2023-04-21 14:44:17 +00:00
{
"type" : "bundle" ,
"id" : "bundle--5742ea44-5ff4-4634-99c9-4b32950d210f" ,
"objects" : [
{
"type" : "identity" ,
"spec_version" : "2.1" ,
"id" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-01-13T03:00:22.000Z" ,
"modified" : "2018-01-13T03:00:22.000Z" ,
"name" : "CIRCL" ,
"identity_class" : "organization"
} ,
{
"type" : "report" ,
"spec_version" : "2.1" ,
"id" : "report--5742ea44-5ff4-4634-99c9-4b32950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-01-13T03:00:22.000Z" ,
"modified" : "2018-01-13T03:00:22.000Z" ,
"name" : "OSINT - Operation Ke3chang Resurfaces With New TidePool Malware" ,
"published" : "2018-02-16T08:49:19Z" ,
"object_refs" : [
"observed-data--5742ea80-3774-4bab-bcd8-4e5d950d210f" ,
"url--5742ea80-3774-4bab-bcd8-4e5d950d210f" ,
"x-misp-attribute--5742ea8c-70f4-42b1-8703-4f17950d210f" ,
"vulnerability--5742eaa5-cfec-4091-aaea-4f08950d210f" ,
"observed-data--5742eac0-8830-4aa2-bd48-4aac950d210f" ,
"file--5742eac0-8830-4aa2-bd48-4aac950d210f" ,
"indicator--5742ecbb-498c-480b-88ba-47f3950d210f" ,
"indicator--5742ecd7-1e84-4225-b43b-4e9a950d210f" ,
"indicator--5742ecd7-794c-4a74-9aa4-45b6950d210f" ,
"indicator--5742ecd7-0b4c-477d-b70d-4795950d210f" ,
"indicator--5742ece8-e8dc-40e1-99db-4251950d210f" ,
"indicator--5742ecf9-31f0-4440-92ce-4d63950d210f" ,
"indicator--5742ecf9-67a8-426a-a268-4549950d210f" ,
"indicator--5742ed69-d374-40b6-8f10-48ff950d210f" ,
"indicator--5742ed6a-5da4-4e7b-948e-4fd9950d210f" ,
"indicator--5742ed6a-5254-4448-b588-4908950d210f" ,
"indicator--5742edc0-5d9c-41a9-9a47-41d1950d210f" ,
"indicator--5742eddf-627c-4ff7-9423-4efd950d210f" ,
"indicator--5742ee7d-d4dc-43df-b653-4408950d210f" ,
"indicator--5742eeb4-4b48-4312-9290-4c47950d210f" ,
"indicator--5742eeb4-6690-48fc-b6d1-4a7d950d210f" ,
"indicator--5742eeb4-f0cc-48f9-b670-4a21950d210f" ,
"indicator--d36aca31-f8d7-4ac8-bf33-30fd88480de8" ,
"x-misp-object--4c3e5932-e6a1-4554-9610-4cc1725c0b76" ,
"indicator--29317953-8a0f-4c20-9835-6cf7c4bdab52" ,
"x-misp-object--abfa1b03-38a3-4cf7-9d5d-9bf1948898f4" ,
"indicator--33819efb-eb82-4a95-b1bf-1f78fe34b6fa" ,
"x-misp-object--72f41d65-1c52-4c37-a1d6-e5d684df9bd8" ,
"indicator--f1715b9e-1213-45d0-b05e-89b657a557a9" ,
"x-misp-object--670070b9-6439-402d-b6ea-1224c3b9fea8" ,
"indicator--38b19130-caab-4039-85c5-064242831cd4" ,
"x-misp-object--b7768dd0-8628-45a0-a1c0-30ff2c345300" ,
"indicator--1acad919-6ce1-465a-9c60-a3ac588a180d" ,
"x-misp-object--7cdf00e3-c53f-40b4-b7cd-514c78f9c864" ,
"indicator--64cf2807-9421-4a99-bcdd-e82af40c7346" ,
"x-misp-object--0b830feb-b802-42b3-9c13-f90d67dc3095" ,
"indicator--96db58ab-0377-4a31-871b-c96f4652500e" ,
"x-misp-object--ea777cda-e274-445b-9504-912fdaf5ec18" ,
"indicator--ab660ec7-d756-4009-91c7-ef5ac5f7afcf" ,
"x-misp-object--c4c4e9f6-4680-4789-b6a4-ec623a695c71" ,
"indicator--faaab687-1aa7-4f25-aab1-e4c6800a80ab" ,
"x-misp-object--b2e9a6ec-2c61-459b-9c48-a6d5b09d7fd6" ,
"indicator--8ec4d47a-540f-4bbb-bac4-083f4f481aab" ,
"x-misp-object--3cd6bcdd-bbcf-45e1-9950-90c48d7756db" ,
"indicator--29618e84-7d70-49ea-8c5e-d888d51f24ab" ,
"x-misp-object--88f47bd4-e874-45e1-9c95-941a7cb0f52f" ,
"indicator--0756b913-74c9-432d-819b-a421d08d375d" ,
"x-misp-object--ecd39cdd-ca7c-48fd-b0e5-ad1d6abbce67" ,
"indicator--2404272c-a873-48c4-bc1f-2af5dde7d96e" ,
"x-misp-object--6a5caeb6-3bcf-454d-85ea-96e9e13142d9" ,
"indicator--1bed7c4f-08df-4dce-8a44-b45a17fac214" ,
"x-misp-object--2cc94589-3349-4fad-b8a0-f90063b03212" ,
