-03-20T18:50:00.000Z",
"first_observed": "2018-03-20T18:50:00Z",
"last_observed": "2018-03-20T18:50:00Z",
"number_observed": 1,
"object_refs": [
"url--5aaf6851-1a5c-4917-b05f-4794950d210f"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\"",
"osint:source-type=\"technical-report\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5aaf6851-1a5c-4917-b05f-4794950d210f",
"value": "https://www.us-cert.gov/sites/default/files/publications/MIFR-10128327_TLP_WHITE.pdf"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5aaf6851-c720-4ff2-968d-4a0d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-20T18:50:01.000Z",
"modified": "2018-03-20T18:50:01.000Z",
"first_observed": "2018-03-20T18:50:01Z",
"last_observed": "2018-03-20T18:50:01Z",
"number_observed": 1,
"object_refs": [
"url--5aaf6851-c720-4ff2-968d-4a0d950d210f"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\"",
"osint:source-type=\"technical-report\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5aaf6851-c720-4ff2-968d-4a0d950d210f",
"value": "https://www.us-cert.gov/sites/default/files/publications/MIFR-10128327_TLP_WHITE_stix.xml"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5aaf6851-71f0-4809-a12d-40ea950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-20T18:50:01.000Z",
"modified": "2018-03-20T18:50:01.000Z",
"first_observed": "2018-03-20T18:50:01Z",
"last_observed": "2018-03-20T18:50:01Z",
"number_observed": 1,
"object_refs": [
"url--5aaf6851-71f0-4809-a12d-40ea950d210f"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\"",
"osint:source-type=\"technical-report\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5aaf6851-71f0-4809-a12d-40ea950d210f",
"value": "https://www.us-cert.gov/sites/default/files/publications/MIFR-10128336_TLP_WHITE.pdf"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5aaf6851-1874-46fe-b7dc-45e3950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-20T18:50:03.000Z",
"modified": "2018-03-20T18:50:03.000Z",
"first_observed": "2018-03-20T18:50:03Z",
"last_observed": "2018-03-20T18:50:03Z",
"number_observed": 1,
"object_refs": [
"url--5aaf6851-1874-46fe-b7dc-45e3950d210f"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\"",
"osint:source-type=\"technical-report\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5aaf6851-1874-46fe-b7dc-45e3950d210f",
"value": "https://www.us-cert.gov/sites/default/files/publications/MIFR-10128336_TLP_WHITE_stix.xml"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5aaf6851-19b4-4d1d-ac9a-4b86950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-20T18:50:03.000Z",
"modified": "2018-03-20T18:50:03.000Z",
"first_observed": "2018-03-20T18:50:03Z",
"last_observed": "2018-03-20T18:50:03Z",
"number_observed": 1,
"object_refs": [
"url--5aaf6851-19b4-4d1d-ac9a-4b86950d210f"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\"",
"osint:source-type=\"technical-report\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5aaf6851-19b4-4d1d-ac9a-4b86950d210f",
"value": "https://www.us-cert.gov/sites/default/files/publications/MIFR-10128830_TLP_WHITE.pdf"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5aaf6851-87d4-41cf-8a05-4918950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-20T18:50:04.000Z",
"modified": "2018-03-20T18:50:04.000Z",
"first_observed": "2018-03-20T18:50:04Z",
"last_observed": "2018-03-20T18:50:04Z",
"number_observed": 1,
"object_refs": [
"url--5aaf6851-87d4-41cf-8a05-4918950d210f"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\"",
"osint:source-type=\"technical-report\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5aaf6851-87d4-41cf-8a05-4918950d210f",
"value": "https://www.us-cert.gov/sites/default/files/publications/MIFR-10128830_TLP_WHITE_stix.xml"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5aaf6851-839c-43aa-ae8b-455e950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-20T18:50:04.000Z",
"modified": "2018-03-20T18:50:04.000Z",
"first_observed": "2018-03-20T18:50:04Z",
"last_observed": "2018-03-20T18:50:04Z",
"number_observed": 1,
"object_refs": [
"url--5aaf6851-839c-43aa-ae8b-455e950d210f"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\"",
"osint:source-type=\"technical-report\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5aaf6851-839c-43aa-ae8b-455e950d210f",
"value": "https://www.us-cert.gov/sites/default/files/publications/MIFR-10128883_TLP_WHITE.pdf"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5aaf6851-18a8-4952-80ce-4007950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-20T18:50:05.000Z",
"modified": "2018-03-20T18:50:05.000Z",
"first_observed": "2018-03-20T18:50:05Z",
"last_observed": "2018-03-20T18:50:05Z",
"number_observed": 1,
"object_refs": [
"url--5aaf6851-18a8-4952-80ce-4007950d210f"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\"",
"osint:source-type=\"technical-report\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5aaf6851-18a8-4952-80ce-4007950d210f",
"value": "https://www.us-cert.gov/sites/default/files/publications/MIFR-10128883_TLP_WHITE_stix.xml"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5aaf6851-5cb4-4aaf-b026-4e97950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-20T18:50:05.000Z",
"modified": "2018-03-20T18:50:05.000Z",
"first_observed": "2018-03-20T18:50:05Z",
"last_observed": "2018-03-20T18:50:05Z",
"number_observed": 1,
"object_refs": [
"url--5aaf6851-5cb4-4aaf-b026-4e97950d210f"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\"",
"osint:source-type=\"technical-report\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5aaf6851-5cb4-4aaf-b026-4e97950d210f",
"value": "https://www.us-cert.gov/sites/default/files/publications/MIFR-10135300_TLP_WHITE.pdf"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5aaf6851-d9c8-469a-b348-42ab950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-20T18:50:06.000Z",
"modified": "2018-03-20T18:50:06.000Z",
"first_observed": "2018-03-20T18:50:06Z",
"last_observed": "2018-03-20T18:50:06Z",
"number_observed": 1,
"object_refs": [
"url--5aaf6851-d9c8-469a-b348-42ab950d210f"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\"",
"osint:source-type=\"technical-report\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5aaf6851-d9c8-469a-b348-42ab950d210f",
"value": "https://www.us-cert.gov/sites/default/files/publications/MIFR-10135300_TLP_WHITE_stix.xml"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5aaf7073-dc2c-4e31-82a8-4a41950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-20T18:50:06.000Z",
"modified": "2018-03-20T18:50:06.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '62.8.193.206']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-03-20T18:50:06Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5aaf982c-1118-489e-b7ff-4f4d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-20T18:50:07.000Z",
"modified": "2018-03-20T18:50:07.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '91.183.104.150']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-03-20T18:50:07Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5aaf9cab-e298-487c-9dda-4755950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-20T18:50:07.000Z",
"modified": "2018-03-20T18:50:07.000Z",
"pattern": "[domain-name:value = 'bit.ly']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-03-20T18:50:07Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5aaf9cab-f820-4bf0-bbb6-4b9c950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-20T18:50:08.000Z",
"modified": "2018-03-20T18:50:08.000Z",
"pattern": "[domain-name:value = 'tinyurl.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-03-20T18:50:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5aaf9cac-325c-458d-bb6b-47de950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-20T18:50:08.000Z",
"modified": "2018-03-20T18:50:08.000Z",
"pattern": "[domain-name:value = 'imageliners.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-03-20T18:50:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5aaf9cd4-e97c-4b38-8307-467b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-20T18:50:09.000Z",
"modified": "2018-03-20T18:50:09.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '67.199.248.10']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-03-20T18:50:09Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5aaf9cd5-4b70-40d6-bf68-4d34950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-20T18:50:09.000Z",
"modified": "2018-03-20T18:50:09.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '104.20.219.42']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-03-20T18:50:09Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5aaf9cd5-e9c8-420a-9778-4268950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-20T18:50:10.000Z",
"modified": "2018-03-20T18:50:10.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '192.81.76.117']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-03-20T18:50:10Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5aaf9ddc-77ec-45d3-a654-4526950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-20T18:50:10.000Z",
"modified": "2018-03-20T18:50:10.000Z",
"first_observed": "2018-03-20T18:50:10Z",
"last_observed": "2018-03-20T18:50:10Z",
"number_observed": 1,
"object_refs": [
"file--5aaf9ddc-77ec-45d3-a654-4526950d210f",
"artifact--5aaf9ddc-77ec-45d3-a654-4526950d210f"
],
"labels": [
"misp:type=\"attachment\"",
"misp:category=\"Payload delivery\""
]
},
{
"type": "file",
"spec_version": "2.1",
"id": "file--5aaf9ddc-77ec-45d3-a654-4526950d210f",
"name": "document.png",
"content_ref": "artifact--5aaf9ddc-77ec-45d3-a654-4526950d210f"
},
{
"type": "artifact",
"spec_version": "2.1",
"id": "artifact--5aaf9ddc-77ec-45d3-a654-4526950d210f",
"payload_bin": "iVBORw0KGgoAAAANSUhEUgAAAlgAAAHYCAYAAACRPpaZAAAABHNCSVQICAgIfAhkiAAAIABJREFUeJzsvWmsJOd57/ervbp6Pd1nP2c2coaLZrjYpkia1mLL0dWNryUZ+qDIjh0lMSTDuXYQ2EiCGImhDxJkIPlgGAhwE8sXN4Fi+SoG5FzDjiXRkWRJtCiKErfhLBzOdva196693nyoft/pGZHTktvHh5LPIxzV8PSprqq3lvdf/+f//B/t0vZF0ZiZpRl1SbKMmlsmDXycIKPuFOnsdKjNzOEPBvSiBLdUpugV2VzfZW6mThD2ECLG8zzSNGVvb49isUihUCBNU/r9PsVikX6/T7lcpt/vU5uaIgwCwjAEQNM0hBBEUYSmaei6jmVZCCGI45h6vU6/3yeKIiqVitpOo9Gg1WoxPT1Nt9tFCAFAoVDAcV3W19aoVCoA6LoOQJZlZFmmtmuaJkII2u02C0tL7O3sYNs2lmUxGAwwTRPP89jf31fH6HkenU6HarXKYDAgiiJqtRq9Xk+tNzU1RRAExHE+Nt1uV31XFEV0u10Mw8CyLBzHAVDj4Xkeuq4TRRGmadJutwGo1+t0u11KpRKdTodao04URaQiI01ThBDouo6u6wghSNMUTdM4zBi3fXkuDur75TXxZiGvizeLcftnGMZdP0/TdKLtTxrj9t80zbt+Pm7/x8Wk53/S63fS6yNJkom2Py7G7d+k18dBj/+49ceN70E/n8bt37jxnXT/J11/3P4d9P056fNzXEx6/RhZfgx3HocgQwiBaepomkaWJWqOlBgj3/98/vd9n0ajQRAE9Pt9XNcljmM0TcN1XVzXZWNjgyRJWFxcpN1uo+s6GiZhGGIYBoZh0Ol0OHX6NFdfe41yuYz27KvfFDdu3MB1HfRMIIKYaqFI3A/I4oRKpcZ+q4PuFphdWmZ1dRORaZSLZUSaYNn5Qezs7OB5HpVKhXa7jRCCUqlEkiRkWaYm+yAIKJVKCCHIsow4jimXy2RZpgBJpVIhyzLCMETTNOI4JssyBUTygdExDAPTNBkMBqRpSqFQQNM09vf3c5A1/Ht5EZqmiWEYan/kYAshsCwL0zRptVq4rosQgiRJME2TOI4xDINCoUC73cZ1XQWACoUCg8EAx3EQQihgUygUFGDsdrvMzMzgOA5ra2sUCgUajQb9fp8kSdRD3LIssiwjiiJ0XcdxHLIsw3VdALrdLmmaMj8/T7vdptlpUygUEMNrS1448uKRY3yQcdAT4KTrj7tBxz2gDnoCmHT/x4VlWXf9fNIH9LgYd3zj9i+O4wPd/rgYB0An3f644ztogHXQAGDSCfqw779J1z/o8T3oF9S3+vrG8PDvHKdM5M+1JImGcyLfNy/mBE6KYRiK3HAcB9u2SZKEOI7V/d9sNllcXFQ4pdFocO3aDepTDUzTVL+XBAvAwsIC2us3XhKf/z//L2pYaB2f3tYO9546xSDL2AsH2DN1bu7usLG7z4l7T9Pd72EZNnMzc2zvbOH3mywuzrOxsYFt2ywvL7OxsUGapszNzeH7Pt1ul3K5rACTaZpYloWu6/R6PYrFInEcY1kWnU6HSqWi/jbLMmzbVkCq1WpRqVSYnp5mbW2NRqNBGIYUi0WazSae5+H7fo4uh4BDPsQcx1EgJkkSdfHHcUyj0aDZbJKmqXroW5ZFsVhkZ2eHYrGIYRikaYpt2xQKBTY2NrAsSzFN5XKZbrerTrhhGFQqFZrNJoVCgTiOCcMwB0VD1CzBpq7r6kRJ5GzbNu12G8uysCwL3/fxPO8WOM3yfZEASzJX8uIZBVsHFZM+IA57ArFt+66fHzTDddhvqId9fg56Ap10Aj/oCeSwGaxxMen1MSnAmvT4D/v8/6gDzIMen3HPx3Hfb2T6kMG6fZwlgyVEegfmyJ+paZqSZRmW5eD7IYuLiwwGA/r9Ppqm4fs+5XKZdrtNvV7H8zyuX7+OpmlMTU0Rx3FOxGQ5+FpYWFBZKtu26Xa7OWnjxAI3SInWdin5GceFxRmtAtNlmmZKp2jyzn/x83zxq3/H7n6ThflZEj+mvbdHQddxqzWSJGFmZoZer0cQBCoNJpFcfiAWSZJgWZYCTwCu65IkiQJJo+ixUqnQ7/cpFArqZDQaDQVUJDAb/X4JdCR7pGkalmWp7SVJoiYtSf/puk6SJNi2TblcptPpYNv2balA0zTZ399X6U5N05iZmaHb7WLbNpqm4Xke/X4fwzAQQuC6rmLXJOBrNBrYtq1AVLvdplqtYhgG/X4fgGKxiK7rihkrFosKeBUKBZrNJqVSiYpXoNPpkGaZ+n7JyEnANikDMi7G3gAT3kDjYtIH/KRvgJOmWMbt36Tnb9IH/KTbnzTFNO76mXT7B80QjItxDNlB3x+TTqCTjs9BP58mZZAOmqEaF4f9AnDQAHBigKXdAljyb4UQCPJ58Ny5R4jjcJguNNF1biMg9vc7/OVf/iXLy8ucOXOGMAypz8wQ+T5pmuI4Dmma8vTTT3Px4kU+/OEPMz09zc2bNzlz5gzbWzucOnUKXdepT0/T73b5/Oc/TxAEvPvd78ZMdtqcLDV49epLNFd3mTEKPPPK6+yIgBtRjyf+k1/k5973Xu4/cZLt9U2sQkoaRSTNNk8++SRO3eMr3/gqCwsLCCHodruK7RkMBiptKIGNYRgqbQi39EaO4+D7PpqmqXRckiSK5fJ9H9d1efjhh7l8+TJ7e3ucOHGCZrOJ7/u0222KxSKQp9KyLOPcuXMAijHa399XLJVhGOi6ThAEZFlGq9Vifn6e6elp9vf3iaJIpet+4id+gn6/r9ikTqcDwFNPPcXa2hr7+/sMBgOCIFAIVqYKpfZscXGRbrdLr9djb2+PQqGgcr2SqRvNDcvxaTQanD59mtXVVfb29hTws22bZrOpWLUsy1QKVLJnEuAdZBx0CmFcHPQD9KAB1LiY9A1+XArusAHeOAbxrZ7CHBeHDeAOWwM1Lg4aQBy2xnPSOOwX5IO+fibVqGq3abAEkJ/vHGRl9Pt9ut0uvt9XJIQQAsPIM0Sbm7tcvHiRX/7lX+Zv/uZv+O3f/m1FoBQKBXzf5wtf+ALPPvusmmOvXr2Kpmn80R/9Ee9+188qrPP8v//3vPe97+WrX/0qH/jAB3JQJ4RgqlEn0nV2Bh0MFzxD0At9NrbWKDkF1m+ukKQRrfY+4SDg2NwSpWqJpeNLBMR0u12OHTumUmRxHLO4uEi1WmV3d5e5uTlWVlZwHAfXdSkWi2pQut0uhUKBUqnEzZs3qdfruK6Lbdusrq6yuLio2KBms0mlUuHUqVPs7++ztbUFwNLSkkoDyjShaZrMzMzQbrcplUoqVbm7u6uE5UmSUK/X0XWdLMt4+OGHFSt29epVGo0Gg8GAxcVFrly5ovbTsixarRaO4zA/P0+/38f3ffb39xXbpWkaW1tbVKtV3ve+99Fut7l+/ToPPfQQ3/nOd+h2u9x7771kWcbu7i5RFKl1O50OWZZRLpcplUrq2EeLB3zfVynIbr9HGIYKxMqxCMPwwG/QSVNckz4AJ33DmnSCH8dATArQDvoBdtAMxbjzc9Ai8knHf1KAd9gpvkkZ3ElTeIedIh4XB/2CcdApuLf6+I2LiV9wRwBW/l0aQqRKD+04DoPBAE0zgFuaa8gF7pVKRaX7BoMB586d4xd+4RdIkoRms8mzzz7L9PQ0xWKR69evMxgMmJ/PJVFf//rX+eu/+n/5wz/8Q97//vfzm7/5m3Q6HVV053keZtvIWE37uD91mrl75njk9H28//2/BNUqa6+8xNJTj0PRpfHAvbxy8zqdXp+z736c9Ss3GRgJhqHz6KOPMjs7C8Di4iKtVot77rlHsUWPPfYYURRx/PhxPM+jWCwyGAyI4xjf91WK0bZt3va2t7G/v0+lUsGyLB577DFu3rzJ7OwsV69eVaBja2uLvb095ufneeKJJ1hZWcF1XW7cuMF9992nqu36/T6WZdHv94cDnafpZPpPAq7p6WkA2u02jUaDF198kfn5eVqtlmLVzpw5QxzHzMzMsL6+jmVZlEol5ubmOHnyJNv
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5aafa25c-ed90-4c3b-b416-440d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-20T18:50:11.000Z",
"modified": "2018-03-20T18:50:11.000Z",
"pattern": "[url:value = 'bit.ly/2m0x8IH']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-03-20T18:50:11Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5aafa25c-30fc-40eb-948c-4f24950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-20T18:50:11.000Z",
"modified": "2018-03-20T18:50:11.000Z",
"pattern": "[url:value = 'tinyurl.com/h3sdqck']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-03-20T18:50:11Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5aafa25d-ae18-45ba-ad07-49cc950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-20T18:50:12.000Z",
"modified": "2018-03-20T18:50:12.000Z",
"pattern": "[url:value = 'www.imageliners.com/nitel']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-03-20T18:50:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5aafa25d-5abc-4c94-91df-45dd950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-20T18:50:12.000Z",
"modified": "2018-03-20T18:50:12.000Z",
"pattern": "[url:value = 'file://184.154.150.66/ame_icon.png']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-03-20T18:50:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5aafa25e-ad70-436d-8a73-4bc1950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-20T18:50:13.000Z",
"modified": "2018-03-20T18:50:13.000Z",
"pattern": "[url:value = 'https://167.114.44.147/A56WY']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-03-20T18:50:13Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5aafa25e-fd58-4bc0-b276-471b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-20T18:50:13.000Z",
"modified": "2018-03-20T18:50:13.000Z",
"pattern": "[url:value = 'http://187.130.251.249/img/bson021.dat?0']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-03-20T18:50:13Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5aafa25f-e520-4a9c-a67c-43e3950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-20T18:50:14.000Z",
"modified": "2018-03-20T18:50:14.000Z",
"pattern": "[url:value = 'http://www.oilandgaseng.com/fileadmin/templates/Redesign_2013_V2/js/loginbox_og.js']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-03-20T18:50:14Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5aafa25f-c14c-47e8-b2d0-443f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-20T18:50:14.000Z",
"modified": "2018-03-20T18:50:14.000Z",
"pattern": "[url:value = 'http://www.plantengineering.com/typo3conf/ext/t3s_jslidernews/res/js/jquery.easing.js']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-03-20T18:50:14Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5aafa25f-5158-45ad-968a-4ba1950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-20T18:50:15.000Z",
"modified": "2018-03-20T18:50:15.000Z",
"pattern": "[url:value = 'http://www.controleng.com/typo3conf/ext/t3s_jslidernews/res/js/jquery.easing.js']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-03-20T18:50:15Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5aafa260-a274-4dfd-8438-47bb950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-20T18:50:16.000Z",
"modified": "2018-03-20T18:50:16.000Z",
"pattern": "[url:value = 'http://www.csemag.com/typo3conf/ext/t3s_jslidernews/res/js/jquery.easing.js']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-03-20T18:50:16Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5aafb4a2-c004-4745-81c5-4a39950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-20T18:50:16.000Z",
"modified": "2018-03-20T18:50:16.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '96.126.116.217']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-03-20T18:50:16Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5aafb4a3-d350-4081-b38e-44ee950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-20T18:50:17.000Z",
"modified": "2018-03-20T18:50:17.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '203.113.4.230']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-03-20T18:50:17Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5aafb4a3-adf0-464b-824a-4414950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-20T18:50:17.000Z",