2023-12-14 14:30:15 +00:00
"relationship--b582a5d0-4580-4c19-9147-ebc95581bf34" ,
"relationship--ab06d6bf-16db-45fa-98af-0290e7cedef8" ,
"relationship--ca5ca6e7-460b-45ec-b2df-a7f0fa218967" ,
"relationship--22d665f3-ad99-4690-9f43-d5ec63aa4cd2" ,
"relationship--392912d2-d1df-453e-a272-86d6b0175c33" ,
"relationship--2bdbf810-ca69-40d4-a3f4-c1ed8512ab1d" ,
"relationship--fef36d72-317b-4e78-b765-59afdf3a8899" ,
"relationship--c83c98f2-05f0-4966-8722-1f91ee02f77c" ,
"relationship--d4bf757e-4fb1-4aa8-9779-fc0730e21f76" ,
"relationship--fcea8eb2-1ebd-45dc-8bde-b85f645a107a" ,
"relationship--05d70ad3-ae05-46d7-9981-dd81385d7b4b" ,
"relationship--355f22d9-d2d2-4932-8fe5-73746ab92733" ,
"relationship--e0030221-71e9-4ffe-91ee-64dd636c92f0" ,
"relationship--a568abee-d8e6-4ccc-af4f-d9032497a4a5" ,
"relationship--58ad8271-9019-4340-8e3f-9f9b4b890b87"
2023-04-21 14:44:17 +00:00
] ,
"labels" : [
"Threat-Report" ,
"misp:tool=\"MISP-STIX-Converter\"" ,
"type:OSINT"
] ,
"object_marking_refs" : [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--5742ea80-3774-4bab-bcd8-4e5d950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-01-12T09:48:28.000Z" ,
"modified" : "2018-01-12T09:48:28.000Z" ,
"first_observed" : "2018-01-12T09:48:28Z" ,
"last_observed" : "2018-01-12T09:48:28Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--5742ea80-3774-4bab-bcd8-4e5d950d210f"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--5742ea80-3774-4bab-bcd8-4e5d950d210f" ,
"value" : "http://researchcenter.paloaltonetworks.com/2016/05/operation-ke3chang-resurfaces-with-new-tidepool-malware/"
} ,
{
"type" : "x-misp-attribute" ,
"spec_version" : "2.1" ,
"id" : "x-misp-attribute--5742ea8c-70f4-42b1-8703-4f17950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-01-12T09:48:29.000Z" ,
"modified" : "2018-01-12T09:48:29.000Z" ,
"labels" : [
"misp:type=\"comment\"" ,
"misp:category=\"External analysis\""
] ,
"x_misp_category" : "External analysis" ,
"x_misp_type" : "comment" ,
"x_misp_value" : "Little has been published on the threat actors responsible for Operation Ke3chang since the report was released more than two years ago. However, Unit 42 has recently discovered the actors have continued to evolve their custom malware arsenal. We\u00e2\u20ac\u2122ve discovered a new malware family we\u00e2\u20ac\u2122ve named TidePool. It has strong behavioral ties to Ke3chang and is being used in an ongoing attack campaign against Indian embassy personnel worldwide. This targeting is also consistent with previous attacker TTPs; Ke3chang historically targeted the Ministry of Affairs, and also conducted several prior campaigns against India.\r\nThough we don\u00e2\u20ac\u2122t have comprehensive targeting information, the spear phishing emails we found targeted several Indian embassies in different countries. One decoy references an annual report filed by over 30 Indian embassies across the globe. The sender addresses of the phishing emails spoof real people with ties to Indian embassies, adding legitimacy to the emails to prompt the recipients to open the attached file. Also noteworthy, the actors are exploiting a relatively new vulnerability in their attacks with TidePool, which is detailed below.\r\nIn this report we will highlight the reuse of the code responsible for a variety of registry changes and command and control traffic over time as the Ke3chang actor has evolved their codebase to TidePool since the 2013 report."