"modified": "2018-03-20T18:50:17.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '149.210.156.198']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-03-20T18:50:17Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5aafb4a4-9098-4ae9-ac4e-4faf950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-20T18:50:18.000Z",
"modified": "2018-03-20T18:50:18.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '151.80.163.14']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-03-20T18:50:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5aafcf32-a0d0-472c-ad6d-47d6950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-19T21:10:22.000Z",
"modified": "2018-03-19T21:10:22.000Z",
"pattern": "[file:name = 'corp_rules(2016).docx']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-03-19T21:10:22Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5aafcf32-0a20-4249-a2ed-42ac950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-19T21:10:23.000Z",
"modified": "2018-03-19T21:10:23.000Z",
"pattern": "[file:name = 'invite.docx']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-03-19T21:10:23Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5aafcf33-d740-4658-9a3a-4593950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-20T18:50:18.000Z",
"modified": "2018-03-20T18:50:18.000Z",
"pattern": "[file:name = 'd.txt']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-03-20T18:50:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5aafcf33-5330-452f-89ce-4fa3950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-20T18:50:19.000Z",
"modified": "2018-03-20T18:50:19.000Z",
"pattern": "[file:name = 'httpconf.aspx']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-03-20T18:50:19Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5aafcf33-13b0-4998-9fd7-4bcd950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-20T18:50:19.000Z",
"modified": "2018-03-20T18:50:19.000Z",
"pattern": "[file:name = 'Chromex64.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-03-20T18:50:19Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5aafcf34-5978-47ac-99e3-48ca950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-20T18:50:19.000Z",
"modified": "2018-03-20T18:50:19.000Z",
"pattern": "[file:name = 'header.php']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-03-20T18:50:19Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5aafcf49-00b4-494e-991b-4089950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-20T18:50:20.000Z",
"modified": "2018-03-20T18:50:20.000Z",
"pattern": "[file:name = 'zervit32']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-03-20T18:50:20Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ab0b986-831c-4e6a-b8eb-4034950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-20T18:50:20.000Z",
"modified": "2018-03-20T18:50:20.000Z",
"pattern": "[rule APT_malware_1\r\n\r\n{\r\n\r\nmeta:\r\n\r\n description = \"inveigh pen testing tools & related artifacts\"\r\n\r\n author = \"DHS | NCCIC Code Analysis Team\" \r\n\r\n date = \"2017/07/17\"\r\n\r\n hash0 = \"61C909D2F625223DB2FB858BBDF42A76\"\r\n\r\n hash1 = \"A07AA521E7CAFB360294E56969EDA5D6\"\r\n\r\n hash2 = \"BA756DD64C1147515BA2298B6A760260\"\r\n\r\n hash3 = \"8943E71A8C73B5E343AA9D2E19002373\"\r\n\r\n hash4 = \"04738CA02F59A5CD394998A99FCD9613\"\r\n\r\n hash5 = \"038A97B4E2F37F34B255F0643E49FC9D\"\r\n\r\n hash6 = \"65A1A73253F04354886F375B59550B46\"\r\n\r\n hash7 = \"AA905A3508D9309A93AD5C0EC26EBC9B\"\r\n\r\n hash8 = \"5DBEF7BDDAF50624E840CCBCE2816594\"\r\n\r\n hash9 = \"722154A36F32BA10E98020A8AD758A7A\"\r\n\r\n hash10 = \"4595DBE00A538DF127E0079294C87DA0\"\r\n\r\nstrings:\r\n\r\n $s0 = \"file://\"\r\n\r\n $s1 = \"/ame_icon.png\"\r\n\r\n $s2 = \"184.154.150.66\"\r\n\r\n $s3 = { 87D081F60C67F5086A003315D49A4000F7D6E8EB12000081F7F01BDD21F7DE }\r\n\r\n $s4 = { 33C42BCB333DC0AD400043C1C61A33C3F7DE33F042C705B5AC400026AF2102 }\r\n\r\n $s5 = \"(g.charCodeAt(c)^l[(l[b]+l[e])%256])\"\r\n\r\n $s6 = \"for(b=0;256>b;b++)k[b]=b;for(b=0;256>b;b++)\"\r\n\r\n $s7 = \"VXNESWJfSjY3grKEkEkRuZeSvkE=\"\r\n\r\n $s8 = \"NlZzSZk=\"\r\n\r\n $s9 = \"WlJTb1q5kaxqZaRnser3sw==\"\r\n\r\n $s10 = \"for(b=0;256>b;b++)k[b]=b;for(b=0;256>b;b++)\"\r\n\r\n $s11 = \"fromCharCode(d.charCodeAt(e)^k[(k[b]+k[h])%256])\"\r\n\r\n $s12 = \"ps.exe -accepteula \\\\%ws% -u %user% -p %pass% -s cmd /c netstat\"\r\n\r\n $s13 = { 22546F6B656E733D312064656C696D733D5C5C222025254920494E20286C6973742E74787429 }\r\n\r\n $s14 = { 68656C6C2E657865202D6E6F65786974202D657865637574696F6E706F6C69637920627970617373202D636F6D6D616E6420222E202E5C496E76656967682E70 }\r\n\r\n $s15 = { 476F206275696C642049443A202266626433373937623163313465306531 }\r\n\r\n//inveigh pentesting tools\r\n\r\n $s16 = { 24696E76656967682E7374617475735F71756575652E4164642822507265737320616E79206B657920746F2073746F70207265616C2074696D65 }\r\n\r\n//specific malicious word document PK archive\r\n\r\n $s17 = { 2F73657474696E67732E786D6CB456616FDB3613FEFE02EF7F10F4798E64C54D06A14ED125F19A225E87C9FD0194485B }\r\n\r\n $s18 = { 6C732F73657474696E67732E786D6C2E72656C7355540500010076A41275780B0001040000000004000000008D90B94E03311086EBF014D6F4D87B48214471D2 }\r\n\r\n $s19 = { 8D90B94E03311086EBF014D6F4D87B48214471D210A41450A0E50146EBD943F8923D41C9DBE3A54A240ACA394A240ACA39 }\r\n\r\n $s20 = { 8C90CD4EEB301085D7BD4F61CDFEDA092150A1BADD005217B040E10146F124B1F09FEC01B56F8FC3AA9558B0B4 }\r\n\r\n $s21 = { 8C90CD4EEB301085D7BD4F61CDFEDA092150A1BADD005217B040E10146F124B1F09FEC01B56F8FC3AA9558B0B4 }\r\n\r\n $s22 = \"5.153.58.45\"\r\n\r\n $s23 = \"62.8.193.206\"\r\n\r\n $s24 = \"/1/ree_stat/p\"\r\n\r\n $s25 = \"/icon.png\"\r\n\r\n $s26 = \"/pshare1/icon\"\r\n\r\n $s27 = \"/notepad.png\"\r\n\r\n $s28 = \"/pic.png\"\r\n\r\n $s29 = \"http://bit.ly/2m0x8IH\"\r\n\r\n \r\n\r\ncondition:\r\n\r\n ($s0 and $s1 or $s2) or ($s3 or $s4) or ($s5 and $s6 or $s7 and $s8 and $s9) or ($s10 and $s11) or ($s12 and $s13) or ($s14) or ($s15) or ($s16) or ($s17) or ($s18) or ($s19) or ($s20) or ($s21) or ($s0 and $s22 or $s24) or ($s0 and $s22 or $s25) or ($s0 and $s23 or $s26) or ($s0 and $s22 or $s27) or ($s0 and $s23 or $s28) or ($s29)\r\n\r\n}]",
"pattern_type": "yara",
"valid_from": "2018-03-20T18:50:20Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"yara\"",
"misp:category=\"Artifacts dropped\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ab0b9a7-7e68-4a8b-8381-4d90950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-20T18:50:21.000Z",
"modified": "2018-03-20T18:50:21.000Z",
"pattern": "[rule APT_malware_2\r\n\r\n{\r\n\r\nmeta:\r\n\r\n description = \"rule detects malware\"\r\n\r\n author = \"other\"\r\n\r\n \r\n\r\nstrings:\r\n\r\n $api_hash = { 8A 08 84 C9 74 0D 80 C9 60 01 CB C1 E3 01 03 45 10 EB ED }\r\n\r\n $http_push = \"X-mode: push\" nocase\r\n\r\n $http_pop = \"X-mode: pop\" nocase\r\n\r\n \r\n\r\ncondition:\r\n\r\n any of them\r\n\r\n}]",
"pattern_type": "yara",
"valid_from": "2018-03-20T18:50:21Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"yara\"",
"misp:category=\"Artifacts dropped\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ab0b9bd-c70c-4f9b-892c-4455950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-20T18:50:21.000Z",
"modified": "2018-03-20T18:50:21.000Z",
"pattern": "[rule Query_XML_Code_MAL_DOC_PT_2\r\n\r\n{\r\n\r\nmeta:\r\n\r\n name= \"Query_XML_Code_MAL_DOC_PT_2\"\r\n\r\n author = \"other\"\r\n\r\n \r\n\r\nstrings:\r\n\r\n \r\n\r\n $zip_magic = { 50 4b 03 04 }\r\n\r\n $dir1 = \"word/_rels/settings.xml.rels\"\r\n\r\n $bytes = {8c 90 cd 4e eb 30 10 85 d7}\r\n\r\n \r\n\r\ncondition:\r\n\r\n $zip_magic at 0 and $dir1 and $bytes\r\n\r\n}]",
"pattern_type": "yara",
"valid_from": "2018-03-20T18:50:21Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"yara\"",
"misp:category=\"Artifacts dropped\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ab0b9d5-57e8-46be-a71b-4f02950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-20T18:50:22.000Z",
"modified": "2018-03-20T18:50:22.000Z",
"pattern": "[rule Query_Javascript_Decode_Function\r\n\r\n{\r\n\r\nmeta:\r\n\r\n name= \"Query_Javascript_Decode_Function\"\r\n\r\n author = \"other\"\r\n\r\n \r\n\r\nstrings:\r\n\r\n $decode1 = {72 65 70 6C 61 63 65 28 2F 5B 5E 41 2D 5A 61 2D 7A 30 2D 39 5C 2B 5C 2F 5C 3D 5D 2F 67 2C 22 22 29 3B}\r\n\r\n $decode2 = {22 41 42 43 44 45 46 47 48 49 4A 4B 4C 4D 4E 4F 50 51 52 53 54 55 56 57 58 59 5A 61 62 63 64 65 66 67 68 69 6A 6B 6C 6D 6E 6F 70 71 72 73 74 75 76 77 78 79 7A 30 31 32 33 34 35 36 37 38 39 2B 2F 3D 22 2E 69 6E 64 65 78 4F 66 28 ?? 2E 63 68 61 72 41 74 28 ?? 2B 2B 29 29}\r\n\r\n $decode3 = {3D ?? 3C 3C 32 7C ?? 3E 3E 34 2C ?? 3D 28 ?? 26 31 35 29 3C 3C 34 7C ?? 3E 3E 32 2C ?? 3D 28 ?? 26 33 29 3C 3C 36 7C ?? 2C ?? 2B 3D [1-2] 53 74 72 69 6E 67 2E 66 72 6F 6D 43 68 61 72 43 6F 64 65 28 ?? 29 2C 36 34 21 3D ?? 26 26 28 ?? 2B 3D 53 74 72 69 6E 67 2E 66 72 6F 6D 43 68 61 72 43 6F 64 65 28 ?? 29}\r\n\r\n $decode4 = {73 75 62 73 74 72 69 6E 67 28 34 2C ?? 2E 6C 65 6E 67 74 68 29}\r\n\r\n $func_call=\"a(\\\"\"\r\n\r\n \r\n\r\ncondition:\r\n\r\n filesize < 20KB and #func_call > 20 and all of ($decode*)\r\n\r\n \r\n\r\n}]",
"pattern_type": "yara",
"valid_from": "2018-03-20T18:50:22Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"yara\"",
"misp:category=\"Artifacts dropped\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ab0b9e6-07f8-4b37-82dd-4ff1950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-20T18:50:22.000Z",
"modified": "2018-03-20T18:50:22.000Z",
"pattern": "[rule Query_XML_Code_MAL_DOC\r\n\r\n{\r\n\r\nmeta:\r\n\r\n name= \"Query_XML_Code_MAL_DOC\"\r\n\r\n author = \"other\"\r\n\r\n \r\n\r\nstrings:\r\n\r\n $zip_magic = { 50 4b 03 04 }\r\n\r\n $dir = \"word/_rels/\" ascii\r\n\r\n $dir2 = \"word/theme/theme1.xml\" ascii\r\n\r\n $style = \"word/styles.xml\" ascii\r\n\r\n \r\n\r\ncondition:\r\n\r\n $zip_magic at 0 and $dir at 0x0145 and $dir2 at 0x02b7 and $style at 0x08fd\r\n\r\n}]",
"pattern_type": "yara",
"valid_from": "2018-03-20T18:50:22Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"yara\"",
"misp:category=\"Artifacts dropped\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ab0bb05-aeb8-4762-a58b-42a7950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-20T18:50:23.000Z",
"modified": "2018-03-20T18:50:23.000Z",
"pattern": "[rule z_webshell\r\n\r\n{\r\n\r\nmeta:\r\n\r\n description = \"Detection for the z_webshell\"\r\n\r\n author = \"DHS NCCIC Hunt and Incident Response Team\"\r\n\r\n date = \"2018/01/25\"\r\n\r\n md5 = \"2C9095C965A55EFC46E16B86F9B7D6C6\"\r\n\r\n \r\n\r\nstrings:\r\n\r\n $aspx_identifier1 = \"<%@ \" nocase ascii wide\r\n\r\n $aspx_identifier2 = \"<asp:\" nocase ascii wide\r\n\r\n $script_import = /(import|assembly) Name(space)?\\=\\\"(System|Microsoft)/ nocase ascii wide\r\n\r\n $case_string = /case \\\"z_(dir|file|FM|sql)_/ nocase ascii wide\r\n\r\n $webshell_name = \"public string z_progname =\" nocase ascii wide\r\n\r\n $webshell_password = \"public string Password =\" nocase ascii wide\r\n\r\n \r\n\r\ncondition:\r\n\r\n 1 of ($aspx_identifier*)\r\n\r\n and #script_import > 10\r\n\r\n and #case_string > 7\r\n\r\n and 2 of ($webshell_*)\r\n\r\n and filesize < 100KB\r\n\r\n}]",
"pattern_type": "yara",
"valid_from": "2018-03-20T18:50:23Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"yara\"",
"misp:category=\"Artifacts dropped\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5ab0bd04-6bd0-4e34-9a8b-40b0950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-20T18:50:23.000Z",
"modified": "2018-03-20T18:50:23.000Z",
"first_observed": "2018-03-20T18:50:23Z",
"last_observed": "2018-03-20T18:50:23Z",
"number_observed": 1,
"object_refs": [
"windows-registry-key--5ab0bd04-6bd0-4e34-9a8b-40b0950d210f"
],
"labels": [
"misp:type=\"regkey\"",
"misp:category=\"Persistence mechanism\""
]
},
{
"type": "windows-registry-key",
"spec_version": "2.1",
"id": "windows-registry-key--5ab0bd04-6bd0-4e34-9a8b-40b0950d210f",
"key": "HKLM\\SYSTEM\\CurrentControlSet\\Services\\SharedAccess\\Parameters\\FirewallPolicy\\StandardProfile\\GloballyOpenPorts\\List"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5ab0bd04-aa44-47e9-807e-4899950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-20T18:50:24.000Z",
"modified": "2018-03-20T18:50:24.000Z",
"first_observed": "2018-03-20T18:50:24Z",
"last_observed": "2018-03-20T18:50:24Z",
"number_observed": 1,
"object_refs": [
"windows-registry-key--5ab0bd04-aa44-47e9-807e-4899950d210f"
],
"labels": [
"misp:type=\"regkey\"",
"misp:category=\"Persistence mechanism\""
]
},
{
"type": "windows-registry-key",
"spec_version": "2.1",
"id": "windows-registry-key--5ab0bd04-aa44-47e9-807e-4899950d210f",
"key": "HKLM\\SYSTEM\\CurrentControlSet\\Services\\SharedAccess\\Parameters\\FirewallPolicy\\DomainProfile\\GloballyOpenPorts\\List"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5ab0bd05-daf0-4b0f-b50a-4ce2950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-20T18:50:24.000Z",
"modified": "2018-03-20T18:50:24.000Z",
"first_observed": "2018-03-20T18:50:24Z",
"last_observed": "2018-03-20T18:50:24Z",
"number_observed": 1,
"object_refs": [
"windows-registry-key--5ab0bd05-daf0-4b0f-b50a-4ce2950d210f"
],
"labels": [
"misp:type=\"regkey\"",
"misp:category=\"Persistence mechanism\""
]
},
{
"type": "windows-registry-key",
"spec_version": "2.1",
"id": "windows-registry-key--5ab0bd05-daf0-4b0f-b50a-4ce2950d210f",
"key": "HKLM\\SYSTEM\\CurrentControlSet\\Control\\Terminal Server\\Licensing Core"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5ab0bd05-d250-4e32-8805-4fbd950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-20T18:50:25.000Z",
"modified": "2018-03-20T18:50:25.000Z",
"first_observed": "2018-03-20T18:50:25Z",
"last_observed": "2018-03-20T18:50:25Z",
"number_observed": 1,
"object_refs": [
"windows-registry-key--5ab0bd05-d250-4e32-8805-4fbd950d210f"
],
"labels": [
"misp:type=\"regkey\"",
"misp:category=\"Persistence mechanism\""
]
},
{
"type": "windows-registry-key",
"spec_version": "2.1",
"id": "windows-registry-key--5ab0bd05-d250-4e32-8805-4fbd950d210f",
"key": "HKLM\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5ab0bd06-0ac0-4069-9545-4f16950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-20T18:50:25.000Z",
"modified": "2018-03-20T18:50:25.000Z",
"first_observed": "2018-03-20T18:50:25Z",
"last_observed": "2018-03-20T18:50:25Z",
"number_observed": 1,
"object_refs": [
"windows-registry-key--5ab0bd06-0ac0-4069-9545-4f16950d210f"
],
"labels": [
"misp:type=\"regkey\"",
"misp:category=\"Persistence mechanism\""
]
},
{
"type": "windows-registry-key",
"spec_version": "2.1",
"id": "windows-registry-key--5ab0bd06-0ac0-4069-9545-4f16950d210f",
"key": "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows NT\\Terminal"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5ab0bd06-a30c-46f0-9311-4ec2950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-20T18:50:26.000Z",
"modified": "2018-03-20T18:50:26.000Z",
"first_observed": "2018-03-20T18:50:26Z",
"last_observed": "2018-03-20T18:50:26Z",
"number_observed": 1,
"object_refs": [
"windows-registry-key--5ab0bd06-a30c-46f0-9311-4ec2950d210f"
],
"labels": [
"misp:type=\"regkey\"",
"misp:category=\"Persistence mechanism\""
]
},
{
"type": "windows-registry-key",
"spec_version": "2.1",
"id": "windows-registry-key--5ab0bd06-a30c-46f0-9311-4ec2950d210f",
"key": "HKLM\\SYSTEM\\CurrentControlSet\\Control\\Terminal Services"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5ab0bd06-b0c8-4bfb-8db2-4b0d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-20T18:50:26.000Z",
"modified": "2018-03-20T18:50:26.000Z",
"first_observed": "2018-03-20T18:50:26Z",
"last_observed": "2018-03-20T18:50:26Z",
"number_observed": 1,
"object_refs": [
"windows-registry-key--5ab0bd06-b0c8-4bfb-8db2-4b0d950d210f"
],
"labels": [
"misp:type=\"regkey\"",
"misp:category=\"Persistence mechanism\""
]
},
{
"type": "windows-registry-key",
"spec_version": "2.1",
"id": "windows-registry-key--5ab0bd06-b0c8-4bfb-8db2-4b0d950d210f",
"key": "HKLM\\SYSTEM\\CurrentControlSet\\Control\\Terminal Server"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5ab0bd07-7ffc-4f86-b728-462e950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-20T18:50:27.000Z",
"modified": "2018-03-20T18:50:27.000Z",
"first_observed": "2018-03-20T18:50:27Z",
"last_observed": "2018-03-20T18:50:27Z",
"number_observed": 1,
"object_refs": [
"windows-registry-key--5ab0bd07-7ffc-4f86-b728-462e950d210f"
],
"labels": [
"misp:type=\"regkey\"",
"misp:category=\"Persistence mechanism\""
]
},
{
"type": "windows-registry-key",
"spec_version": "2.1",
"id": "windows-registry-key--5ab0bd07-7ffc-4f86-b728-462e950d210f",
"key": "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows NT\\Terminal Services"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5ab0be76-d008-415c-b8b4-45b7950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-20T18:50:27.000Z",
"modified": "2018-03-20T18:50:27.000Z",
"first_observed": "2018-03-20T18:50:27Z",
"last_observed": "2018-03-20T18:50:27Z",
"number_observed": 1,
"object_refs": [
"windows-registry-key--5ab0be76-d008-415c-b8b4-45b7950d210f"
],
"labels": [
"misp:type=\"regkey\"",
"misp:category=\"Persistence mechanism\""
]
},
{
"type": "windows-registry-key",
"spec_version": "2.1",
"id": "windows-registry-key--5ab0be76-d008-415c-b8b4-45b7950d210f",
"key": "HKLM\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\SpecialAccounts\\UserList"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ab0c9fd-d968-4d33-95f2-48c6950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-20T18:50:28.000Z",
"modified": "2018-03-20T18:50:28.000Z",
"pattern": "[file:name = 'admins.txt']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-03-20T18:50:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ab0c9fe-b52c-447c-89db-4450950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-20T18:50:28.000Z",
"modified": "2018-03-20T18:50:28.000Z",