} ,
{
"type" : "vulnerability" ,
"spec_version" : "2.1" ,
"id" : "vulnerability--5742eaa5-cfec-4091-aaea-4f08950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-01-12T09:48:29.000Z" ,
"modified" : "2018-01-12T09:48:29.000Z" ,
"name" : "CVE-2015-2545" ,
"labels" : [
"misp:type=\"vulnerability\"" ,
"misp:category=\"Payload delivery\""
] ,
"external_references" : [
{
"source_name" : "cve" ,
"external_id" : "CVE-2015-2545"
}
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--5742eac0-8830-4aa2-bd48-4aac950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-01-12T09:48:29.000Z" ,
"modified" : "2018-01-12T09:48:29.000Z" ,
"first_observed" : "2018-01-12T09:48:29Z" ,
"last_observed" : "2018-01-12T09:48:29Z" ,
"number_observed" : 1 ,
"object_refs" : [
"file--5742eac0-8830-4aa2-bd48-4aac950d210f"
] ,
"labels" : [
"misp:type=\"filename\"" ,
"misp:category=\"Artifacts dropped\""
]
} ,
{
"type" : "file" ,
"spec_version" : "2.1" ,
"id" : "file--5742eac0-8830-4aa2-bd48-4aac950d210f" ,
"name" : "%USERPROFILE%\\IEHelper\\mshtml.dll"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5742ecbb-498c-480b-88ba-47f3950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-01-12T09:48:29.000Z" ,
"modified" : "2018-01-12T09:48:29.000Z" ,
"description" : "TidePool" ,
"pattern" : "[domain-name:value = 'goback.strangled.net']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-01-12T09:48:29Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"hostname\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5742ecd7-1e84-4225-b43b-4e9a950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-05-23T11:43:19.000Z" ,
"modified" : "2016-05-23T11:43:19.000Z" ,
"description" : "TidePool DLL" ,
"pattern" : "[file:hashes.SHA256 = '67c4e8ab0f12fae7b4aeb66f7e59e286bd98d3a77e5a291e8d58b3cfbc1514ed']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-05-23T11:43:19Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5742ecd7-794c-4a74-9aa4-45b6950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-05-23T11:43:19.000Z" ,
"modified" : "2016-05-23T11:43:19.000Z" ,
"description" : "TidePool DLL" ,
"pattern" : "[file:hashes.SHA256 = '2252dcd1b6afacde3f94d9557811bb769c4f0af3cb7a48ffe068d31bb7c30e18']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-05-23T11:43:19Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5742ecd7-0b4c-477d-b70d-4795950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-05-23T11:43:19.000Z" ,
"modified" : "2016-05-23T11:43:19.000Z" ,
"description" : "TidePool DLL" ,
"pattern" : "[file:hashes.SHA256 = '9d0a47bdf00f7bd332ddd4cf8d95dd11ebbb945dda3d72aac512512b48ad93ba']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-05-23T11:43:19Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5742ece8-e8dc-40e1-99db-4251950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-05-23T11:43:36.000Z" ,
"modified" : "2016-05-23T11:43:36.000Z" ,
"description" : "TidePool Dropper" ,
"pattern" : "[file:hashes.SHA256 = '38f2c86041e0446730479cdb9c530298c0c4936722975c4e7446544fd6dcac9f']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-05-23T11:43:36Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5742ecf9-31f0-4440-92ce-4d63950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-05-23T11:43:53.000Z" ,
"modified" : "2016-05-23T11:43:53.000Z" ,
"description" : "Weaponized document attachment" ,
"pattern" : "[file:hashes.SHA256 = '785e8a39eb66e872ff5abee48b7226e99bed2e12bc0f68fc430145a00fe523db']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-05-23T11:43:53Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5742ecf9-67a8-426a-a268-4549950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-05-23T11:43:53.000Z" ,
"modified" : "2016-05-23T11:43:53.000Z" ,
"description" : "Weaponized document attachment" ,
"pattern" : "[file:hashes.SHA256 = 'eea3f90db41f872da8ed542b37948656b1fb93b12a266e8de82c6c668e60e9fc']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-05-23T11:43:53Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5742ed69-d374-40b6-8f10-48ff950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-05-23T11:45:45.000Z" ,
"modified" : "2016-05-23T11:45:45.000Z" ,
"description" : "Phishing email" ,
"pattern" : "[file:hashes.SHA256 = '4d5e0eddcd014c63123f6a46af7e53b5ac25a7ff7de86f56277fe39bff32c7b5']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-05-23T11:45:45Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5742ed6a-5da4-4e7b-948e-4fd9950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-05-23T11:45:46.000Z" ,