"pattern": "[file:name = 'completed_dclist.txt']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-03-20T18:50:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ab0c9fe-0458-4fa9-a611-4deb950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-20T18:50:29.000Z",
"modified": "2018-03-20T18:50:29.000Z",
"pattern": "[file:name = 'completed_trusts.txt']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-03-20T18:50:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ab0c9fe-51c0-4a4a-8d15-420b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-20T18:50:29.000Z",
"modified": "2018-03-20T18:50:29.000Z",
"pattern": "[file:name = 'completed_zone.txt']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-03-20T18:50:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ab0c9ff-2d9c-484f-ab37-486a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-20T18:50:29.000Z",
"modified": "2018-03-20T18:50:29.000Z",
"pattern": "[file:name = 'comps.txt']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-03-20T18:50:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ab0c9ff-5138-4e91-80db-40e2950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-20T18:50:30.000Z",
"modified": "2018-03-20T18:50:30.000Z",
"pattern": "[file:name = 'conditional_forwarders.txt']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-03-20T18:50:30Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ab0c9ff-0e68-4bb8-93fe-42fb950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-20T18:50:30.000Z",
"modified": "2018-03-20T18:50:30.000Z",
"pattern": "[file:name = 'domain_zone.txt']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-03-20T18:50:30Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ab0ca00-4fe4-4625-8105-45a4950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-20T18:50:31.000Z",
"modified": "2018-03-20T18:50:31.000Z",
"pattern": "[file:name = 'enum_zones.txt']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-03-20T18:50:31Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ab0ca00-9b98-4190-b87c-4e7b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-20T18:50:31.000Z",
"modified": "2018-03-20T18:50:31.000Z",
"pattern": "[file:name = 'users.txt']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-03-20T18:50:31Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ab0ca6e-ecb0-4544-8ce9-4e11950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-20T18:50:32.000Z",
"modified": "2018-03-20T18:50:32.000Z",
"pattern": "[file:name = 'SYSTEM.zip']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-03-20T18:50:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ab0ca6e-b890-4400-a29c-4f52950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-20T18:50:32.000Z",
"modified": "2018-03-20T18:50:32.000Z",
"pattern": "[file:name = 'comps.zip']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-03-20T18:50:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5aab7c2b-3394-4760-97a3-4343950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-16T09:52:43.000Z",
"modified": "2018-03-16T09:52:43.000Z",
"description": "PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows",
"pattern": "[file:hashes.MD5 = '04738ca02f59a5cd394998a99fcd9613' AND file:hashes.SHA1 = '65fcc51f70b2213bce4d39de56646795fd62d169' AND file:hashes.SSDEEP = '768:iRCfDUNMlhl80TrHo7YAoEDjAnXTcK8ZU9qZU9PmTb0yQUNJ:i+D3RLo7Y1ozptwQNJ' AND file:name = 's.exe' AND file:size = '87552' AND file:x_misp_state = 'Malicious' AND file:x_misp_entropy = '5.41428754686']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-03-16T09:52:43Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5aab7c75-a4b8-4062-ba32-47ea950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-16T13:32:56.000Z",
"modified": "2018-03-16T13:32:56.000Z",
"description": "Zip archive data, at least v2.0 to extract",
"pattern": "[file:hashes.MD5 = '3b6c3df08e99b40148548e96cd1ac872' AND file:hashes.SHA1 = 'a602b03555a505cfcfc4b5f4f716b2ba88ed4cd8' AND file:name = 'n.zip.dv9vpwt.partial' AND file:size = '192897' AND file:x_misp_state = 'Malicious' AND file:x_misp_entropy = '7.99807624013' AND file:x_misp_ssdeep = '3072:YnNhgA2YcTOFFvik/VZMaqM3M/cmlTSdvN/xR3M5KuYktpJhErxNWNfamTQGfBsf:k2DTOji8IM8\r\n/vCxLM5lXhEmTpfCJVoBQ']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-03-16T13:32:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5aab7cc4-3de4-4beb-937b-460e950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-16T10:44:14.000Z",
"modified": "2018-03-16T10:44:14.000Z",
"description": "ASCII text",
"pattern": "[file:hashes.MD5 = '5dbef7bddaf50624e840ccbce2816594' AND file:hashes.SHA1 = 'f9b72a2802d2a7ff33fd2d4bbcf41188724fcaa8' AND file:hashes.SSDEEP = '6144:dqtii3p3p3Y3V363F3/3HOXCZiZVZkZ0ZCZyZMZqZ+ZqZXVyRMjP:X' AND file:name = 'Inveigh-Relay.ps1' AND file:size = '227407' AND file:x_misp_state = 'Malicious' AND file:x_misp_entropy = '4.77558019521']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-03-16T10:44:14Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5aab7d70-a138-4131-9843-466d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-16T12:12:55.000Z",
"modified": "2018-03-16T12:12:55.000Z",
"description": "ASCII text, with CRLF line terminators",
"pattern": "[file:hashes.MD5 = '61c909d2f625223db2fb858bbdf42a76' AND file:hashes.SHA1 = 'b45d63d4d952e9a0715583f97a2d9edeb45ae74e' AND file:hashes.SSDEEP = '3:HjVygSSJJLNyLm/sRIm+ZCRrFquLLTzOSX36I41uF:HjssnyLmURcZCdtTzOw3b41uF' AND file:name = 'svcsrv.bat' AND file:size = '146' AND file:x_misp_state = 'Malicious' AND file:x_misp_entropy = '5.09864672537']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-03-16T12:12:55Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5aab7e3e-425c-4c16-850e-4251950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-16T15:17:18.000Z",
"modified": "2018-03-16T15:17:18.000Z",
"description": "ASCII text, with CRLF line terminators",
"pattern": "[file:hashes.MD5 = '61e2679cd208e0a421adc4940662c583' AND file:hashes.SHA1 = '3d36e477643375030431301abaccb8287b2eecce' AND file:name = 'list.txt' AND file:size = '4848' AND file:x_misp_state = 'Malicious' AND file:x_misp_entropy = '3.09733567586']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-03-16T15:17:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5aab7e5b-5de0-4266-90c3-4131950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-19T07:27:11.000Z",
"modified": "2018-03-19T07:27:11.000Z",
"description": "DOS batch file, ASCII text, with CRLF line terminators",
"pattern": "[file:hashes.MD5 = '7dbfa8cbb39192ffe2a930fc5258d4c1' AND file:hashes.SHA1 = '64f0ac82ccc4a6def48d5f9079b7c146126c6464' AND file:hashes.SSDEEP = '6:/kuFHh257l3YgPS62c7q5mJpna7CvpfVKSV1n/H6RDzKRfgP8X:/JC1l3H7CmLa7ufVbOzKpX' AND file:name = 'SD.bat' AND file:size = '343' AND file:x_misp_state = 'Malicious' AND file:x_misp_entropy = '4.94900696663']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-03-19T07:27:11Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5aab7ece-54c4-4627-b9f3-4eee950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-16T11:12:53.000Z",
"modified": "2018-03-16T11:12:53.000Z",
"description": "PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed",
"pattern": "[file:hashes.MD5 = '8943e71a8c73b5e343aa9d2e19002373' AND file:hashes.SHA1 = '092de09e2f346b81a84113734964ad10284f142d' AND file:hashes.SSDEEP = '24576:8ehp+MLzB2M6ewgsKR2/sNl+BNsjJX34grzNkHAgjZgC4bGB9qsY:Hh7LwoR9Nl+irygoYbGB9qs' AND file:name = 'ntdll.exe' AND file:size = '1138176' AND file:x_misp_state = 'Malicious' AND file:x_misp_entropy = '7.9207919423']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-03-16T11:12:53Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5aab7efd-30a0-467e-b13e-448f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-16T11:01:08.000Z",
"modified": "2018-03-16T11:01:08.000Z",
"description": "ASCII text, with very long lines, with CRLF line terminators",
"pattern": "[file:hashes.MD5 = 'a07aa521e7cafb360294e56969eda5d6' AND file:hashes.SHA1 = 'efdef52f017eaac4843aab506a39ac2dbf96aee5' AND file:name = 'd.js' AND file:size = '5575' AND file:x_misp_state = 'Malicious' AND file:x_misp_entropy = '6.07484379527' AND file:x_misp_ssdeep = '96:UokaYaEWa2aG26RmGnNWLS0OTf3Yzm2f/4m\r\n/tO3hkPXW6Wv59a0SNm98Xv:UZf6ZNWLS0OL3Yzm2n4KckPG6S90uiv']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-03-16T11:01:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5aab7f0e-d540-40a3-b119-4cf3950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-16T10:37:46.000Z",
"modified": "2018-03-16T10:37:46.000Z",
"description": "ASCII text",
"pattern": "[file:hashes.MD5 = 'aa905a3508d9309a93ad5c0ec26ebc9b' AND file:hashes.SHA1 = 'c8791bcebaea85e9129e706b22e3bda43f762e4a' AND file:hashes.SSDEEP = '1536:+2ShI15AJLhZpaaOoMeX+sK+9rThT8JqRl+dQ:RShI15AJLhZpaaOy+89rThT8JqRYdQ' AND file:name = 'Inveigh.ps1' AND file:size = '202957' AND file:x_misp_state = 'Malicious' AND file:x_misp_entropy = '4.67120886515']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-03-16T10:37:46Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5aab7f21-1d04-4b67-97ad-4e8b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-16T15:30:53.000Z",
"modified": "2018-03-16T15:30:53.000Z",
"description": "PE32 executable (console) Intel 80386, for MS Windows",
"pattern": "[file:hashes.MD5 = 'aeee996fd3484f28e5cd85fe26b6bdcd' AND file:hashes.SHA1 = 'cd23b7c9e0edef184930bc8e0ca2264f0608bcb3' AND file:hashes.SSDEEP = '6144:xytTHoerLyksdxFPSWaNJaS1I1f4ogQs/LT7Z2Swc0IZCYA+l82:x6TH9F8bPSHDogQsTJJJK+l82' AND file:name = 'Ps.exe' AND file:size = '381816' AND file:x_misp_state = 'Malicious' AND file:x_misp_entropy = '6.56613336134']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-03-16T15:30:53Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5aab7f33-5c08-4572-9b7e-4961950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-16T11:04:30.000Z",
"modified": "2018-03-16T11:04:30.000Z",
"description": "ASCII text, with very long lines, with CRLF, LF line terminators",
"pattern": "[file:hashes.MD5 = 'ba756dd64c1147515ba2298b6a760260' AND file:hashes.SHA1 = 'e1631cd86facb5724469c19c60729a8d12a00a7f' AND file:hashes.SSDEEP = '96:2ta2avaYaDEcqH7HUTYNNpqQEl/zARZ729oTa:7X7UTyNghlLA7729p' AND file:name = 'goo-AA021-1468346915-00-50-56-A5-34-B3.js' AND file:size = '3904' AND file:x_misp_state = 'Malicious' AND file:x_misp_entropy = '6.02539611186']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-03-16T11:04:30Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--b9b261fe-ac0d-4eaa-bc84-91ee824ca271",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-16T19:58:42.000Z",
"modified": "2018-03-16T19:58:42.000Z",
"pattern": "[file:hashes.MD5 = '8943e71a8c73b5e343aa9d2e19002373' AND file:hashes.SHA1 = '092de09e2f346b81a84113734964ad10284f142d' AND file:hashes.SHA256 = 'a278256fbf2f061cfded7fdd58feded6765fade730374c508adad89282f67d77']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-03-16T19:58:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--52fdb810-ffc9-4914-a550-f04c633a6914",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-16T19:58:40.000Z",
"modified": "2018-03-16T19:58:40.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/a278256fbf2f061cfded7fdd58feded6765fade730374c508adad89282f67d77/analysis/1521140874/",
"category": "External analysis",
"uuid": "5aac21f1-e550-4384-930f-4f8e02de0b81"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "45/66",
"category": "Other",
"uuid": "5aac21f1-1e44-421e-a40a-4fb002de0b81"
},
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-03-15T19:07:54",
"category": "Other",
"uuid": "5aac21f1-64b4-4de3-8a2f-4d5402de0b81"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--d603127a-dca4-4067-9982-fbf3c37e55b2",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-16T19:58:44.000Z",
"modified": "2018-03-16T19:58:44.000Z",
"pattern": "[file:hashes.MD5 = 'aeee996fd3484f28e5cd85fe26b6bdcd' AND file:hashes.SHA1 = 'cd23b7c9e0edef184930bc8e0ca2264f0608bcb3' AND file:hashes.SHA256 = 'f8dbabdfa03068130c277ce49c60e35c029ff29d9e3c74c362521f3fb02670d5']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-03-16T19:58:44Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--7970257f-14eb-43dc-bd7f-5cab16a9baf3",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-16T19:58:43.000Z",
"modified": "2018-03-16T19:58:43.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/f8dbabdfa03068130c277ce49c60e35c029ff29d9e3c74c362521f3fb02670d5/analysis/1521206204/",
"category": "External analysis",
"uuid": "5aac21f3-b7c8-408a-90c8-4b3c02de0b81"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "1/64",
"category": "Other",
"uuid": "5aac21f3-d6f4-491e-bfbc-42a602de0b81"
},
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-03-16T13:16:44",
"category": "Other",
"uuid": "5aac21f3-74e8-4481-bdbf-453902de0b81"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--bf47e63b-3eb3-4434-ae79-81368e8f4084",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-16T19:58:47.000Z",
"modified": "2018-03-16T19:58:47.000Z",
"pattern": "[file:hashes.MD5 = 'aa905a3508d9309a93ad5c0ec26ebc9b' AND file:hashes.SHA1 = 'c8791bcebaea85e9129e706b22e3bda43f762e4a' AND file:hashes.SHA256 = '6401abe9b6e90411dc48ffc863c40c9d9b073590a8014fe1b0e6c2ecab2f7e18']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-03-16T19:58:47Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--9ff8d207-0de1-4965-836f-b1226b92c8f6",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-16T19:58:45.000Z",
"modified": "2018-03-16T19:58:45.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/6401abe9b6e90411dc48ffc863c40c9d9b073590a8014fe1b0e6c2ecab2f7e18/analysis/1521140754/",
"category": "External analysis",
"uuid": "5aac21f5-d980-4458-a5f0-4bd202de0b81"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "25/59",
"category": "Other",
"uuid": "5aac21f6-9e28-4ad0-b19d-44bd02de0b81"
},
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-03-15T19:05:54",
"category": "Other",
"uuid": "5aac21f6-4b18-4672-ae5f-4ece02de0b81"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5aaf6f7d-5698-489d-9b33-4c5c950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-20T07:21:23.000Z",
"modified": "2018-03-20T07:21:23.000Z",
"pattern": "[file:hashes.MD5 = '722154a36f32ba10e98020a8ad758a7a' AND file:hashes.SHA1 = '2872dcdf108563d16b6cf2ed383626861fc541d2' AND file:hashes.SHA256 = 'ac6c1df3895af63b864bb33bf30cb31059e247443ddb8f23517849362ec94f08' AND file:hashes.SSDEEP = '384:Dk5kSg2bPvHjd1coguI38aI2TUGThYGBUvolkGDJ4LMwa7nXp:DkGMjjOn8yTUQzuw7VB37n5' AND file:name = 'CV Controls Engineer.docx' AND file:size = '19261' AND file:x_misp_state = 'Malicious' AND file:x_misp_entropy = '7.85923994786']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-03-20T07:21:23Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5aaf6fb7-2d4c-48f6-a5a6-4936950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-19T09:31:41.000Z",
"modified": "2018-03-19T09:31:41.000Z",
"description": "Zip archive data, at least v2.0 to extract",
"pattern": "[file:hashes.MD5 = '038a97b4e2f37f34b255f0643e49fc9d' AND file:hashes.SHA1 = 'f8301523fe802402441f207c0f7c61b8aa3cfa63' AND file:hashes.SSDEEP = '384:F2sPE46JbzcB1mjvxqIJwpsxQVzI+GHoJDUhvWew8rKrNf28v:o8EVETmjUsqZuWd8uBfn' AND file:name = 'Controls Engineer.docx' AND file:size = '19605' AND file:x_misp_state = 'Malicious' AND file:x_misp_entropy = '7.78916156016']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-03-19T09:31:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5aaf6fc9-3500-45cd-8315-42e1950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-19T10:13:01.000Z",
"modified": "2018-03-19T10:13:01.000Z",
"description": "Zip archive data, at least v2.0 to extract",
"pattern": "[file:hashes.MD5 = '31008de622ca9526f5f4a1dd3f16f4ea' AND file:hashes.SHA1 = 'c8c8b2739fcf48c7071e41576791c1b5a9a0cb3a' AND file:hashes.SSDEEP = '384:F2sPE46JbzcB1mjvxqIJwpsxQVzI+GHoJSkhvnewMrKrNf+J:o8EVETmjUsqZDndMuBf6' AND file:name = 'Controls Engineer.docx' AND file:size = '19298' AND file:x_misp_state = 'Malicious' AND file:x_misp_entropy = '7.81640605196']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-03-19T10:13:01Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5aaf6fdc-d6d0-4c8d-aec4-485d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-19T10:39:19.000Z",
"modified": "2018-03-19T10:39:19.000Z",
"description": "Zip archive data, at least v2.0 to extract",
"pattern": "[file:hashes.MD5 = '5acc56c93c5ba1318dd2fa9c3509d60b' AND file:hashes.SHA1 = 'f3b8a182a3f4f51333f55e1afa4ad3d624301689' AND file:hashes.SSDEEP = '384:F2sPE46JbzcB1mjvxqIJwpsxQVoI+WHoJSkhvnewMrKrNfOJ:o8EVETmjUsqizndMuBfS' AND file:name = 'Controls Engineer.docx' AND file:size = '19326' AND file:x_misp_state = 'Malicious' AND file:x_misp_entropy = '7.8128329367']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-03-19T10:39:19Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5aaf6ff0-8384-42d9-a402-4107950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-19T09:44:55.000Z",
"modified": "2018-03-19T09:44:55.000Z",
"description": "Zip archive data, at least v2.0 to extract",
"pattern": "[file:hashes.MD5 = '65a1a73253f04354886f375b59550b46' AND file:hashes.SHA1 = '5f1d8a38ec40c2e86d54bfb7d9ce6571e8f944c6' AND file:hashes.SSDEEP = '384:F1sPE46JbzcB1mjvxqIJwpsxQVjI+GHoJSkhvnew74rKrNfXqJ:78EVETmjUsqJDndMuBfXe' AND file:name = 'Controls Engineer.docx' AND file:size = '19298' AND file:x_misp_state = 'Malicious' AND file:x_misp_entropy = '7.81659183222']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-03-19T09:44:55Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5aaf7025-6398-4599-869d-4abb950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-19T10:35:43.000Z",
"modified": "2018-03-19T10:35:43.000Z",
"description": "Zip archive data, at least v2.0 to extract",