"modified" : "2016-05-23T11:45:46.000Z" ,
"description" : "Phishing email" ,
"pattern" : "[file:hashes.SHA256 = '1896d190ed5c5d04d74f8c2bfe70434f472b43441be824e81a31b7257b717e51']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-05-23T11:45:46Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5742ed6a-5254-4448-b588-4908950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-05-23T11:45:46.000Z" ,
"modified" : "2016-05-23T11:45:46.000Z" ,
"description" : "Phishing email" ,
"pattern" : "[file:hashes.SHA256 = 'de5060b7e9aaaeb8d24153fe35b77c27c95dadda5a5e727d99f407c8703db649']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-05-23T11:45:46Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5742edc0-5d9c-41a9-9a47-41d1950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-05-23T11:47:12.000Z" ,
"modified" : "2016-05-23T11:47:12.000Z" ,
"description" : "Group 1: 3/1/2012 \u00e2\u20ac\u201c 3/22/2012 (BS2005)" ,
"pattern" : "[file:hashes.SHA256 = '71b548e09fd51250356111f394e5fc64ac54d5a07d9bc57852315484c2046093']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-05-23T11:47:12Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5742eddf-627c-4ff7-9423-4efd950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-05-23T11:47:43.000Z" ,
"modified" : "2016-05-23T11:47:43.000Z" ,
"description" : "Group 1: 3/1/2012 \u00e2\u20ac\u201c 3/22/2012 (BS2005)" ,
"pattern" : "[file:hashes.SHA256 = '39fdcdf019c0fca350ec5bd3de31b6649456993b3f9642f966d610e0190f9297']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-05-23T11:47:43Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload installation"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload installation\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5742ee7d-d4dc-43df-b653-4408950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-05-23T11:50:21.000Z" ,
"modified" : "2016-05-23T11:50:21.000Z" ,
"description" : "Group 1: 3/1/2012 \u00e2\u20ac\u201c 3/22/2012" ,
"pattern" : "[file:hashes.SHA256 = '25a3b374894cacd922e7ff870bb19c84a9abfd69405dded13c3a6ceb5abe4d27']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-05-23T11:50:21Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5742eeb4-4b48-4312-9290-4c47950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-05-23T11:51:16.000Z" ,
"modified" : "2016-05-23T11:51:16.000Z" ,
"description" : "Group 2: 6/1/2012 \u00e2\u20ac\u201c 7/10/2012 - BS2005" ,
"pattern" : "[file:hashes.SHA256 = '12cc0fdc4f80942f0ba9039a22e701838332435883fa62d0cefd3992867a9e88']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-05-23T11:51:16Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5742eeb4-6690-48fc-b6d1-4a7d950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-05-23T11:51:16.000Z" ,
"modified" : "2016-05-23T11:51:16.000Z" ,
"description" : "Group 2: 6/1/2012 \u00e2\u20ac\u201c 7/10/2012 - BS2005" ,
"pattern" : "[file:hashes.SHA256 = 'a4fae981b687fe230364508a3324cf6e6daa45ecddd6b7c7b532cdc980679076']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-05-23T11:51:16Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5742eeb4-f0cc-48f9-b670-4a21950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-05-23T11:51:16.000Z" ,
"modified" : "2016-05-23T11:51:16.000Z" ,
"description" : "Group 2: 6/1/2012 \u00e2\u20ac\u201c 7/10/2012" ,
"pattern" : "[file:hashes.SHA256 = 'c1a83a9600d69c91c19207a8ee16347202d50873b6dc4613ba4d6a6059610fa1']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-05-23T11:51:16Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--d36aca31-f8d7-4ac8-bf33-30fd88480de8" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-01-12T09:48:32.000Z" ,
"modified" : "2018-01-12T09:48:32.000Z" ,
"pattern" : "[file:hashes.MD5 = '5ee64f9e44cddaa7ed11d752a149484d' AND file:hashes.SHA1 = '8e633f9ddb7902c1945f04203ed09e30838e1e74' AND file:hashes.SHA256 = '71b548e09fd51250356111f394e5fc64ac54d5a07d9bc57852315484c2046093']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-01-12T09:48:32Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--4c3e5932-e6a1-4554-9610-4cc1725c0b76" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-01-12T09:48:29.000Z" ,