"pattern": "[file:hashes.MD5 = '8341e48a6b91750d99a8295c97fd55d5' AND file:hashes.SHA1 = '3ce30622afb6fac1971a8534998a1d57b1062d86' AND file:hashes.SSDEEP = '384:F1sPE46JbzcB1mjvxqIJwpsxQVjI+GHoJSkhvWew8rKrNfP3J:78EVETmjUsqJDWd8uBfPZ' AND file:name = 'Controls Engineer.docx' AND file:size = '19298' AND file:x_misp_state = 'Malicious' AND file:x_misp_entropy = '7.81651500038']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-03-19T10:35:43Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5aaf7035-27fc-4569-ba36-4e69950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-19T10:37:57.000Z",
"modified": "2018-03-19T10:37:57.000Z",
"description": "Zip archive data, at least v2.0 to extract",
"pattern": "[file:hashes.MD5 = '99aa0d0eceefce4c0856532181b449b1' AND file:hashes.SHA1 = '1737a2c1b0d091f09f3f231ebc3da5661983c240' AND file:hashes.SSDEEP = '384:F1sPE46JbzcB1mjvxqIJwpsxQVjI+GHoJDUhvWew8rKrNfHJ:78EVETmjUsqJuWd8uBfp' AND file:name = 'Controls Engineer.docx' AND file:size = '19326' AND file:x_misp_state = 'Malicious' AND file:x_misp_entropy = '7.81297842972']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-03-19T10:37:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5aaf7051-9700-436b-8bec-4598950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-19T09:05:37.000Z",
"modified": "2018-03-19T09:05:37.000Z",
"description": "Zip archive data, at least v2.0 to extract",
"pattern": "[file:hashes.MD5 = 'a6d36749eebbbc51b552e5803ed1fd58' AND file:hashes.SHA1 = '3ceb153fcd9407c92b3c71eb0acf74e681691b98' AND file:hashes.SSDEEP = '384:F1sPE46JbzcB1mjvxqIJwpsxQVjI+GHoJSkhvnewMrKrNfXFg:78EVETmjUsqJDndMuBfXq' AND file:name = 'Controls Engineer.docx' AND file:size = '19270' AND file:x_misp_state = 'Malicious' AND file:x_misp_entropy = '7.82005155684']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-03-19T09:05:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5aaf9a4a-3250-4b88-bbe1-4834950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-19T11:14:43.000Z",
"modified": "2018-03-19T11:14:43.000Z",
"description": "HTML document, ASCII text, with very long lines, with CRLF line terminators",
"pattern": "[file:hashes.MD5 = '4383c60926261d467662f95b11efc044' AND file:hashes.SHA1 = '05305b7de1766713a6d4a32d740a1d0f724280ea' AND file:hashes.SSDEEP = '192:ela+K8nnsnQPh7aSJJJkSeIUHV4kLDDhWwpy8b7Xg:6a+K8nrPh7akrwHV5Hh1pXg' AND file:name = '184.154_redirect' AND file:size = '9300' AND file:x_misp_state = 'Malicious' AND file:x_misp_entropy = '5.31931878607']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-03-19T11:14:43Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5aaf9c9e-bd24-4ade-b019-45ab950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-19T11:22:17.000Z",
"modified": "2018-03-19T11:22:17.000Z",
"description": "PDF document, version 1.5",
"pattern": "[file:hashes.MD5 = 'e29d1f5d79cd906f75c88177c7f6168e' AND file:hashes.SHA1 = 'be0a15d1aa85c9d39c4757efda861da014156d31' AND file:hashes.SSDEEP = '6144:P3xUxs8qpZ5gB8zo35Gm0bLsSWpa9IP8F9/xZbbSxk:P+xs8Xio3ZOWpaSmpxZYk' AND file:name = 'document.pdf' AND file:size = '237179' AND file:x_misp_state = 'Malicious' AND file:x_misp_entropy = '7.97898152566']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-03-19T11:22:17Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5aafbc42-27c4-4a0f-bf40-4f01950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-19T13:33:54.000Z",
"modified": "2018-03-19T13:33:54.000Z",
"pattern": "[file:hashes.MD5 = '2c641a9348f1e0ccf9f38ee17f41b2da' AND file:name = 'Document.lnk' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-03-19T13:33:54Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5aafc6e9-77f8-4860-bb6b-430e950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-19T14:19:21.000Z",
"modified": "2018-03-19T14:19:21.000Z",
"pattern": "[file:hashes.MD5 = 'c3dc68e8d734968432c5dd5f6db444c7' AND file:name = 'notepad.exe.lnk' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-03-19T14:19:21Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5aafc7a7-dc20-4498-a53b-4202950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-19T14:22:31.000Z",
"modified": "2018-03-19T14:22:31.000Z",
"pattern": "[file:hashes.MD5 = '12620d0cbcdfbdb04d01a18bbd497b8a' AND file:name = 'SETROUTE.lnk' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-03-19T14:22:31Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5aafcfda-50d0-446b-8591-4212950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-19T14:57:33.000Z",
"modified": "2018-03-19T14:57:33.000Z",
"pattern": "[file:hashes.MD5 = 'db07e1740152e09610ea826655d27e8d' AND file:hashes.SHA1 = '793986fb79bc66807e28f233b52efa7c315862c8' AND file:hashes.SHA256 = '2f159b71183a69928ba8f26b76772ec504aefeac71021b012bd006162e133731' AND file:hashes.SSDEEP = '96:hDrKygLnAhjMbU7wUNsJzzrNXKyysV5d0b:hDmyg3w77Ns5nNaEK' AND file:name = 'scr.exe' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-03-19T14:57:33Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5aafd016-ae84-45c4-b14f-43a6950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-19T14:58:33.000Z",
"modified": "2018-03-19T14:58:33.000Z",
"pattern": "[file:hashes.MD5 = 'acdb6d5c1d8c3f5e3c29c3605bffcf18' AND file:hashes.SHA1 = '96489f3e5d8bfeb3a75250017191277e2d5d0bae' AND file:hashes.SHA256 = '070d7082a5abe1112615877214ec82241fd17e5bd465e24d794a470f699af88e' AND file:hashes.SSDEEP = '768:nnUWy2YE7z0E9WwS/O0CHMBKXEjeS5TgfX/XZVNGzx:UWy2r7bt0IMBKXEj9TgfX/JV' AND file:name = 't.exe' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-03-19T14:58:33Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5aafd060-eb10-4e15-84cf-40ca950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-19T14:59:47.000Z",
"modified": "2018-03-19T14:59:47.000Z",
"pattern": "[file:hashes.MD5 = 'c1a030ea830a12a32e84a012dfb1679b' AND file:hashes.SHA1 = '0d2b07df600285d1d8c49938bc2f79ad3eef5c77' AND file:hashes.SHA256 = '9b97290300abb68fb48480718e6318ee2cdd4f099aa6438010fb2f44803e0b58' AND file:hashes.SSDEEP = '384:JjfbWoIQv8NiOTXTZu2qXymF7VrEr3QtSEXE+Jo:BfbLIQsByEF' AND file:name = 'ms.ps1' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-03-19T14:59:47Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5aafd146-b384-4965-9fd3-46a9950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-19T15:03:37.000Z",
"modified": "2018-03-19T15:03:37.000Z",
"pattern": "[file:hashes.MD5 = '40d3d8795559a556a8897ec6e003fc91' AND file:hashes.SHA1 = '509f959f92210d8dd40710ba34548ae960864754' AND file:hashes.SHA256 = '72a28efb6e32e653b656ca32ccd44b3111145a695f6f6161965deebbdc437076' AND file:hashes.SSDEEP = '384:M60E5y1gJDnmiekDuxsW9EMmbWAvFit2w8KXvtmRFU9fDMti+MDHikDtYL30oJ:M60E5qgtWCbDvFOt/sFU9WjL3XJ' AND file:name = 'Invoke-Kerberoast.ps1' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-03-19T15:03:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5aafd2b1-0b34-4136-9ee8-4e7b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-19T15:09:40.000Z",
"modified": "2018-03-19T15:09:40.000Z",
"pattern": "[file:hashes.MD5 = '451ce41809508b7f88a24caba884926c' AND file:hashes.SHA1 = '5388520f80c6ca3038445ebb3d6a51f3d90bf717' AND file:hashes.SHA256 = 'f2943f5e45befa52fb12748ca7171d30096e1d4fc3c365561497c618341299d5' AND file:hashes.SSDEEP = '192:W6+ixcZOnxue/Zp1vS1uUAQRNQQjiTNZFx2NRWCZNBLTSNGaM6NMeM8SkY69mZM3:3jxcZOnxu4p1qBAgAWvag621oign' AND file:name = 'Get-GPPPassword.ps1' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-03-19T15:09:40Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5aafd4cf-7630-4d4b-ba7e-474b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-19T15:18:39.000Z",
"modified": "2018-03-19T15:18:39.000Z",
"pattern": "[file:hashes.MD5 = '8a39bfe18d912dbcc940d05d692efeb9' AND file:name = 'ASREPRoast.ps1' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-03-19T15:18:39Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5aafd4e4-32ec-4efd-8e1c-4f87950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-19T15:19:00.000Z",
"modified": "2018-03-19T15:19:00.000Z",
"pattern": "[file:hashes.MD5 = '3cc0d3a05cd0cef8294506f37a0b8a00' AND file:name = 'calc.exe' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-03-19T15:19:00Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5aafd4f9-e618-456b-b1b2-495d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-19T15:19:21.000Z",
"modified": "2018-03-19T15:19:21.000Z",
"pattern": "[file:hashes.MD5 = 'b6ca04cc59805e2680d77a71d9d7bd2f' AND file:name = 'dit.bat' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-03-19T15:19:21Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5aafd80c-ddd8-4fb3-ab18-4df7950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-19T15:32:28.000Z",
"modified": "2018-03-19T15:32:28.000Z",
"pattern": "[file:hashes.MD5 = '2c9095c965a55efc46e16b86f9b7d6c6' AND file:name = 'global.aspx' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-03-19T15:32:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5aafd820-7680-4d33-b9b3-49a2950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-19T15:32:48.000Z",
"modified": "2018-03-19T15:32:48.000Z",
"pattern": "[file:hashes.MD5 = '765fcd7588b1d94008975c4627c8feb6' AND file:name = 'inst.exe' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-03-19T15:32:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5aafd832-89d8-4f6d-9075-4b79950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-19T15:33:06.000Z",
"modified": "2018-03-19T15:33:06.000Z",
"pattern": "[file:hashes.MD5 = '1caa374b5a53e34e161c59d18ce6fdff' AND file:name = 'install.bat' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-03-19T15:33:06Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5aafd853-4398-4544-bb59-47d7950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-19T15:33:39.000Z",
"modified": "2018-03-19T15:33:39.000Z",
"pattern": "[file:hashes.MD5 = 'c34cb67845a88f1a9c22ceaad46f584b' AND file:name = 'mk64.zip' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-03-19T15:33:39Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5aafd892-9f98-41a5-b34d-4ba3950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-19T15:34:42.000Z",
"modified": "2018-03-19T15:34:42.000Z",
"pattern": "[file:hashes.MD5 = '661cc9179a724c41e6712ce3f5aeadfd' AND file:name = 'PowerView.ps1' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-03-19T15:34:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5aafd8ad-f9b0-4f8c-b332-4ce3950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-19T15:35:09.000Z",
"modified": "2018-03-19T15:35:09.000Z",
"pattern": "[file:hashes.MD5 = '901fd9aeeaca9631902bccd6bdd89f74' AND file:name = 'pps.bat' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-03-19T15:35:09Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5aafd8be-76e4-4c72-b99b-400f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-19T15:35:26.000Z",
"modified": "2018-03-19T15:35:26.000Z",
"pattern": "[file:hashes.MD5 = '1ce20b4e7a561f0ac5c6c515975b70a5' AND file:name = 'pps.exe' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-03-19T15:35:26Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--68aa5eb6-0404-4285-b4b9-3f6bd1ac804c",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-19T21:10:25.000Z",
"modified": "2018-03-19T21:10:25.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/6401abe9b6e90411dc48ffc863c40c9d9b073590a8014fe1b0e6c2ecab2f7e18/analysis/1521302135/",
"category": "External analysis",
"uuid": "5ab02741-69e4-4908-8205-277b02de0b81"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "24/57",
"category": "Other",
"uuid": "5ab02742-e268-4ba5-bbb4-277b02de0b81"
},
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-03-17T15:55:35",
"category": "Other",
"uuid": "5ab02742-bc90-471c-8c97-277b02de0b81"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--ee89f074-993e-4d98-ab7e-bf03843107c1",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-19T21:10:29.000Z",
"modified": "2018-03-19T21:10:29.000Z",
"pattern": "[file:hashes.MD5 = '722154a36f32ba10e98020a8ad758a7a' AND file:hashes.SHA1 = '2872dcdf108563d16b6cf2ed383626861fc541d2' AND file:hashes.SHA256 = 'ac6c1df3895af63b864bb33bf30cb31059e247443ddb8f23517849362ec94f08']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-03-19T21:10:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--60e4dfd5-2356-436c-b272-ed04a971d8a9",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-19T21:10:28.000Z",
"modified": "2018-03-19T21:10:28.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/ac6c1df3895af63b864bb33bf30cb31059e247443ddb8f23517849362ec94f08/analysis/1521303125/",
"category": "External analysis",
"uuid": "5ab02744-10c8-4e40-97d8-277b02de0b81"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "31/60",
"category": "Other",
"uuid": "5ab02744-92d4-45ff-8412-277b02de0b81"
},
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-03-17T16:12:05",
"category": "Other",
"uuid": "5ab02744-1c84-44a7-b6f4-277b02de0b81"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--f813c138-e77b-46f1-96dd-e7379a6aeb0a",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-19T21:10:32.000Z",
"modified": "2018-03-19T21:10:32.000Z",
"pattern": "[file:hashes.MD5 = 'e29d1f5d79cd906f75c88177c7f6168e' AND file:hashes.SHA1 = 'be0a15d1aa85c9d39c4757efda861da014156d31' AND file:hashes.SHA256 = 'fcc093a79fae9b92e69c99bb28f9ae12939e4e1327a371eeac9207e346eccdb4']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-03-19T21:10:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--d80c3aaa-a450-4349-9cc8-59ff3e6e8334",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-19T21:10:30.000Z",
"modified": "2018-03-19T21:10:30.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/fcc093a79fae9b92e69c99bb28f9ae12939e4e1327a371eeac9207e346eccdb4/analysis/1521141310/",
"category": "External analysis",
"uuid": "5ab02746-b8d8-4428-ba6d-277b02de0b81"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "24/59",
"category": "Other",
"uuid": "5ab02747-1be4-4393-a973-277b02de0b81"
},
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-03-15T19:15:10",
"category": "Other",
"uuid": "5ab02747-4858-4a3e-b5b4-277b02de0b81"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--a5cf7d41-3fd8-4f9e-8efa-17f99229ab80",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-19T21:10:31.000Z",
"modified": "2018-03-19T21:10:31.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/a278256fbf2f061cfded7fdd58feded6765fade730374c508adad89282f67d77/analysis/1521140874/",
"category": "External analysis",
"uuid": "5ab02747-92d0-4cd8-a189-277b02de0b81"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "45/66",
"category": "Other",
"uuid": "5ab02748-7564-405a-a246-277b02de0b81"
},
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-03-15T19:07:54",
"category": "Other",
"uuid": "5ab02748-0e40-4dea-be83-277b02de0b81"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--db67a0ca-ab6e-4d10-ba16-96b2c18ef120",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-19T21:10:32.000Z",
"modified": "2018-03-19T21:10:32.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/f8dbabdfa03068130c277ce49c60e35c029ff29d9e3c74c362521f3fb02670d5/analysis/1521206204/",
"category": "External analysis",
"uuid": "5ab02748-90a0-42ed-a7d1-277b02de0b81"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "1/64",
"category": "Other",
"uuid": "5ab02749-3adc-421b-a393-277b02de0b81"
},
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-03-16T13:16:44",
"category": "Other",
"uuid": "5ab02749-5c94-495c-a025-277b02de0b81"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--c90cf7a2-c522-4055-a791-65fe451876bc",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-19T21:10:33.000Z",
"modified": "2018-03-19T21:10:33.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/9b97290300abb68fb48480718e6318ee2cdd4f099aa6438010fb2f44803e0b58/analysis/1521302794/",
"category": "External analysis",
"uuid": "5ab02749-e49c-49e5-afdc-277b02de0b81"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "25/58",
"category": "Other",
"uuid": "5ab0274a-ecbc-4920-90c1-277b02de0b81"
},
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-03-17T16:06:34",
"category": "Other",
"uuid": "5ab0274a-c950-4276-894e-277b02de0b81"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--a8098016-54d1-4580-9c9c-0f774f7e5e71",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-19T21:10:34.000Z",
"modified": "2018-03-19T21:10:34.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/2f159b71183a69928ba8f26b76772ec504aefeac71021b012bd006162e133731/analysis/1521302917/",
"category": "External analysis",
"uuid": "5ab0274a-a7b4-492d-bd1b-277b02de0b81"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "38/66",
"category": "Other",
"uuid": "5ab0274b-52d0-4f50-b03d-277b02de0b81"
},
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-03-17T16:08:37",
"category": "Other",
"uuid": "5ab0274b-5b00-4848-b147-277b02de0b81"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--4e6ace53-c11b-490e-85cd-9b18d139fd3b",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-19T21:10:35.000Z",
"modified": "2018-03-19T21:10:35.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/72a28efb6e32e653b656ca32ccd44b3111145a695f6f6161965deebbdc437076/analysis/1521306629/",
"category": "External analysis",
"uuid": "5ab0274b-26ec-49d7-919d-277b02de0b81"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "10/59",
"category": "Other",
"uuid": "5ab0274b-ebe0-412c-a2e3-277b02de0b81"
},
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-03-17T17:10:29",
"category": "Other",
"uuid": "5ab0274b-9034-4632-88b8-277b02de0b81"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--174f8d3f-dc51-4988-bcf3-ca5b2afea2b9",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-19T21:10:36.000Z",
"modified": "2018-03-19T21:10:36.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/f2943f5e45befa52fb12748ca7171d30096e1d4fc3c365561497c618341299d5/analysis/1521302528/",
"category": "External analysis",
"uuid": "5ab0274c-e5d4-47f9-9a0b-277b02de0b81"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "25/58",