"modified" : "2018-01-12T09:48:29.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/71b548e09fd51250356111f394e5fc64ac54d5a07d9bc57852315484c2046093/analysis/1464602237/" ,
"category" : "External analysis" ,
"comment" : "Group 1: 3/1/2012 \u00e2\u20ac\u201c 3/22/2012 (BS2005)" ,
"uuid" : "5a58846d-41c0-45db-940a-4c7302de0b81"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "42/57" ,
"category" : "Other" ,
"comment" : "Group 1: 3/1/2012 \u00e2\u20ac\u201c 3/22/2012 (BS2005)" ,
"uuid" : "5a58846d-595c-43da-80b0-496902de0b81"
} ,
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2016-05-30T09:57:17" ,
"category" : "Other" ,
"comment" : "Group 1: 3/1/2012 \u00e2\u20ac\u201c 3/22/2012 (BS2005)" ,
"uuid" : "5a58846d-05a0-469d-b6f7-40f502de0b81"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--29317953-8a0f-4c20-9835-6cf7c4bdab52" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-01-12T09:48:32.000Z" ,
"modified" : "2018-01-12T09:48:32.000Z" ,
"pattern" : "[file:hashes.MD5 = 'aebf03ceaef042a833ee5459016f5bde' AND file:hashes.SHA1 = '31b92f816c9f3f45aeb435d47b654cd02c07a633' AND file:hashes.SHA256 = '785e8a39eb66e872ff5abee48b7226e99bed2e12bc0f68fc430145a00fe523db']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-01-12T09:48:32Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--abfa1b03-38a3-4cf7-9d5d-9bf1948898f4" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-01-12T09:48:29.000Z" ,
"modified" : "2018-01-12T09:48:29.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/785e8a39eb66e872ff5abee48b7226e99bed2e12bc0f68fc430145a00fe523db/analysis/1505182043/" ,
"category" : "External analysis" ,
"comment" : "Weaponized document attachment" ,
"uuid" : "5a58846d-eb44-4ec5-9e87-4c8e02de0b81"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "26/58" ,
"category" : "Other" ,
"comment" : "Weaponized document attachment" ,
"uuid" : "5a58846d-0504-4231-b21f-4ac402de0b81"
} ,
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2017-09-12T02:07:23" ,
"category" : "Other" ,
"comment" : "Weaponized document attachment" ,
"uuid" : "5a58846d-a1cc-4a40-a5cf-4a6002de0b81"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--33819efb-eb82-4a95-b1bf-1f78fe34b6fa" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-01-12T09:48:32.000Z" ,
"modified" : "2018-01-12T09:48:32.000Z" ,
"pattern" : "[file:hashes.MD5 = '026936afbbbdd9034f0a24b4032bd2f8' AND file:hashes.SHA1 = '4ec47f819c72a4618ef6426839709d9a2e060919' AND file:hashes.SHA256 = '39fdcdf019c0fca350ec5bd3de31b6649456993b3f9642f966d610e0190f9297']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-01-12T09:48:32Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--72f41d65-1c52-4c37-a1d6-e5d684df9bd8" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-01-12T09:48:29.000Z" ,
"modified" : "2018-01-12T09:48:29.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/39fdcdf019c0fca350ec5bd3de31b6649456993b3f9642f966d610e0190f9297/analysis/1501706637/" ,
"category" : "External analysis" ,
"comment" : "Group 1: 3/1/2012 \u00e2\u20ac\u201c 3/22/2012 (BS2005)" ,
"uuid" : "5a58846e-358c-4ff5-8734-494902de0b81"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "49/65" ,
"category" : "Other" ,
"comment" : "Group 1: 3/1/2012 \u00e2\u20ac\u201c 3/22/2012 (BS2005)" ,
"uuid" : "5a58846e-7b70-413d-9396-4f1202de0b81"
} ,
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2017-08-02T20:43:57" ,
"category" : "Other" ,
"comment" : "Group 1: 3/1/2012 \u00e2\u20ac\u201c 3/22/2012 (BS2005)" ,
"uuid" : "5a58846e-445c-427f-bb00-45cf02de0b81"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--f1715b9e-1213-45d0-b05e-89b657a557a9" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-01-12T09:48:33.000Z" ,
"modified" : "2018-01-12T09:48:33.000Z" ,
"pattern" : "[file:hashes.MD5 = 'c591263d56b57dfadd06a68dd9657343' AND file:hashes.SHA1 = '8c248daec675cb873a9ee850336e871dd4642c5b' AND file:hashes.SHA256 = 'eea3f90db41f872da8ed542b37948656b1fb93b12a266e8de82c6c668e60e9fc']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-01-12T09:48:33Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--670070b9-6439-402d-b6ea-1224c3b9fea8" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-01-12T09:48:30.000Z" ,
"modified" : "2018-01-12T09:48:30.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/eea3f90db41f872da8ed542b37948656b1fb93b12a266e8de82c6c668e60e9fc/analysis/1464690554/" ,
"category" : "External analysis" ,
"comment" : "Weaponized document attachment" ,
"uuid" : "5a58846e-51bc-42f7-9846-4fa902de0b81"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "21/56" ,
"category" : "Other" ,
"comment" : "Weaponized document attachment" ,
"uuid" : "5a58846e-a788-4d48-9cfe-411b02de0b81"
} ,
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2016-05-31T10:29:14" ,
"category" : "Other" ,
"comment" : "Weaponized document attachment" ,
"uuid" : "5a58846e-7f4c-43ae-aa0a-4da402de0b81"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--38b19130-caab-4039-85c5-064242831cd4" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-01-12T09:48:33.000Z" ,
"modified" : "2018-01-12T09:48:33.000Z" ,
"pattern" : "[file:hashes.MD5 = '98f58f61f4510be9c531feb5f000172f' AND file:hashes.SHA1 = '24cf8ab0b6999ab88c234b16c211e9c296131dbd' AND file:hashes.SHA256 = '12cc0fdc4f80942f0ba9039a22e701838332435883fa62d0cefd3992867a9e88']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-01-12T09:48:33Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--b7768dd0-8628-45a0-a1c0-30ff2c345300" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-01-12T09:48:30.000Z" ,
"modified" : "2018-01-12T09:48:30.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/12cc0fdc4f80942f0ba9039a22e701838332435883fa62d0cefd3992867a9e88/analysis/1480255582/" ,
"category" : "External analysis" ,
"comment" : "Group 2: 6/1/2012 \u00e2\u20ac\u201c 7/10/2012 - BS2005" ,
"uuid" : "5a58846e-b074-40aa-a94e-4ffb02de0b81"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "41/56" ,
"category" : "Other" ,
"comment" : "Group 2: 6/1/2012 \u00e2\u20ac\u201c 7/10/2012 - BS2005" ,
"uuid" : "5a58846e-cafc-4abd-948f-4cc502de0b81"
} ,
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2016-11-27T14:06:22" ,
"category" : "Other" ,
"comment" : "Group 2: 6/1/2012 \u00e2\u20ac\u201c 7/10/2012 - BS2005" ,
"uuid" : "5a58846e-4330-4878-b3c4-4aa502de0b81"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--1acad919-6ce1-465a-9c60-a3ac588a180d" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-01-12T09:48:33.000Z" ,
"modified" : "2018-01-12T09:48:33.000Z" ,
"pattern" : "[file:hashes.MD5 = '8ad9cb6b948bcf7f9211887e0cf6f02a' AND file:hashes.SHA1 = '0246a237b281162059b84f1bc013d90bbb4104f7' AND file:hashes.SHA256 = '38f2c86041e0446730479cdb9c530298c0c4936722975c4e7446544fd6dcac9f']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-01-12T09:48:33Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--7cdf00e3-c53f-40b4-b7cd-514c78f9c864" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-01-12T09:48:30.000Z" ,
"modified" : "2018-01-12T09:48:30.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/38f2c86041e0446730479cdb9c530298c0c4936722975c4e7446544fd6dcac9f/analysis/1513864598/" ,
"category" : "External analysis" ,
"comment" : "TidePool Dropper" ,
"uuid" : "5a58846e-aed0-459e-b461-422402de0b81"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "41/68" ,
"category" : "Other" ,
"comment" : "TidePool Dropper" ,
"uuid" : "5a58846e-31ec-46e9-9a74-4c8b02de0b81"
} ,
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2017-12-21T13:56:38" ,
"category" : "Other" ,
"comment" : "TidePool Dropper" ,
"uuid" : "5a58846e-d154-44e8-bfb4-48f602de0b81"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--64cf2807-9421-4a99-bcdd-e82af40c7346" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-01-12T09:48:33.000Z" ,
"modified" : "2018-01-12T09:48:33.000Z" ,
"pattern" : "[file:hashes.MD5 = '9469dd12136b6514d82c3b01d6082f59' AND file:hashes.SHA1 = '47a963e7588e9af060dfac62b94076f270d4008e' AND file:hashes.SHA256 = '2252dcd1b6afacde3f94d9557811bb769c4f0af3cb7a48ffe068d31bb7c30e18']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-01-12T09:48:33Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--0b830feb-b802-42b3-9c13-f90d67dc3095" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-01-12T09:48:30.000Z" ,
"modified" : "2018-01-12T09:48:30.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/2252dcd1b6afacde3f94d9557811bb769c4f0af3cb7a48ffe068d31bb7c30e18/analysis/1512091554/" ,
"category" : "External analysis" ,
"comment" : "TidePool DLL" ,
"uuid" : "5a58846e-b3b4-44c8-8ba9-462402de0b81"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "49/67" ,
"category" : "Other" ,
"comment" : "TidePool DLL" ,