"category": "Other",
"uuid": "5ab0274c-8b48-4cbd-b63c-277b02de0b81"
},
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-03-17T16:02:08",
"category": "Other",
"uuid": "5ab0274c-19dc-4561-906b-277b02de0b81"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--a466a89c-d8ef-4782-8897-f0b39085bf55",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-19T21:10:37.000Z",
"modified": "2018-03-19T21:10:37.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/070d7082a5abe1112615877214ec82241fd17e5bd465e24d794a470f699af88e/analysis/1521467286/",
"category": "External analysis",
"uuid": "5ab0274d-84a8-4e56-b52c-277b02de0b81"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "2/66",
"category": "Other",
"uuid": "5ab0274d-cff0-4d30-8053-277b02de0b81"
},
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-03-19T13:48:06",
"category": "Other",
"uuid": "5ab0274d-87f4-40fa-b60e-277b02de0b81"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ab0b706-4d88-4569-94fb-4661950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-20T07:23:50.000Z",
"modified": "2018-03-20T07:23:50.000Z",
"pattern": "[file:hashes.MD5 = 'bcf823eeee02967b49b764e22319c79f' AND file:name = 'enu.cmd' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-03-20T07:23:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ab0b73f-8870-4960-8a24-46ec950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-20T07:24:47.000Z",
"modified": "2018-03-20T07:24:47.000Z",
"pattern": "[file:hashes.MD5 = '619528e52a31d1d348acb2077e2fc240' AND file:name = 'upd.bat' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-03-20T07:24:47Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ab0b750-2024-42d7-b8dc-4058950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-20T07:25:04.000Z",
"modified": "2018-03-20T07:25:04.000Z",
"pattern": "[file:hashes.MD5 = '243511a51088d57e6df08d5ef52d5499' AND file:name = 'CV Control Engeneer.docx' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-03-20T07:25:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ab0b762-6fec-47d5-85a8-44c2950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-20T07:25:22.000Z",
"modified": "2018-03-20T07:25:22.000Z",
"pattern": "[file:hashes.MD5 = '277256f905d7cb07cdcd096cecc27e76' AND file:name = 'CV Jon Patrick.docx' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-03-20T07:25:22Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ab0b77e-2250-48df-a9a7-48e3950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-20T07:25:50.000Z",
"modified": "2018-03-20T07:25:50.000Z",
"pattern": "[file:hashes.MD5 = '4909db36f71106379832c8ca57ba5be8' AND file:name = 'Controls Engineer.docx' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-03-20T07:25:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ab0b78e-6180-4143-bcfa-422a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-20T07:26:06.000Z",
"modified": "2018-03-20T07:26:06.000Z",
"pattern": "[file:hashes.MD5 = '4e4e9aac289f1c55e50227e2de66463b' AND file:name = 'Controls Engineer.docx' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-03-20T07:26:06Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ab0b7ae-8d44-48c7-908f-409c950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-20T07:26:38.000Z",
"modified": "2018-03-20T07:26:38.000Z",
"pattern": "[file:hashes.MD5 = '5c6a887a91b18289a70bdd29cc86ebdb' AND file:name = 'High R-Value Energy.docx' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-03-20T07:26:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ab0b7c6-0ecc-4b84-aacf-44a2950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-20T07:27:02.000Z",
"modified": "2018-03-20T07:27:02.000Z",
"pattern": "[file:hashes.MD5 = '6c3c58f168e883af1294bbcea33b03e6' AND file:name = 'CV_Jon_Patrick.docx' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-03-20T07:27:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ab0b7d7-7530-4c12-9360-4d17950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-20T07:27:19.000Z",
"modified": "2018-03-20T07:27:19.000Z",
"pattern": "[file:hashes.MD5 = '78e90308ff107ce38089dff16a929431' AND file:name = 'CV Jon Patrick.docx' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-03-20T07:27:19Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ab0b7e9-12cc-49c0-8673-4e90950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-20T07:27:37.000Z",
"modified": "2018-03-20T07:27:37.000Z",
"pattern": "[file:hashes.MD5 = '90514dee65caf923e829f1e0094d2585' AND file:name = 'CV_Jon_Patrick.docx' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-03-20T07:27:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ab0b7fb-c138-4d71-914f-4317950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-20T07:27:55.000Z",
"modified": "2018-03-20T07:27:55.000Z",
"pattern": "[file:hashes.MD5 = 'c1529353e33fd3c0d2802bb558414f11' AND file:name = 'Build Hydroelectric Turbine.docx' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-03-20T07:27:55Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ab0b80c-f79c-4c30-a9d9-4e52950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-20T07:28:12.000Z",
"modified": "2018-03-20T07:28:12.000Z",
"pattern": "[file:hashes.MD5 = 'cda0b7fbdbdcef1777657182a504283d' AND file:name = 'Resume_Key_And_Personal.docx' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-03-20T07:28:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ab0b819-f650-498e-8a51-46d8950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-20T07:28:25.000Z",
"modified": "2018-03-20T07:28:25.000Z",
"pattern": "[file:hashes.MD5 = 'dde2a6ac540643e2428976b778c43d39' AND file:name = 'CV_Jon_Patrick.docx' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-03-20T07:28:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ab0b8a0-36e0-4917-a97c-4fc2950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-20T07:30:40.000Z",
"modified": "2018-03-20T07:30:40.000Z",
"pattern": "[file:hashes.MD5 = 'e9a906082df6383aa8d5de60f6ef830e' AND file:name = 'CV_Jon_Patrick.docx' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-03-20T07:30:40Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ab0b8b1-9700-4b9d-9c32-453d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-20T07:30:57.000Z",
"modified": "2018-03-20T07:30:57.000Z",
"pattern": "[file:hashes.MD5 = '3c432a21cfd05f976af8c47a007928f7' AND file:name = 'Report03-23-2017.docx' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-03-20T07:30:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ab0b8c4-8ed0-450a-946a-4ed6950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-20T07:31:16.000Z",
"modified": "2018-03-20T07:31:16.000Z",
"pattern": "[file:hashes.MD5 = '34a11f3d68fd6cdef04b6df17bbe8f4d' AND file:name = 'corp_rules(2016).docx' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-03-20T07:31:16Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ab0b8d7-c5e4-4619-98b1-4440950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-20T07:31:35.000Z",
"modified": "2018-03-20T07:31:35.000Z",
"pattern": "[file:hashes.MD5 = '141e78d16456a072c9697454fc6d5f58' AND file:name = 'corp_rules(2016).docx' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-03-20T07:31:35Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ab0b8e6-7054-49c9-8240-4c8d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-20T07:31:50.000Z",
"modified": "2018-03-20T07:31:50.000Z",
"pattern": "[file:hashes.MD5 = 'bfa54ccc770dcce8fd4929b7c1176470' AND file:name = 'invite.docx' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-03-20T07:31:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ab0b8f8-4c70-4a36-8577-46a9950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-20T07:32:08.000Z",
"modified": "2018-03-20T07:32:08.000Z",
"pattern": "[file:hashes.MD5 = '848775bab0801e5bb15b33fa4fca573c' AND file:name = 'Controls Engineer.docx' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-03-20T07:32:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ab0b908-ba78-4823-8e63-460d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-20T07:32:24.000Z",
"modified": "2018-03-20T07:32:24.000Z",
"pattern": "[file:hashes.MD5 = '8ff4dc8a2ebfd5eea11a38877bd4f2df' AND file:name = '~1171694.dll' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-03-20T07:32:24Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ab0b917-4c34-4939-99f3-44a3950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-20T07:32:39.000Z",
"modified": "2018-03-20T07:32:39.000Z",
"pattern": "[file:hashes.MD5 = '5c5c2c06deca8212eb71d2cc7f0d23e9' AND file:name = 'mozilla.exe' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-03-20T07:32:39Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ab0b927-621c-4f5d-a42c-4751950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-20T07:32:55.000Z",
"modified": "2018-03-20T07:32:55.000Z",
"pattern": "[file:hashes.MD5 = '7eae5684e4b4bf44e36f2810c86fcd33' AND file:name = 's.txt.lnk' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-03-20T07:32:55Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ab0b938-b34c-4237-845e-4521950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-20T07:33:12.000Z",
"modified": "2018-03-20T07:33:12.000Z",
"pattern": "[file:hashes.MD5 = '12499311682e914b703a8669ce05fa4d' AND file:name = 'symantec_help.jsp' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-03-20T07:33:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ab0c6cb-e050-4cff-be31-4b78950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-20T08:31:07.000Z",
"modified": "2018-03-20T08:31:07.000Z",
"pattern": "[windows-registry-key:key = 'HKEY_USERS\\\\<USER SID>\\\\Software\\\\Microsoft\\\\Windows\\\\CurrentVersion\\\\Run' AND windows-registry-key:values[0].data = 'ntdll' AND windows-registry-key:values[0].data_type = 'REG_NONE' AND windows-registry-key:x_misp_root_keys = 'HKCC']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-03-20T08:31:07Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"registry-key\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--817e8e7e-d4e7-4d2b-8f02-03c20544d73a",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-20T18:50:36.000Z",
"modified": "2018-03-20T18:50:36.000Z",
"pattern": "[file:hashes.MD5 = '848775bab0801e5bb15b33fa4fca573c' AND file:hashes.SHA1 = '3ef471f3d82ef072974d74c49d928d0f3057f24e' AND file:hashes.SHA256 = '7234800d9fe43ba9edea1d7435a1b030712e7bce035334c4a8ed76ed573dbfa1']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-03-20T18:50:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--f11d0914-a6a8-43e8-b34b-e9b56d9ccda5",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-20T18:50:34.000Z",
"modified": "2018-03-20T18:50:34.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/7234800d9fe43ba9edea1d7435a1b030712e7bce035334c4a8ed76ed573dbfa1/analysis/1521304280/",
"category": "External analysis",
"uuid": "5ab157fa-b58c-495e-9c61-e1c102de0b81"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "29/60",
"category": "Other",
"uuid": "5ab157fb-d09c-4dd5-947e-e1c102de0b81"
},
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-03-17T16:31:20",
"category": "Other",
"uuid": "5ab157fb-048c-41cc-bd92-e1c102de0b81"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--ed4e8187-7d82-43a5-ae76-c7457f3a3858",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-20T18:50:38.000Z",
"modified": "2018-03-20T18:50:38.000Z",
"pattern": "[file:hashes.MD5 = 'bfa54ccc770dcce8fd4929b7c1176470' AND file:hashes.SHA1 = '0aabe0176fbe0979e2ee8e9cd920ee3ddb3ebe26' AND file:hashes.SHA256 = 'dce323466041c4a008dbb721aa9677a55484303482ce5975a0ffa16946c186dd']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-03-20T18:50:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--2a950e9f-1c9e-4125-bf95-c935bf9096b6",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-20T18:50:36.000Z",
"modified": "2018-03-20T18:50:36.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/dce323466041c4a008dbb721aa9677a55484303482ce5975a0ffa16946c186dd/analysis/1521304103/",
"category": "External analysis",
"uuid": "5ab157fd-d6a8-4136-8b9b-e1c102de0b81"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "25/59",
"category": "Other",
"uuid": "5ab157fd-ecf0-4c17-aaeb-e1c102de0b81"
},
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-03-17T16:28:23",
"category": "Other",
"uuid": "5ab157fd-3cf8-4873-b1af-e1c102de0b81"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--91368a58-21e1-420a-9d26-97e0385d5748",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-20T18:50:41.000Z",
"modified": "2018-03-20T18:50:41.000Z",
"pattern": "[file:hashes.MD5 = '243511a51088d57e6df08d5ef52d5499' AND file:hashes.SHA1 = 'ba1801a71c2c3d44cbc176a9a45b02166f9b1ad4' AND file:hashes.SHA256 = 'b9fc0483262d8cf1273f04fd03eb67d875fbc700371caf57f4834e706dccdf44']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-03-20T18:50:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--62b12042-f234-4857-9d1b-721399c22094",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-20T18:50:39.000Z",
"modified": "2018-03-20T18:50:39.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/b9fc0483262d8cf1273f04fd03eb67d875fbc700371caf57f4834e706dccdf44/analysis/1521303248/",
"category": "External analysis",
"uuid": "5ab157ff-86ac-4f2a-9ff0-e1c102de0b81"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "29/59",
"category": "Other",
"uuid": "5ab15800-cb24-4711-852c-e1c102de0b81"
},
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-03-17T16:14:08",
"category": "Other",
"uuid": "5ab15800-2bec-455e-aaba-e1c102de0b81"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--dc3dc085-889d-438e-b1a2-d37315215674",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-20T18:50:43.000Z",
"modified": "2018-03-20T18:50:43.000Z",
"pattern": "[file:hashes.MD5 = '34a11f3d68fd6cdef04b6df17bbe8f4d' AND file:hashes.SHA1 = '733ae7d8c9f3551c23a0c228a918de96a245d673' AND file:hashes.SHA256 = '351de762b4a3f600a30b291a467af3d3988b6343c6671b1678676444a0981ee8']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-03-20T18:50:43Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--7716d649-a1a1-46f5-b491-ed742857eb80",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-20T18:50:41.000Z",
"modified": "2018-03-20T18:50:41.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/351de762b4a3f600a30b291a467af3d3988b6343c6671b1678676444a0981ee8/analysis/1521303888/",
"category": "External analysis",
"uuid": "5ab15802-fbd4-4b21-b8dd-e1c102de0b81"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "26/59",
"category": "Other",
"uuid": "5ab15802-ad84-4dc3-a88d-e1c102de0b81"
},
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-03-17T16:24:48",
"category": "Other",
"uuid": "5ab15802-c924-49db-a1c3-e1c102de0b81"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--15fc0f64-5c84-4c0c-972e-d7cfbc940bb5",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-20T18:50:46.000Z",
"modified": "2018-03-20T18:50:46.000Z",
"pattern": "[file:hashes.MD5 = '3c432a21cfd05f976af8c47a007928f7' AND file:hashes.SHA1 = '67175f1de3a911958e4c075336160462df3ea7b1' AND file:hashes.SHA256 = '93cd6696e150caf6106e6066b58107372dcf43377bf4420c848007c10ff80bc9']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-03-20T18:50:46Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--2a28b918-0b88-4f5f-9084-202f5324905b",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-20T18:50:44.000Z",
"modified": "2018-03-20T18:50:44.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/93cd6696e150caf6106e6066b58107372dcf43377bf4420c848007c10ff80bc9/analysis/1521303830/",
"category": "External analysis",
"uuid": "5ab15804-4114-46d4-809c-e1c102de0b81"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "32/60",
"category": "Other",
"uuid": "5ab15805-9000-420c-82ef-e1c102de0b81"
},
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-03-17T16:23:50",
"category": "Other",
"uuid": "5ab15805-b044-479e-a049-e1c102de0b81"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--36581bf5-7984-4225-9f75-b9ae6c3a895d",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-20T18:50:48.000Z",
"modified": "2018-03-20T18:50:48.000Z",
"pattern": "[file:hashes.MD5 = '141e78d16456a072c9697454fc6d5f58' AND file:hashes.SHA1 = 'eff5e2a3ac471a1b5ecdf51a72e003a82c350506' AND file:hashes.SHA256 = 'c272a2d96aefdef746f983e7f8720792e8a6dee97a766a651dc55f70f605b23d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-03-20T18:50:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--78564b68-ca38-4f83-8610-0780016cc9c6",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-20T18:50:46.000Z",
"modified": "2018-03-20T18:50:46.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/c272a2d96aefdef746f983e7f8720792e8a6dee97a766a651dc55f70f605b23d/analysis/1521141278/",
"category": "External analysis",
"uuid": "5ab15807-5868-4677-bdc1-e1c102de0b81"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "25/59",
"category": "Other",
"uuid": "5ab15807-2528-494e-9b72-e1c102de0b81"
},
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-03-15T19:14:38",
"category": "Other",
"uuid": "5ab15807-5614-4902-8251-e1c102de0b81"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--26df7c7f-c892-4128-a50f-3dfacc30e475",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-20T18:50:50.000Z",
"modified": "2018-03-20T18:50:50.000Z",
"pattern": "[file:hashes.MD5 = 'cda0b7fbdbdcef1777657182a504283d' AND file:hashes.SHA1 = '095193f9eff58e84bd69d40440c691ea61a5c1bf' AND file:hashes.SHA256 = '764e71b9fef3d8c7252cf861c9233bf9c9119a5267834a875bbdc541606d81ed']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-03-20T18:50:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--c526bab4-b450-4b9b-a857-d625ca2b9df4",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-20T18:50:49.000Z",
"modified": "2018-03-20T18:50:49.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/764e71b9fef3d8c7252cf861c9233bf9c9119a5267834a875bbdc541606d81ed/analysis/1521303629/",