"uuid" : "5a58846e-1ab8-41e1-a712-4e3702de0b81"
} ,
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2017-12-01T01:25:54" ,
"category" : "Other" ,
"comment" : "TidePool DLL" ,
"uuid" : "5a58846f-1e7c-4eed-b934-4db002de0b81"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--96db58ab-0377-4a31-871b-c96f4652500e" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-01-12T09:48:34.000Z" ,
"modified" : "2018-01-12T09:48:34.000Z" ,
"pattern" : "[file:hashes.MD5 = '1aefd1c30d1710f901c70be7f1366cae' AND file:hashes.SHA1 = '6793228ee3b6bd1a4bc91f17460b89d12d347fc9' AND file:hashes.SHA256 = '1896d190ed5c5d04d74f8c2bfe70434f472b43441be824e81a31b7257b717e51']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-01-12T09:48:34Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--ea777cda-e274-445b-9504-912fdaf5ec18" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-01-12T09:48:31.000Z" ,
"modified" : "2018-01-12T09:48:31.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/1896d190ed5c5d04d74f8c2bfe70434f472b43441be824e81a31b7257b717e51/analysis/1474270852/" ,
"category" : "External analysis" ,
"comment" : "Phishing email" ,
"uuid" : "5a58846f-8bb8-4de7-82fd-450e02de0b81"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "20/55" ,
"category" : "Other" ,
"comment" : "Phishing email" ,
"uuid" : "5a58846f-9d80-48cd-8e1f-42fd02de0b81"
} ,
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2016-09-19T07:40:52" ,
"category" : "Other" ,
"comment" : "Phishing email" ,
"uuid" : "5a58846f-eca0-41fa-88c7-463502de0b81"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--ab660ec7-d756-4009-91c7-ef5ac5f7afcf" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-01-12T09:48:34.000Z" ,
"modified" : "2018-01-12T09:48:34.000Z" ,
"pattern" : "[file:hashes.MD5 = '3ed40dec891fd48c7ec6fa49b1058d24' AND file:hashes.SHA1 = '0e2c603e23219598dc3432d94df6dfae147cceab' AND file:hashes.SHA256 = 'de5060b7e9aaaeb8d24153fe35b77c27c95dadda5a5e727d99f407c8703db649']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-01-12T09:48:34Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--c4c4e9f6-4680-4789-b6a4-ec623a695c71" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-01-12T09:48:31.000Z" ,
"modified" : "2018-01-12T09:48:31.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/de5060b7e9aaaeb8d24153fe35b77c27c95dadda5a5e727d99f407c8703db649/analysis/1464236275/" ,
"category" : "External analysis" ,
"comment" : "Phishing email" ,
"uuid" : "5a58846f-cddc-4ff7-9b1d-421302de0b81"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "20/56" ,
"category" : "Other" ,
"comment" : "Phishing email" ,
"uuid" : "5a58846f-b4b4-42f1-8f52-4a1502de0b81"
} ,
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2016-05-26T04:17:55" ,
"category" : "Other" ,
"comment" : "Phishing email" ,
"uuid" : "5a58846f-582c-4af6-b645-436b02de0b81"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--faaab687-1aa7-4f25-aab1-e4c6800a80ab" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-01-12T09:48:34.000Z" ,
"modified" : "2018-01-12T09:48:34.000Z" ,
"pattern" : "[file:hashes.MD5 = '8c7cf7baaf20fe9bec63eb8928afdb41' AND file:hashes.SHA1 = '614ccb872e8feeab608a69d79c91bfeeb360ca9d' AND file:hashes.SHA256 = 'a4fae981b687fe230364508a3324cf6e6daa45ecddd6b7c7b532cdc980679076']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-01-12T09:48:34Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--b2e9a6ec-2c61-459b-9c48-a6d5b09d7fd6" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-01-12T09:48:31.000Z" ,
"modified" : "2018-01-12T09:48:31.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/a4fae981b687fe230364508a3324cf6e6daa45ecddd6b7c7b532cdc980679076/analysis/1502697388/" ,
"category" : "External analysis" ,
"comment" : "Group 2: 6/1/2012 \u00e2\u20ac\u201c 7/10/2012 - BS2005" ,
"uuid" : "5a58846f-1d68-41fa-a7b5-490b02de0b81"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "44/64" ,
"category" : "Other" ,
"comment" : "Group 2: 6/1/2012 \u00e2\u20ac\u201c 7/10/2012 - BS2005" ,
"uuid" : "5a58846f-ce24-4e5d-9c03-47b402de0b81"
} ,
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2017-08-14T07:56:28" ,
"category" : "Other" ,
"comment" : "Group 2: 6/1/2012 \u00e2\u20ac\u201c 7/10/2012 - BS2005" ,
"uuid" : "5a58846f-9260-43c4-adae-4c1702de0b81"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--8ec4d47a-540f-4bbb-bac4-083f4f481aab" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-01-12T09:48:34.000Z" ,