"category": "External analysis",
"uuid": "5ab15809-6f50-4b9a-b4db-e1c102de0b81"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "25/60",
"category": "Other",
"uuid": "5ab15809-e874-4540-ade6-e1c102de0b81"
},
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-03-17T16:20:29",
"category": "Other",
"uuid": "5ab15809-d998-449b-b7c6-e1c102de0b81"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--e96ec051-cdad-45ba-b7ed-278e1fbf1c0d",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-20T18:50:53.000Z",
"modified": "2018-03-20T18:50:53.000Z",
"pattern": "[file:hashes.MD5 = '277256f905d7cb07cdcd096cecc27e76' AND file:hashes.SHA1 = '3f5506b06856f63b9aa610e07ec9791249199952' AND file:hashes.SHA256 = 'a54c992d88cadf6f426d44304fa142672f1f57b98de25b79361478b3d5cab594']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-03-20T18:50:53Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--9ae0d6cc-6be6-4cf7-ae00-bf9836bc7347",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-20T18:50:51.000Z",
"modified": "2018-03-20T18:50:51.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/a54c992d88cadf6f426d44304fa142672f1f57b98de25b79361478b3d5cab594/analysis/1521303336/",
"category": "External analysis",
"uuid": "5ab1580b-ba08-4e26-b172-e1c102de0b81"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "29/60",
"category": "Other",
"uuid": "5ab1580c-c5a4-44a1-b254-e1c102de0b81"
},
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-03-17T16:15:36",
"category": "Other",
"uuid": "5ab1580c-000c-4f38-bdf4-e1c102de0b81"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--eb510916-5440-457d-8b5a-2e67dbd8f5c8",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-20T18:50:55.000Z",
"modified": "2018-03-20T18:50:55.000Z",
"pattern": "[file:hashes.MD5 = '4909db36f71106379832c8ca57ba5be8' AND file:hashes.SHA1 = '5df2cb4b3a29adad4ba0a8f0b7eab5b6ae633977' AND file:hashes.SHA256 = 'b02508baf8567e62f3c0fd14833c82fb24e8ba4f0dc84aeb7690d9ea83385baa']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-03-20T18:50:55Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--b3c5a480-22df-4ca6-a89d-67ab89e1ef8e",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-20T18:50:54.000Z",
"modified": "2018-03-20T18:50:54.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/b02508baf8567e62f3c0fd14833c82fb24e8ba4f0dc84aeb7690d9ea83385baa/analysis/1521463198/",
"category": "External analysis",
"uuid": "5ab1580e-9c10-4ff2-80ea-e1c102de0b81"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "30/60",
"category": "Other",
"uuid": "5ab1580e-5e98-4301-8a31-e1c102de0b81"
},
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-03-19T12:39:58",
"category": "Other",
"uuid": "5ab1580e-b67c-4537-88ef-e1c102de0b81"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--769ce047-ff32-42fa-aca3-aa3f3cd47615",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-20T18:50:58.000Z",
"modified": "2018-03-20T18:50:58.000Z",
"pattern": "[file:hashes.MD5 = '4e4e9aac289f1c55e50227e2de66463b' AND file:hashes.SHA1 = '421eecdfe4f6987bb9ff7a6d65827563e53eafbb' AND file:hashes.SHA256 = '3d6eadf0f0b3fb7f996e6eb3d540945c2d736822df1a37dcd0e25371fa2d75a0']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-03-20T18:50:58Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--38489708-7681-4bf1-b940-d0497914665d",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-20T18:50:56.000Z",
"modified": "2018-03-20T18:50:56.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/3d6eadf0f0b3fb7f996e6eb3d540945c2d736822df1a37dcd0e25371fa2d75a0/analysis/1521303407/",
"category": "External analysis",
"uuid": "5ab15810-83c0-46b3-b737-e1c102de0b81"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "31/60",
"category": "Other",
"uuid": "5ab15811-afb0-4768-9a57-e1c102de0b81"
},
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-03-17T16:16:47",
"category": "Other",
"uuid": "5ab15811-7f24-4c1b-9bf3-e1c102de0b81"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--a377dd67-a104-4cf0-a517-c6a7aa915ec7",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-20T18:50:57.000Z",
"modified": "2018-03-20T18:50:57.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/6401abe9b6e90411dc48ffc863c40c9d9b073590a8014fe1b0e6c2ecab2f7e18/analysis/1521302135/",
"category": "External analysis",
"uuid": "5ab15811-7938-4f40-9783-e1c102de0b81"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "24/57",
"category": "Other",
"uuid": "5ab15812-e350-4e89-9cd0-e1c102de0b81"
},
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-03-17T15:55:35",
"category": "Other",
"uuid": "5ab15812-b218-44de-8b50-e1c102de0b81"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--fa75388a-9fbe-4682-82db-1a02068aac41",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-20T18:50:58.000Z",
"modified": "2018-03-20T18:50:58.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/fcc093a79fae9b92e69c99bb28f9ae12939e4e1327a371eeac9207e346eccdb4/analysis/1521141310/",
"category": "External analysis",
"uuid": "5ab15812-8aec-41f2-b209-e1c102de0b81"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "24/59",
"category": "Other",
"uuid": "5ab15813-d040-4909-bd59-e1c102de0b81"
},
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-03-15T19:15:10",
"category": "Other",
"uuid": "5ab15813-67c4-4f65-8873-e1c102de0b81"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--da511a48-fb7c-48e9-af7b-87959d26df32",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-20T18:50:59.000Z",
"modified": "2018-03-20T18:50:59.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/a278256fbf2f061cfded7fdd58feded6765fade730374c508adad89282f67d77/analysis/1521140874/",
"category": "External analysis",
"uuid": "5ab15813-6848-41de-a43b-e1c102de0b81"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "45/66",
"category": "Other",
"uuid": "5ab15814-7220-430b-b7b6-e1c102de0b81"
},
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-03-15T19:07:54",
"category": "Other",
"uuid": "5ab15814-c07c-4e39-a67b-e1c102de0b81"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--43871de9-0fbb-4042-979d-c05a03f7591b",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-20T18:51:00.000Z",
"modified": "2018-03-20T18:51:00.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/f8dbabdfa03068130c277ce49c60e35c029ff29d9e3c74c362521f3fb02670d5/analysis/1521206204/",
"category": "External analysis",
"uuid": "5ab15814-adcc-4e6c-a1b5-e1c102de0b81"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "1/64",
"category": "Other",
"uuid": "5ab15815-69c4-4dd1-a33f-e1c102de0b81"
},
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-03-16T13:16:44",
"category": "Other",
"uuid": "5ab15815-8dd8-4add-a1a9-e1c102de0b81"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--e5412ec5-9117-48af-ad6a-302b656170d5",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-20T18:51:01.000Z",
"modified": "2018-03-20T18:51:01.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/ac6c1df3895af63b864bb33bf30cb31059e247443ddb8f23517849362ec94f08/analysis/1521303125/",
"category": "External analysis",
"uuid": "5ab15815-aed4-4e44-94db-e1c102de0b81"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "31/60",
"category": "Other",
"uuid": "5ab15816-1808-4cc8-8861-e1c102de0b81"
},
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-03-17T16:12:05",
"category": "Other",
"uuid": "5ab15816-4c1c-4936-a6b8-e1c102de0b81"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--eed7ce27-e8b2-4d01-bf3b-8540ba85e2c6",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-20T18:51:02.000Z",
"modified": "2018-03-20T18:51:02.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/9b97290300abb68fb48480718e6318ee2cdd4f099aa6438010fb2f44803e0b58/analysis/1521302794/",
"category": "External analysis",
"uuid": "5ab15816-ee60-4021-9c67-e1c102de0b81"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "25/58",
"category": "Other",
"uuid": "5ab15817-99ec-47a3-9db0-e1c102de0b81"
},
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-03-17T16:06:34",
"category": "Other",
"uuid": "5ab15817-f508-4fee-99ed-e1c102de0b81"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--cced1e71-a4a2-4b3f-9dba-4e0d6f790640",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-20T18:51:03.000Z",
"modified": "2018-03-20T18:51:03.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/72a28efb6e32e653b656ca32ccd44b3111145a695f6f6161965deebbdc437076/analysis/1521306629/",
"category": "External analysis",
"uuid": "5ab15817-7ff8-42db-bfcc-e1c102de0b81"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "10/59",
"category": "Other",
"uuid": "5ab15818-4e44-4db8-8a1e-e1c102de0b81"
},
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-03-17T17:10:29",
"category": "Other",
"uuid": "5ab15818-ee28-44f7-b3ff-e1c102de0b81"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--31025798-921f-4e1f-94ad-160e77001592",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-20T18:51:04.000Z",
"modified": "2018-03-20T18:51:04.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/2f159b71183a69928ba8f26b76772ec504aefeac71021b012bd006162e133731/analysis/1521302917/",
"category": "External analysis",
"uuid": "5ab15818-1ef4-4121-8982-e1c102de0b81"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "38/66",
"category": "Other",
"uuid": "5ab15819-ca4c-4469-9ff3-e1c102de0b81"
},
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-03-17T16:08:37",
"category": "Other",
"uuid": "5ab15819-95f0-48c1-84aa-e1c102de0b81"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--c4f3b65c-59cf-439d-845e-e1e147898568",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-20T18:51:05.000Z",
"modified": "2018-03-20T18:51:05.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/f2943f5e45befa52fb12748ca7171d30096e1d4fc3c365561497c618341299d5/analysis/1521302528/",
"category": "External analysis",
"uuid": "5ab15819-6e20-44a8-8af1-e1c102de0b81"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "25/58",
"category": "Other",
"uuid": "5ab1581a-1658-41c4-821a-e1c102de0b81"
},
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-03-17T16:02:08",
"category": "Other",
"uuid": "5ab1581a-d004-42f2-9ee4-e1c102de0b81"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--dbf7cd6d-1439-4c5c-990a-cd5af23dea49",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-20T18:51:06.000Z",
"modified": "2018-03-20T18:51:06.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/070d7082a5abe1112615877214ec82241fd17e5bd465e24d794a470f699af88e/analysis/1521567919/",
"category": "External analysis",
"uuid": "5ab1581a-795c-4adc-8219-e1c102de0b81"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "3/64",
"category": "Other",
"uuid": "5ab1581b-c348-4e1b-80ed-e1c102de0b81"
},
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-03-20T17:45:19",
"category": "Other",
"uuid": "5ab1581b-430c-422e-9523-e1c102de0b81"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--5aab8a40-e18c-4560-ac9b-4e12950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-16T09:24:28.000Z",
"modified": "2018-03-16T09:24:28.000Z",
"labels": [
"misp:name=\"pe-section\"",
"misp:meta-category=\"file\""
],
"x_misp_attributes": [
{
"type": "md5",
"object_relation": "md5",
"value": "f6446f2d2487929d672f5c564d88ea5e",
"category": "Payload delivery",
"to_ids": true,
"uuid": "5aab8a41-7158-4788-b3d0-4aa5950d210f"
},
{
"type": "size-in-bytes",
"object_relation": "size-in-bytes",
"value": "512",
"category": "Other",
"uuid": "5aab8a41-bfb0-4cc8-9179-46ad950d210f"
},
{
"type": "text",
"object_relation": "name",
"value": "UPX2",
"category": "Other",
"uuid": "5aab8a41-267c-4cb5-88b9-4c5c950d210f"
},
{
"type": "float",
"object_relation": "entropy",
"value": "2.65327458211",
"category": "Other",
"uuid": "5aab8a42-dba0-4cca-82ab-485b950d210f"
}
],
"x_misp_meta_category": "file",
"x_misp_name": "pe-section"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--5aab8b85-d4b4-4c9a-a26f-4bfd950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-16T09:26:44.000Z",
"modified": "2018-03-16T09:26:44.000Z",
"labels": [
"misp:name=\"pe-section\"",
"misp:meta-category=\"file\""
],
"x_misp_attributes": [
{
"type": "md5",
"object_relation": "md5",
"value": "d41d8cd98f00b204e9800998ecf8427e",
"category": "Payload delivery",
"to_ids": true,
"uuid": "5aab8b86-1c34-4fa9-9e84-40fc950d210f"
},
{
"type": "text",
"object_relation": "name",
"value": "UPX0",
"category": "Other",
"uuid": "5aab8b86-f140-4268-9dcc-4c97950d210f"
},
{
"type": "float",
"object_relation": "entropy",
"value": "0.0",
"category": "Other",
"uuid": "5aab8b87-95d8-4277-a6e5-4fbc950d210f"
}
],
"x_misp_meta_category": "file",
"x_misp_name": "pe-section"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--5aab8bf6-1b00-4a4e-98fc-0bd1950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-16T09:18:46.000Z",
"modified": "2018-03-16T09:18:46.000Z",
"labels": [
"misp:name=\"pe-section\"",
"misp:meta-category=\"file\""
],
"x_misp_attributes": [
{
"type": "md5",
"object_relation": "md5",
"value": "2c0d0688b7ee403a2340a2c71cfc9164",
"category": "Payload delivery",
"to_ids": true,
"uuid": "5aab8bf7-3658-4259-924d-0bd1950d210f"
},
{
"type": "size-in-bytes",
"object_relation": "size-in-bytes",
"value": "1137152",
"category": "Other",
"uuid": "5aab8bf7-1fb4-4759-99d8-0bd1950d210f"
},
{
"type": "text",
"object_relation": "name",
"value": "UPX1",
"category": "Other",
"uuid": "5aab8bf8-e6f8-4451-b923-0bd1950d210f"
},
{
"type": "float",
"object_relation": "entropy",
"value": "7.9214700728",
"category": "Other",
"uuid": "5aab8bf8-6a68-45e4-9678-0bd1950d210f"
}
],
"x_misp_meta_category": "file",
"x_misp_name": "pe-section"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--5aab8c8a-e97c-4431-af73-4776950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-16T09:21:40.000Z",
"modified": "2018-03-16T09:21:40.000Z",
"labels": [
"misp:name=\"pe-section\"",
"misp:meta-category=\"file\""
],
"x_misp_attributes": [
{
"type": "md5",
"object_relation": "md5",
"value": "71cff14862d2727fc0999611b6248dc4",
"category": "Payload delivery",
"to_ids": true,
"uuid": "5aab8c8b-e274-449c-87e6-4a99950d210f"
},
{
"type": "size-in-bytes",
"object_relation": "size-in-bytes",
"value": "512",
"category": "Other",
"uuid": "5aab8c8b-9744-438c-a786-41aa950d210f"
},
{
"type": "text",
"object_relation": "name",
"value": ".rsrc",
"category": "Other",
"uuid": "5aab8c8c-5f78-4036-afb4-4529950d210f"
},
{
"type": "float",
"object_relation": "entropy",
"value": "2.76447625028",
"category": "Other",
"uuid": "5aab8c8c-492c-4104-a412-4cca950d210f"
}
],
"x_misp_meta_category": "file",
"x_misp_name": "pe-section"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--5aab91aa-635c-4a4f-872f-4190950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-16T09:43:06.000Z",
"modified": "2018-03-16T09:43:06.000Z",
"labels": [
"misp:name=\"pe-section\"",
"misp:meta-category=\"file\""
],
"x_misp_attributes": [
{
"type": "md5",
"object_relation": "md5",
"value": "e83f44e61ca2dde6f1a992958980551d",
"category": "Payload delivery",
"to_ids": true,
"uuid": "5aab91aa-307c-4172-b6d4-4380950d210f"
},
{
"type": "size-in-bytes",
"object_relation": "size-in-bytes",
"value": "1024",
"category": "Other",
"uuid": "5aab91aa-62bc-4c55-b62f-437e950d210f"
},
{
"type": "text",
"object_relation": "name",
"value": "(header)",
"category": "Other",
"uuid": "5aab91ab-b4c4-4510-886a-4004950d210f"
},
{
"type": "float",
"object_relation": "entropy",
"value": "1.76593925519",
"category": "Other",
"uuid": "5aab91ab-4ebc-4130-b605-4bd5950d210f"
}
],
"x_misp_meta_category": "file",
"x_misp_name": "pe-section"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--5aab91de-98e8-400c-a319-4045950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-16T09:43:58.000Z",
"modified": "2018-03-16T09:43:58.000Z",
"labels": [
"misp:name=\"pe-section\"",
"misp:meta-category=\"file\""
],
"x_misp_attributes": [
{
"type": "md5",
"object_relation": "md5",
"value": "fdf2016a74a2710c7b3616d394d41872",
"category": "Payload delivery",
"to_ids": true,
"uuid": "5aab91df-0194-43d7-81d8-4024950d210f"
},
{
"type": "size-in-bytes",
"object_relation": "size-in-bytes",
"value": "17920",
"category": "Other",
"uuid": "5aab91df-70bc-46d4-96ff-4027950d210f"
},
{
"type": "text",
"object_relation": "name",
"value": ".text",
"category": "Other",
"uuid": "5aab91e0-81bc-4695-91d0-4e20950d210f"
},
{
"type": "float",
"object_relation": "entropy",
"value": "6.73155298765",
"category": "Other",
"uuid": "5aab91e0-4f9c-4cd7-a93b-465e950d210f"
}
],
"x_misp_meta_category": "file",
"x_misp_name": "pe-section"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--5aab9268-8cb4-4684-9bcd-44e4950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-16T09:46:16.000Z",
"modified": "2018-03-16T09:46:16.000Z",
"labels": [
"misp:name=\"pe-section\"",
"misp:meta-category=\"file\""
],
"x_misp_attributes": [
{
"type": "md5",
"object_relation": "md5",
"value": "1088dc879bfeec6d83d0499c798bb7d3",
"category": "Payload delivery",
"to_ids": true,
"uuid": "5aab9268-c75c-4ae7-af0b-43ec950d210f"
},
{
"type": "size-in-bytes",
"object_relation": "size-in-bytes",
"value": "8704",
"category": "Other",
"uuid": "5aab9268-ad30-423c-a8bb-4535950d210f"
},
{
"type": "text",
"object_relation": "name",
"value": ".rdata",
"category": "Other",
"uuid": "5aab9269-ba60-4efc-9d1d-41e3950d210f"
},
{
"type": "float",
"object_relation": "entropy",
"value": "4.66165724289",
"category": "Other",
"uuid": "5aab9269-ade4-430a-8976-4520950d210f"
}
],
"x_misp_meta_category": "file",
"x_misp_name": "pe-section"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--5aab92c6-8684-42c3-8984-411c950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-16T09:47:50.000Z",
"modified": "2018-03-16T09:47:50.000Z",
"labels": [
"misp:name=\"pe-section\"",
"misp:meta-category=\"file\""
],
"x_misp_attributes": [
{
"type": "md5",
"object_relation": "md5",
"value": "4f595559a69e81208f8d5910b4ca9776",
"category": "Payload delivery",
"to_ids": true,
"uuid": "5aab92c7-02e0-4c53-9d97-4f24950d210f"
},
{
"type": "size-in-bytes",
"object_relation": "size-in-bytes",
"value": "3072",
"category": "Other",
"uuid": "5aab92c7-3244-4439-b15f-4940950d210f"
},
{
"type": "text",
"object_relation": "name",
"value": ".data",
"category": "Other",
"uuid": "5aab92c7-ebc4-4062-b471-4698950d210f"
},
{
"type": "float",
"object_relation": "entropy",
"value": "2.46079202491",
"category": "Other",
"uuid": "5aab92c8-5c90-455d-b61c-4b3b950d210f"
}
],
"x_misp_meta_category": "file",
"x_misp_name": "pe-section"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--5aab92f3-a7f8-4912-a0ce-4c01950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-16T09:48:35.000Z",
"modified": "2018-03-16T09:48:35.000Z",
"labels": [
"misp:name=\"pe-section\"",
"misp:meta-category=\"file\""
],
"x_misp_attributes": [
{
"type": "md5",
"object_relation": "md5",
"value": "6986a9d74f2935b3df5dd1165ebcfbf2",
"category": "Payload delivery",
"to_ids": true,
"uuid": "5aab92f4-b7dc-46b0-a383-42ef950d210f"
},
{
"type": "size-in-bytes",
"object_relation": "size-in-bytes",
"value": "49664",
"category": "Other",
"uuid": "5aab92f4-320c-4dac-8b0c-4db7950d210f"
},
{
"type": "text",
"object_relation": "name",
"value": ".rsrc",
"category": "Other",
"uuid": "5aab92f4-e0d4-4335-b537-4da6950d210f"
},
{
"type": "float",
"object_relation": "entropy",
"value": "4.29254828795",
"category": "Other",
"uuid": "5aab92f5-0c28-4b74-ad27-4457950d210f"
}
],
"x_misp_meta_category": "file",
"x_misp_name": "pe-section"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--5aab9379-a5d0-4403-8e3c-4ec0950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-16T09:50:49.000Z",
"modified": "2018-03-16T09:50:49.000Z",
"labels": [
"misp:name=\"pe-section\"",
"misp:meta-category=\"file\""
],
"x_misp_attributes": [
{
"type": "md5",
"object_relation": "md5",
"value": "64f6f513a48c98c5a6b16a2f266978dd",
"category": "Payload delivery",
"to_ids": true,
"uuid": "5aab937a-0464-45fd-9e00-4922950d210f"
},
{
"type": "size-in-bytes",
"object_relation": "size-in-bytes",
"value": "7168",
"category": "Other",
"uuid": "5aab937a-0964-4807-8d79-472b950d210f"
},
{
"type": "text",
"object_relation": "name",
"value": ".reloc",
"category": "Other",
"uuid": "5aab937a-4134-4d91-a752-461d950d210f"
},
{
"type": "float",
"object_relation": "entropy",
"value": "6.85633135524",
"category": "Other",
"uuid": "5aab937b-8fdc-4bde-a0ca-4e9e950d210f"
}
],
"x_misp_meta_category": "file",
"x_misp_name": "pe-section"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--5aabe1e5-11e8-44c8-a00f-6dc8950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-16T15:25:25.000Z",
"modified": "2018-03-16T15:25:25.000Z",
"labels": [
"misp:name=\"pe-section\"",
"misp:meta-category=\"file\""
],
"x_misp_attributes": [
{
"type": "md5",
"object_relation": "md5",
"value": "548c2646e6894ca25a6566b05f9dff43",
"category": "Payload delivery",
"to_ids": true,
"uuid": "5aabe1e6-cad8-45c4-a318-6dc8950d210f"
},
{
"type": "size-in-bytes",
"object_relation": "size-in-bytes",
"value": "1024",
"category": "Other",
"uuid": "5aabe1e6-eccc-4c19-8ea6-6dc8950d210f"
},
{
"type": "text",
"object_relation": "name",
"value": "(header)",
"category": "Other",
"uuid": "5aabe1e6-ec70-4305-8708-6dc8950d210f"
},
{
"type": "float",
"object_relation": "entropy",
"value": "2.44211621906",
"category": "Other",
"uuid": "5aabe1e7-6e70-4ebc-be39-6dc8950d210f"
}
],
"x_misp_meta_category": "file",
"x_misp_name": "pe-section"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--5aabe215-add8-476f-86ee-c0c7950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-16T15:26:37.000Z",
"modified": "2018-03-16T15:26:37.000Z",
"labels": [
"misp:name=\"pe-section\"",
"misp:meta-category=\"file\""
],
"x_misp_attributes": [
{
"type": "md5",
"object_relation": "md5",
"value": "b6822df1b8a74e6089d1e3dd94bd54e5",
"category": "Payload delivery",
"to_ids": true,
"uuid": "5aabe216-6cc4-4ed3-8cfd-c0c7950d210f"
},
{
"type": "size-in-bytes",
"object_relation": "size-in-bytes",
"value": "149504",
"category": "Other",
"uuid": "5aabe216-15c4-4acc-9063-c0c7950d210f"
},
{
"type": "text",
"object_relation": "name",
"value": ".text",
"category": "Other",
"uuid": "5aabe216-4550-496f-8a89-c0c7950d210f"
},
{
"type": "float",
"object_relation": "entropy",
"value": "6.56822413656",
"category": "Other",
"uuid": "5aabe217-4f90-44e0-b7bf-c0c7950d210f"
}
],
"x_misp_meta_category": "file",
"x_misp_name": "pe-section"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--5aabe27a-e1ac-45f6-bf89-edc1950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-16T15:27:54.000Z",
"modified": "2018-03-16T15:27:54.000Z",
"labels": [
"misp:name=\"pe-section\"",
"misp:meta-category=\"file\""
],
"x_misp_attributes": [
{
"type": "md5",
"object_relation": "md5",
"value": "10c63e2e8fe35a2cbe6ae6814f7756a6",
"category": "Payload delivery",
"to_ids": true,
"uuid": "5aabe27a-5264-4698-964e-edc1950d210f"
},
{
"type": "size-in-bytes",
"object_relation": "size-in-bytes",
"value": "34304",
"category": "Other",
"uuid": "5aabe27a-1e30-466b-9e0a-edc1950d210f"
},
{
"type": "text",
"object_relation": "name",
"value": ".rdata",
"category": "Other",
"uuid": "5aabe27b-28d4-4f93-9a04-edc1950d210f"
},
{
"type": "float",
"object_relation": "entropy",
"value": "5.31647891314",
"category": "Other",
"uuid": "5aabe27b-c834-495b-a8bf-edc1950d210f"
}
],
"x_misp_meta_category": "file",
"x_misp_name": "pe-section"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--5aabe29d-7114-4661-8dc7-eda9950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-16T15:28:29.000Z",
"modified": "2018-03-16T15:28:29.000Z",
"labels": [
"misp:name=\"pe-section\"",
"misp:meta-category=\"file\""
],
"x_misp_attributes": [
{
"type": "md5",
"object_relation": "md5",
"value": "f9850349e6edfb121b1aa80be256e852",
"category": "Payload delivery",
"to_ids": true,
"uuid": "5aabe29d-c0f8-4d72-a43e-eda9950d210f"
},
{
"type": "size-in-bytes",
"object_relation": "size-in-bytes",
"value": "8192",
"category": "Other",
"uuid": "5aabe29d-5458-486c-8b61-eda9950d210f"
},
{
"type": "text",
"object_relation": "name",
"value": ".data",
"category": "Other",
"uuid": "5aabe29e-9088-4474-9aea-eda9950d210f"
},
{
"type": "float",
"object_relation": "entropy",
"value": "1.50045151734",
"category": "Other",
"uuid": "5aabe29e-8138-4bb0-bdd8-eda9950d210f"
}
],
"x_misp_meta_category": "file",
"x_misp_name": "pe-section"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--5aabe2be-9a78-4ad8-ae9c-38bc950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-16T15:29:02.000Z",
"modified": "2018-03-16T15:29:02.000Z",
"labels": [
"misp:name=\"pe-section\"",
"misp:meta-category=\"file\""
],
"x_misp_attributes": [
{
"type": "md5",
"object_relation": "md5",
"value": "0dd8e6e638e604ae0e8f26627a45aef2",
"category": "Payload delivery",
"to_ids": true,
"uuid": "5aabe2bf-2cd4-4fba-a437-38bc950d210f"
},
{
"type": "size-in-bytes",
"object_relation": "size-in-bytes",
"value": "182784",
"category": "Other",
"uuid": "5aabe2bf-08a0-4653-b2e5-38bc950d210f"
},
{
"type": "text",
"object_relation": "name",
"value": ".rsrc",
"category": "Other",
"uuid": "5aabe2c0-8470-484d-9d58-38bc950d210f"
},
{
"type": "float",
"object_relation": "entropy",
"value": "6.5918396837",
"category": "Other",
"uuid": "5aabe2c0-1db0-4007-89ee-38bc950d210f"
}
],
"x_misp_meta_category": "file",
"x_misp_name": "pe-section"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--3320cc47-a8d0-4efb-b3d2-4cb6c5247617",
"created": "2018-03-16T09:52:40.000Z",
"modified": "2018-03-16T09:52:40.000Z",
"relationship_type": "related-to",
"source_ref": "indicator--5aab7c2b-3394-4760-97a3-4343950d210f",
"target_ref": "indicator--5aab8036-0898-4514-87cb-4dec950d210f"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--aecfff8f-9a11-4712-ae00-bda086f7452e",
"created": "2018-03-16T10:44:11.000Z",
"modified": "2018-03-16T10:44:11.000Z",
"relationship_type": "related-to",
"source_ref": "indicator--5aab7cc4-3de4-4beb-937b-460e950d210f",
"target_ref": "indicator--5aab7f0e-d540-40a3-b119-4cf3950d210f"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--3717b79c-5889-4104-b6cd-860b916429ee",
"created": "2018-03-16T10:57:12.000Z",
"modified": "2018-03-16T10:57:12.000Z",
"relationship_type": "related-to",
"source_ref": "indicator--5aab7d70-a138-4131-9843-466d950d210f",
"target_ref": "indicator--5aab7f0e-d540-40a3-b119-4cf3950d210f"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--544d5b69-e045-4b8c-bc39-9f2c58a0c2ea",
"created": "2018-03-16T11:43:01.000Z",
"modified": "2018-03-16T11:43:01.000Z",
"relationship_type": "connected-to",
"source_ref": "indicator--5aab7d70-a138-4131-9843-466d950d210f",
"target_ref": "indicator--5aab8035-5834-4055-9ecd-4604950d210f"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--a0fb44e7-057e-4f81-b4d2-7e760104d80e",
"created": "2018-03-16T11:43:09.000Z",
"modified": "2018-03-16T11:43:09.000Z",
"relationship_type": "connected-to",
"source_ref": "indicator--5aab7d70-a138-4131-9843-466d950d210f",
"target_ref": "indicator--5aab8036-1c10-4eb6-a9c5-4ed2950d210f"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--bbdfe547-c244-4915-b8b3-7c91b3afceb5",
"created": "2018-03-16T12:12:52.000Z",
"modified": "2018-03-16T12:12:52.000Z",
"relationship_type": "Characterized_By",
"source_ref": "indicator--5aab7d70-a138-4131-9843-466d950d210f",
"target_ref": "observed-data--5aabb437-d698-4ee1-911a-38bc950d210f"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--8e7d0d52-1924-4f25-9adf-ad1be0f556b9",
"created": "2018-03-16T15:16:45.000Z",
"modified": "2018-03-16T15:16:45.000Z",
"relationship_type": "included-in",
"source_ref": "indicator--5aab7e3e-425c-4c16-850e-4251950d210f",
"target_ref": "indicator--5aab7c75-a4b8-4062-ba32-47ea950d210f"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--9affc325-d70f-4a5b-825f-9a56a1268b8c",
"created": "2018-03-16T15:17:15.000Z",
"modified": "2018-03-16T15:17:15.000Z",
"relationship_type": "resolved-to",
"source_ref": "indicator--5aab7e3e-425c-4c16-850e-4251950d210f",
"target_ref": "indicator--5aab7e5b-5de0-4266-90c3-4131950d210f"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--b82f1947-8904-479b-9ae0-dc7e08bbb5f8",
"created": "2018-03-19T07:25:06.000Z",
"modified": "2018-03-19T07:25:06.000Z",
"relationship_type": "included-in",
"source_ref": "indicator--5aab7e5b-5de0-4266-90c3-4131950d210f",
"target_ref": "indicator--5aab7c75-a4b8-4062-ba32-47ea950d210f"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--e6f47723-24ca-4cc1-9719-3084115f4d96",
"created": "2018-03-19T07:26:25.000Z",
"modified": "2018-03-19T07:26:25.000Z",
"relationship_type": "related-to",
"source_ref": "indicator--5aab7e5b-5de0-4266-90c3-4131950d210f",
"target_ref": "indicator--5aab7f21-1d04-4b67-97ad-4e8b950d210f"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--3ed63f32-6db7-407e-aaac-b5e5a5a10d35",
"created": "2018-03-19T07:27:07.000Z",
"modified": "2018-03-19T07:27:07.000Z",
"relationship_type": "resolved-to",
"source_ref": "indicator--5aab7e5b-5de0-4266-90c3-4131950d210f",
"target_ref": "indicator--5aab7e3e-425c-4c16-850e-4251950d210f"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--f70562b1-778a-4f2f-8d32-dd65cbb65b40",
"created": "2018-03-16T11:09:14.000Z",
"modified": "2018-03-16T11:09:14.000Z",
"relationship_type": "related-to",
"source_ref": "indicator--5aab7ece-54c4-4627-b9f3-4eee950d210f",
"target_ref": "indicator--5aab8032-2648-489a-b335-4a84950d210f"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--f77cbb8b-8bb7-4f9b-9b8f-faf0fa817dc9",
"created": "2018-03-16T11:09:23.000Z",
"modified": "2018-03-16T11:09:23.000Z",
"relationship_type": "related-to",
"source_ref": "indicator--5aab7ece-54c4-4627-b9f3-4eee950d210f",
"target_ref": "indicator--5aab8033-dce8-4863-a177-44a5950d210f"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--572952c0-b963-4328-98a4-62aa6bf9ca38",
"created": "2018-03-16T11:09:28.000Z",
"modified": "2018-03-16T11:09:28.000Z",
"relationship_type": "related-to",
"source_ref": "indicator--5aab7ece-54c4-4627-b9f3-4eee950d210f",
"target_ref": "indicator--5aab8033-99c0-44a2-ad2e-4965950d210f"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--b8d56d1c-35fd-4441-aa4f-073f3b6b3d1b",
"created": "2018-03-16T11:09:33.000Z",
"modified": "2018-03-16T11:09:33.000Z",
"relationship_type": "related-to",
"source_ref": "indicator--5aab7ece-54c4-4627-b9f3-4eee950d210f",
"target_ref": "indicator--5aab8034-c1e0-406f-914b-4829950d210f"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--bd16590e-5e24-4bc8-9cff-e1a161e2b8d1",
"created": "2018-03-16T11:09:39.000Z",
"modified": "2018-03-16T11:09:39.000Z",
"relationship_type": "related-to",
"source_ref": "indicator--5aab7ece-54c4-4627-b9f3-4eee950d210f",
"target_ref": "indicator--5aab8034-2124-459a-9f15-41e3950d210f"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--73176cdb-9ab5-456c-9807-71a7ecfb9679",
"created": "2018-03-16T11:12:33.000Z",
"modified": "2018-03-16T11:12:33.000Z",
"relationship_type": "related-to",
"source_ref": "indicator--5aab7ece-54c4-4627-b9f3-4eee950d210f",
"target_ref": "indicator--5aab8034-583c-4daf-afdf-4ce4950d210f"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--f6aae0cb-e0b9-4713-8c5d-86f4d718dd8f",
"created": "2018-03-16T11:12:40.000Z",
"modified": "2018-03-16T11:12:40.000Z",
"relationship_type": "related-to",
"source_ref": "indicator--5aab7ece-54c4-4627-b9f3-4eee950d210f",
"target_ref": "indicator--5aab8035-5834-4055-9ecd-4604950d210f"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--05d33806-6ec7-4c6d-b331-d971af093c78",
"created": "2018-03-16T11:12:45.000Z",
"modified": "2018-03-16T11:12:45.000Z",
"relationship_type": "related-to",
"source_ref": "indicator--5aab7ece-54c4-4627-b9f3-4eee950d210f",
"target_ref": "indicator--5aab8035-0e5c-4488-bdfd-4eed950d210f"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--2be40a15-dd63-4118-9298-f4e85392d5e2",
"created": "2018-03-16T11:12:50.000Z",
"modified": "2018-03-16T11:12:50.000Z",
"relationship_type": "related-to",
"source_ref": "indicator--5aab7ece-54c4-4627-b9f3-4eee950d210f",
"target_ref": "indicator--5aab8036-1270-45b5-8a8a-4b09950d210f"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--62a34b7c-1ea8-4063-bde1-ae9ab7f117f3",
"created": "2018-03-16T11:08:28.000Z",
"modified": "2018-03-16T11:08:28.000Z",
"relationship_type": "connected-to",
"source_ref": "indicator--5aab7ece-54c4-4627-b9f3-4eee950d210f",
"target_ref": "indicator--5aab8032-2648-489a-b335-4a84950d210f"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--63e580c9-140f-4e02-b7dc-4c57818df84a",
"created": "2018-03-16T11:08:35.000Z",
"modified": "2018-03-16T11:08:35.000Z",
"relationship_type": "connected-to",
"source_ref": "indicator--5aab7ece-54c4-4627-b9f3-4eee950d210f",
"target_ref": "indicator--5aab8033-dce8-4863-a177-44a5950d210f"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--fac0a7bf-bf78-4685-8b61-7e1ff9a01815",
"created": "2018-03-16T11:08:48.000Z",
"modified": "2018-03-16T11:08:48.000Z",
"relationship_type": "connected-to",
"source_ref": "indicator--5aab7ece-54c4-4627-b9f3-4eee950d210f",
"target_ref": "indicator--5aab8033-99c0-44a2-ad2e-4965950d210f"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--027e9e08-27b7-4480-bfca-91165650d1fa",
"created": "2018-03-16T11:08:57.000Z",
"modified": "2018-03-16T11:08:57.000Z",
"relationship_type": "connected-to",
"source_ref": "indicator--5aab7ece-54c4-4627-b9f3-4eee950d210f",
"target_ref": "indicator--5aab8034-c1e0-406f-914b-4829950d210f"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--80792e3d-ed41-49ee-afea-7e2b9ff68703",
"created": "2018-03-16T11:09:08.000Z",
"modified": "2018-03-16T11:09:08.000Z",
"relationship_type": "connected-to",
"source_ref": "indicator--5aab7ece-54c4-4627-b9f3-4eee950d210f",
"target_ref": "indicator--5aab8034-2124-459a-9f15-41e3950d210f"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--fcab7f7e-6dd0-4d17-bd19-ed78fb48cf05",
"created": "2018-03-16T11:11:59.000Z",
"modified": "2018-03-16T11:11:59.000Z",
"relationship_type": "connected-to",
"source_ref": "indicator--5aab7ece-54c4-4627-b9f3-4eee950d210f",
"target_ref": "indicator--5aab8034-583c-4daf-afdf-4ce4950d210f"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--eacf6f5f-f002-483d-9ce9-a0299a0d2aa3",
"created": "2018-03-16T11:12:08.000Z",
"modified": "2018-03-16T11:12:08.000Z",
"relationship_type": "connected-to",
"source_ref": "indicator--5aab7ece-54c4-4627-b9f3-4eee950d210f",
"target_ref": "indicator--5aab8035-0e5c-4488-bdfd-4eed950d210f"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--2ec97fb3-5ea3-48d5-9053-6a290d55de91",
"created": "2018-03-16T11:12:18.000Z",
"modified": "2018-03-16T11:12:18.000Z",
"relationship_type": "connected-to",
"source_ref": "indicator--5aab7ece-54c4-4627-b9f3-4eee950d210f",
"target_ref": "indicator--5aab8035-5834-4055-9ecd-4604950d210f"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--8e8cfc5f-d0ee-45a3-9765-823e92a75995",
"created": "2018-03-16T11:12:26.000Z",
"modified": "2018-03-16T11:12:26.000Z",
"relationship_type": "connected-to",
"source_ref": "indicator--5aab7ece-54c4-4627-b9f3-4eee950d210f",
"target_ref": "indicator--5aab8036-1270-45b5-8a8a-4b09950d210f"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--4584a40b-3342-407a-96e1-942fcf493919",
"created": "2018-03-19T21:10:38.000Z",
"modified": "2018-03-19T21:10:38.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--5aab7ece-54c4-4627-b9f3-4eee950d210f",
"target_ref": "x-misp-object--a5cf7d41-3fd8-4f9e-8efa-17f99229ab80"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--d1560ed9-6eee-428c-b020-fd0cb7d2a56c",
"created": "2018-03-20T18:51:07.000Z",
"modified": "2018-03-20T18:51:07.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--5aab7ece-54c4-4627-b9f3-4eee950d210f",
"target_ref": "x-misp-object--da511a48-fb7c-48e9-af7b-87959d26df32"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--aa40b1e8-d9d7-4fbb-ba93-b92fc071d8d2",
"created": "2018-03-16T11:01:00.000Z",
"modified": "2018-03-16T11:01:00.000Z",
"relationship_type": "related-to",
"source_ref": "indicator--5aab7efd-30a0-467e-b13e-448f950d210f",
"target_ref": "indicator--5aab8032-4d74-4135-881e-4dd3950d210f"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--a7c508f9-8a4e-448c-b76a-a35ca966f186",
"created": "2018-03-16T11:01:05.000Z",
"modified": "2018-03-16T11:01:05.000Z",
"relationship_type": "related-to",
"source_ref": "indicator--5aab7efd-30a0-467e-b13e-448f950d210f",
"target_ref": "indicator--5aab8032-65bc-4a14-bd0d-4706950d210f"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--797d5d14-21f8-45bc-9fd8-598819f71da9",
"created": "2018-03-16T11:00:46.000Z",
"modified": "2018-03-16T11:00:46.000Z",
"relationship_type": "connected-to",
"source_ref": "indicator--5aab7efd-30a0-467e-b13e-448f950d210f",
"target_ref": "indicator--5aab8032-4d74-4135-881e-4dd3950d210f"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--440cbee9-12c3-4e9d-a708-acd49740dd04",
"created": "2018-03-16T11:00:54.000Z",
"modified": "2018-03-16T11:00:54.000Z",
"relationship_type": "connected-to",
"source_ref": "indicator--5aab7efd-30a0-467e-b13e-448f950d210f",
"target_ref": "indicator--5aab8032-65bc-4a14-bd0d-4706950d210f"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--193fc0f5-3030-499e-b8d6-46832254c253",
"created": "2018-03-16T10:37:38.000Z",
"modified": "2018-03-16T10:37:38.000Z",
"relationship_type": "derived-from",
"source_ref": "indicator--5aab7f0e-d540-40a3-b119-4cf3950d210f",
"target_ref": "indicator--5aab7cc4-3de4-4beb-937b-460e950d210f"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--0ecaa41d-26d4-4927-a932-17e3140217e4",
"created": "2018-03-16T10:37:07.000Z",
"modified": "2018-03-16T10:37:07.000Z",
"relationship_type": "related-to",
"source_ref": "indicator--5aab7f0e-d540-40a3-b119-4cf3950d210f",
"target_ref": "indicator--5aab7cc4-3de4-4beb-937b-460e950d210f"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--f770f880-28c0-4e4d-9dc9-2f7bcf36311f",
"created": "2018-03-16T10:37:25.000Z",
"modified": "2018-03-16T10:37:25.000Z",
"relationship_type": "related-to",
"source_ref": "indicator--5aab7f0e-d540-40a3-b119-4cf3950d210f",
"target_ref": "indicator--5aab7d70-a138-4131-9843-466d950d210f"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--2e21006c-5f14-4b2b-9fe7-ec98258616f2",
"created": "2018-03-16T10:37:43.000Z",
"modified": "2018-03-16T10:37:43.000Z",
"relationship_type": "derived-from",
"source_ref": "indicator--5aab7f0e-d540-40a3-b119-4cf3950d210f",
"target_ref": "indicator--5aab7cc4-3de4-4beb-937b-460e950d210f"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--36aedde6-660f-4319-affa-69f3f93c19fe",
"created": "2018-03-19T21:10:38.000Z",
"modified": "2018-03-19T21:10:38.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--5aab7f0e-d540-40a3-b119-4cf3950d210f",
"target_ref": "x-misp-object--68aa5eb6-0404-4285-b4b9-3f6bd1ac804c"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--c9d0fb17-1102-4f2b-9dc1-2b3709d29714",
"created": "2018-03-20T18:51:07.000Z",
"modified": "2018-03-20T18:51:07.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--5aab7f0e-d540-40a3-b119-4cf3950d210f",
"target_ref": "x-misp-object--a377dd67-a104-4cf0-a517-c6a7aa915ec7"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--91ce199e-bb3f-4ee7-ad47-1f8cc8384745",
"created": "2018-03-16T15:29:58.000Z",
"modified": "2018-03-16T15:29:58.000Z",
"relationship_type": "included-in",
"source_ref": "indicator--5aab7f21-1d04-4b67-97ad-4e8b950d210f",
"target_ref": "indicator--5aab7c75-a4b8-4062-ba32-47ea950d210f"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--fb3cbb87-5270-4b65-81a0-2425a7a2598e",
"created": "2018-03-16T15:30:50.000Z",
"modified": "2018-03-16T15:30:50.000Z",
"relationship_type": "related-to",
"source_ref": "indicator--5aab7f21-1d04-4b67-97ad-4e8b950d210f",
"target_ref": "indicator--5aab7e5b-5de0-4266-90c3-4131950d210f"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--6d5fce30-b01b-4486-8ea9-797150145319",
"created": "2018-03-19T21:10:38.000Z",
"modified": "2018-03-19T21:10:38.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--5aab7f21-1d04-4b67-97ad-4e8b950d210f",
"target_ref": "x-misp-object--db67a0ca-ab6e-4d10-ba16-96b2c18ef120"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--b5d7e92c-2abd-4f12-aa8d-4d4a95688429",
"created": "2018-03-20T18:51:08.000Z",
"modified": "2018-03-20T18:51:08.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--5aab7f21-1d04-4b67-97ad-4e8b950d210f",
"target_ref": "x-misp-object--43871de9-0fbb-4042-979d-c05a03f7591b"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--3c2e75c4-ff8e-4827-94b5-8a651047c620",
"created": "2018-03-16T09:05:42.000Z",
"modified": "2018-03-16T09:05:42.000Z",
"relationship_type": "derived-from",
"source_ref": "indicator--5aab7f33-5c08-4572-9b7e-4961950d210f",
"target_ref": "indicator--5aab8032-4d74-4135-881e-4dd3950d210f"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--7779d01b-8db6-4c8d-9c08-757a56dea184",
"created": "2018-03-16T11:04:27.000Z",
"modified": "2018-03-16T11:04:27.000Z",
"relationship_type": "related-to",
"source_ref": "indicator--5aab7f33-5c08-4572-9b7e-4961950d210f",
"target_ref": "indicator--5aab8032-4d74-4135-881e-4dd3950d210f"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--1afb1681-1f93-448f-915d-e35225e957b8",
"created": "2018-03-16T11:04:21.000Z",
"modified": "2018-03-16T11:04:21.000Z",
"relationship_type": "connected-to",
"source_ref": "indicator--5aab7f33-5c08-4572-9b7e-4961950d210f",
"target_ref": "indicator--5aab8032-4d74-4135-881e-4dd3950d210f"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--40cc07ab-4647-44a8-8be7-ef01cbed307d",
"created": "2018-03-16T19:58:46.000Z",
"modified": "2018-03-16T19:58:46.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--b9b261fe-ac0d-4eaa-bc84-91ee824ca271",
"target_ref": "x-misp-object--52fdb810-ffc9-4914-a550-f04c633a6914"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--983707d2-1d24-46e0-a206-9a8265196a88",
"created": "2018-03-16T19:58:46.000Z",
"modified": "2018-03-16T19:58:46.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--d603127a-dca4-4067-9982-fbf3c37e55b2",
"target_ref": "x-misp-object--7970257f-14eb-43dc-bd7f-5cab16a9baf3"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--786826dc-d4a1-4dd3-af05-95d721d2febc",
"created": "2018-03-16T19:58:46.000Z",
"modified": "2018-03-16T19:58:46.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--bf47e63b-3eb3-4434-ae79-81368e8f4084",
"target_ref": "x-misp-object--9ff8d207-0de1-4965-836f-b1226b92c8f6"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--b4a2e6e6-e3e7-4da9-a8be-e2cddb7929d0",
"created": "2018-03-19T10:41:34.000Z",
"modified": "2018-03-19T10:41:34.000Z",
"relationship_type": "connected-to",
"source_ref": "indicator--5aaf6f7d-5698-489d-9b33-4c5c950d210f",
"target_ref": "indicator--5aab8036-1c10-4eb6-a9c5-4ed2950d210f"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--5e62ee25-c319-4a02-9392-ba874da07e3c",
"created": "2018-03-19T09:31:38.000Z",
"modified": "2018-03-19T09:31:38.000Z",
"relationship_type": "connected-to",
"source_ref": "indicator--5aaf6fb7-2d4c-48f6-a5a6-4936950d210f",
"target_ref": "indicator--5aaf7073-dc2c-4e31-82a8-4a41950d210f"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--53936b4a-c0b3-409f-9208-543c015b52ac",
"created": "2018-03-19T10:12:57.000Z",
"modified": "2018-03-19T10:12:57.000Z",
"relationship_type": "connected-to",
"source_ref": "indicator--5aaf6fc9-3500-45cd-8315-42e1950d210f",
"target_ref": "indicator--5aaf7073-dc2c-4e31-82a8-4a41950d210f"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--0a2e9b63-13eb-4098-af3a-63e997c8d3b4",
"created": "2018-03-19T10:39:16.000Z",
"modified": "2018-03-19T10:39:16.000Z",
"relationship_type": "connected-to",
"source_ref": "indicator--5aaf6fdc-d6d0-4c8d-aec4-485d950d210f",
"target_ref": "indicator--5aaf7073-dc2c-4e31-82a8-4a41950d210f"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--f7d300fa-7865-4303-8978-3afa5cd9c1be",
"created": "2018-03-19T09:44:51.000Z",
"modified": "2018-03-19T09:44:51.000Z",
"relationship_type": "connected-to",
"source_ref": "indicator--5aaf6ff0-8384-42d9-a402-4107950d210f",
"target_ref": "indicator--5aaf7073-dc2c-4e31-82a8-4a41950d210f"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--f8120248-4093-4f17-b467-cb8eda5c6bee",
"created": "2018-03-19T10:35:39.000Z",
"modified": "2018-03-19T10:35:39.000Z",
"relationship_type": "connected-to",
"source_ref": "indicator--5aaf7025-6398-4599-869d-4abb950d210f",
"target_ref": "indicator--5aaf7073-dc2c-4e31-82a8-4a41950d210f"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--81d70ae3-e4b3-477e-bef0-cee43fa2c984",
"created": "2018-03-19T10:37:53.000Z",
"modified": "2018-03-19T10:37:53.000Z",
"relationship_type": "connected-to",
"source_ref": "indicator--5aaf7035-27fc-4569-ba36-4e69950d210f",
"target_ref": "indicator--5aaf7073-dc2c-4e31-82a8-4a41950d210f"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--d10a9a66-31c3-4221-bcf1-cb7b3fce0157",
"created": "2018-03-19T09:05:34.000Z",
"modified": "2018-03-19T09:05:34.000Z",
"relationship_type": "connected-to",
"source_ref": "indicator--5aaf7051-9700-436b-8bec-4598950d210f",
"target_ref": "indicator--5aaf7073-dc2c-4e31-82a8-4a41950d210f"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--3e036413-f8d9-4b1f-b92f-50ccd9a9da33",
"created": "2018-03-19T11:14:39.000Z",
"modified": "2018-03-19T11:14:39.000Z",
"relationship_type": "connected-to",
"source_ref": "indicator--5aaf9a4a-3250-4b88-bbe1-4834950d210f",
"target_ref": "indicator--5aab8032-65bc-4a14-bd0d-4706950d210f"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--9afa0b3b-cb8a-4410-ab42-72089b5258dd",
"created": "2018-03-19T11:22:14.000Z",
"modified": "2018-03-19T11:22:14.000Z",
"relationship_type": "connected-to",
"source_ref": "indicator--5aaf9c9e-bd24-4ade-b019-45ab950d210f",
"target_ref": "indicator--5aaf9cab-e298-487c-9dda-4755950d210f"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--6f2b5833-3ab6-459e-925a-26030b41eb23",
"created": "2018-03-20T18:51:08.000Z",
"modified": "2018-03-20T18:51:08.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--5aaf9c9e-bd24-4ade-b019-45ab950d210f",
"target_ref": "x-misp-object--fa75388a-9fbe-4682-82db-1a02068aac41"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--0fae3d0a-77cf-4737-bb58-c5f1e4acc739",
"created": "2018-03-19T21:10:38.000Z",
"modified": "2018-03-19T21:10:38.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--5aafcfda-50d0-446b-8591-4212950d210f",
"target_ref": "x-misp-object--a8098016-54d1-4580-9c9c-0f774f7e5e71"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--ab9e96f6-b20e-46a7-aad3-f18ed945e299",
"created": "2018-03-20T18:51:08.000Z",
"modified": "2018-03-20T18:51:08.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--5aafcfda-50d0-446b-8591-4212950d210f",
"target_ref": "x-misp-object--31025798-921f-4e1f-94ad-160e77001592"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--4e110927-1c13-4906-80ba-c7471eaad1da",
"created": "2018-03-19T21:10:38.000Z",
"modified": "2018-03-19T21:10:38.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--5aafd016-ae84-45c4-b14f-43a6950d210f",
"target_ref": "x-misp-object--a466a89c-d8ef-4782-8897-f0b39085bf55"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--a1ae2d46-3f2d-45a7-a94d-5a85ba6f4ebe",
"created": "2018-03-20T18:51:08.000Z",
"modified": "2018-03-20T18:51:08.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--5aafd016-ae84-45c4-b14f-43a6950d210f",
"target_ref": "x-misp-object--dbf7cd6d-1439-4c5c-990a-cd5af23dea49"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--94dbdfcd-dea9-4031-b9ee-f8230c47114c",
"created": "2018-03-19T21:10:38.000Z",
"modified": "2018-03-19T21:10:38.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--5aafd060-eb10-4e15-84cf-40ca950d210f",
"target_ref": "x-misp-object--c90cf7a2-c522-4055-a791-65fe451876bc"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--c9f77d08-1b3b-4b16-9545-118414234485",
"created": "2018-03-20T18:51:08.000Z",
"modified": "2018-03-20T18:51:08.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--5aafd060-eb10-4e15-84cf-40ca950d210f",
"target_ref": "x-misp-object--eed7ce27-e8b2-4d01-bf3b-8540ba85e2c6"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--bbc75a36-1796-4670-8694-c95042eb9ac9",
"created": "2018-03-19T21:10:39.000Z",
"modified": "2018-03-19T21:10:39.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--5aafd146-b384-4965-9fd3-46a9950d210f",
"target_ref": "x-misp-object--4e6ace53-c11b-490e-85cd-9b18d139fd3b"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--ba119a89-50c0-4eca-b1fe-ded72cd4b4e2",
"created": "2018-03-20T18:51:08.000Z",
"modified": "2018-03-20T18:51:08.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--5aafd146-b384-4965-9fd3-46a9950d210f",
"target_ref": "x-misp-object--cced1e71-a4a2-4b3f-9dba-4e0d6f790640"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--dca951c4-9306-4ca3-ad13-f1fae9a6cf9b",
"created": "2018-03-19T21:10:39.000Z",
"modified": "2018-03-19T21:10:39.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--5aafd2b1-0b34-4136-9ee8-4e7b950d210f",
"target_ref": "x-misp-object--174f8d3f-dc51-4988-bcf3-ca5b2afea2b9"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--7bf09607-898b-4746-b1bd-c8d218d21e62",
"created": "2018-03-20T18:51:08.000Z",
"modified": "2018-03-20T18:51:08.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--5aafd2b1-0b34-4136-9ee8-4e7b950d210f",
"target_ref": "x-misp-object--c4f3b65c-59cf-439d-845e-e1e147898568"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--f374b129-f5c7-4c9b-8170-96e0c36b7775",
"created": "2018-03-19T21:10:39.000Z",
"modified": "2018-03-19T21:10:39.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--ee89f074-993e-4d98-ab7e-bf03843107c1",
"target_ref": "x-misp-object--60e4dfd5-2356-436c-b272-ed04a971d8a9"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--402296f7-41ed-43bc-a4ab-4f6530490ab2",
"created": "2018-03-20T18:51:08.000Z",
"modified": "2018-03-20T18:51:08.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--ee89f074-993e-4d98-ab7e-bf03843107c1",
"target_ref": "x-misp-object--e5412ec5-9117-48af-ad6a-302b656170d5"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--6e46da2d-42a5-4ce3-9bca-92515d206bd3",
"created": "2018-03-19T21:10:39.000Z",
"modified": "2018-03-19T21:10:39.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--f813c138-e77b-46f1-96dd-e7379a6aeb0a",
"target_ref": "x-misp-object--d80c3aaa-a450-4349-9cc8-59ff3e6e8334"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--eb2c2d08-60bb-4037-87a7-97608d8ebc2d",
"created": "2018-03-20T18:51:08.000Z",
"modified": "2018-03-20T18:51:08.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--817e8e7e-d4e7-4d2b-8f02-03c20544d73a",
"target_ref": "x-misp-object--f11d0914-a6a8-43e8-b34b-e9b56d9ccda5"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--fab2732c-116f-4455-bd0e-2ec17b5a88c9",
"created": "2018-03-20T18:51:08.000Z",
"modified": "2018-03-20T18:51:08.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--ed4e8187-7d82-43a5-ae76-c7457f3a3858",
"target_ref": "x-misp-object--2a950e9f-1c9e-4125-bf95-c935bf9096b6"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--8208cc5c-d913-4e9d-8bf5-94ba85f71a67",
"created": "2018-03-20T18:51:08.000Z",
"modified": "2018-03-20T18:51:08.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--91368a58-21e1-420a-9d26-97e0385d5748",
"target_ref": "x-misp-object--62b12042-f234-4857-9d1b-721399c22094"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--6339191e-1779-4486-ae19-0f72f3d36ee3",
"created": "2018-03-20T18:51:08.000Z",
"modified": "2018-03-20T18:51:08.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--dc3dc085-889d-438e-b1a2-d37315215674",
"target_ref": "x-misp-object--7716d649-a1a1-46f5-b491-ed742857eb80"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--bbcc595a-e548-41d3-b89f-e0f1fbdab8fa",
"created": "2018-03-20T18:51:08.000Z",
"modified": "2018-03-20T18:51:08.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--15fc0f64-5c84-4c0c-972e-d7cfbc940bb5",
"target_ref": "x-misp-object--2a28b918-0b88-4f5f-9084-202f5324905b"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--e7fe9af0-88bd-4ba6-af6f-922b46f74687",
"created": "2018-03-20T18:51:08.000Z",
"modified": "2018-03-20T18:51:08.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--36581bf5-7984-4225-9f75-b9ae6c3a895d",
"target_ref": "x-misp-object--78564b68-ca38-4f83-8610-0780016cc9c6"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--4c2f41b4-ff6b-41fd-9d42-a38af937e5f9",
"created": "2018-03-20T18:51:08.000Z",
"modified": "2018-03-20T18:51:08.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--26df7c7f-c892-4128-a50f-3dfacc30e475",
"target_ref": "x-misp-object--c526bab4-b450-4b9b-a857-d625ca2b9df4"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--fa74ffd3-1ee0-4968-b9a6-2f545fc97108",
"created": "2018-03-20T18:51:08.000Z",
"modified": "2018-03-20T18:51:08.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--e96ec051-cdad-45ba-b7ed-278e1fbf1c0d",
"target_ref": "x-misp-object--9ae0d6cc-6be6-4cf7-ae00-bf9836bc7347"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--465b2a67-44a8-4f06-b7b5-4e6e143f86ca",
"created": "2018-03-20T18:51:08.000Z",
"modified": "2018-03-20T18:51:08.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--eb510916-5440-457d-8b5a-2e67dbd8f5c8",
"target_ref": "x-misp-object--b3c5a480-22df-4ca6-a89d-67ab89e1ef8e"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--c10437db-cf95-4684-8250-362689e9f3a8",
"created": "2018-03-20T18:51:09.000Z",
"modified": "2018-03-20T18:51:09.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--769ce047-ff32-42fa-aca3-aa3f3cd47615",
"target_ref": "x-misp-object--38489708-7681-4bf1-b940-d0497914665d"
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
]
}