"modified" : "2018-01-12T09:48:34.000Z" ,
"pattern" : "[file:hashes.MD5 = 'aae962611da956a26a76d185455f1d44' AND file:hashes.SHA1 = '8bed9000c2f6347e683beadb1a5d4dedaccbd21f' AND file:hashes.SHA256 = '4d5e0eddcd014c63123f6a46af7e53b5ac25a7ff7de86f56277fe39bff32c7b5']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-01-12T09:48:34Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--3cd6bcdd-bbcf-45e1-9950-90c48d7756db" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-01-12T09:48:31.000Z" ,
"modified" : "2018-01-12T09:48:31.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/4d5e0eddcd014c63123f6a46af7e53b5ac25a7ff7de86f56277fe39bff32c7b5/analysis/1474272871/" ,
"category" : "External analysis" ,
"comment" : "Phishing email" ,
"uuid" : "5a58846f-7198-409e-929f-429e02de0b81"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "18/55" ,
"category" : "Other" ,
"comment" : "Phishing email" ,
"uuid" : "5a58846f-8398-4582-8767-42cc02de0b81"
} ,
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2016-09-19T08:14:31" ,
"category" : "Other" ,
"comment" : "Phishing email" ,
"uuid" : "5a58846f-6240-47e0-98b2-4ceb02de0b81"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--29618e84-7d70-49ea-8c5e-d888d51f24ab" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-01-12T09:48:34.000Z" ,
"modified" : "2018-01-12T09:48:34.000Z" ,
"pattern" : "[file:hashes.MD5 = '6bd64b291f2855bbdb011a0af1fab2fc' AND file:hashes.SHA1 = 'a8fa7f331329bb6b0018b5663961f50f60372dfc' AND file:hashes.SHA256 = 'c1a83a9600d69c91c19207a8ee16347202d50873b6dc4613ba4d6a6059610fa1']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-01-12T09:48:34Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--88f47bd4-e874-45e1-9c95-941a7cb0f52f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-01-12T09:48:31.000Z" ,
"modified" : "2018-01-12T09:48:31.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/c1a83a9600d69c91c19207a8ee16347202d50873b6dc4613ba4d6a6059610fa1/analysis/1477459761/" ,
"category" : "External analysis" ,
"comment" : "Group 2: 6/1/2012 \u00e2\u20ac\u201c 7/10/2012" ,
"uuid" : "5a58846f-fdb4-4ae5-ae96-481202de0b81"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "39/56" ,
"category" : "Other" ,
"comment" : "Group 2: 6/1/2012 \u00e2\u20ac\u201c 7/10/2012" ,
"uuid" : "5a588470-026c-4325-bca5-415202de0b81"
} ,
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2016-10-26T05:29:21" ,
"category" : "Other" ,
"comment" : "Group 2: 6/1/2012 \u00e2\u20ac\u201c 7/10/2012" ,
"uuid" : "5a588470-5850-4dc3-bc6a-453d02de0b81"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--0756b913-74c9-432d-819b-a421d08d375d" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-01-12T09:48:35.000Z" ,
"modified" : "2018-01-12T09:48:35.000Z" ,
"pattern" : "[file:hashes.MD5 = 'be0cc8411c066eac246097045b73c282' AND file:hashes.SHA1 = '1a14cfdf652bcd1df572e47ed261abe453a41399' AND file:hashes.SHA256 = '9d0a47bdf00f7bd332ddd4cf8d95dd11ebbb945dda3d72aac512512b48ad93ba']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-01-12T09:48:35Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--ecd39cdd-ca7c-48fd-b0e5-ad1d6abbce67" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-01-12T09:48:32.000Z" ,
"modified" : "2018-01-12T09:48:32.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/9d0a47bdf00f7bd332ddd4cf8d95dd11ebbb945dda3d72aac512512b48ad93ba/analysis/1512091725/" ,
"category" : "External analysis" ,
"comment" : "TidePool DLL" ,
"uuid" : "5a588470-c0e4-4c3b-8361-437102de0b81"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "48/67" ,
"category" : "Other" ,
"comment" : "TidePool DLL" ,
"uuid" : "5a588470-29dc-4540-804f-48f002de0b81"
} ,
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2017-12-01T01:28:45" ,
"category" : "Other" ,
"comment" : "TidePool DLL" ,
"uuid" : "5a588470-c608-4829-a0d1-477202de0b81"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--2404272c-a873-48c4-bc1f-2af5dde7d96e" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-01-12T09:48:35.000Z" ,
"modified" : "2018-01-12T09:48:35.000Z" ,
"pattern" : "[file:hashes.MD5 = 'bae673964e9bc2a45ebcc667895104ef' AND file:hashes.SHA1 = 'f1f895aa6bdb7369525abfb86b4475241e9dbfbb' AND file:hashes.SHA256 = '67c4e8ab0f12fae7b4aeb66f7e59e286bd98d3a77e5a291e8d58b3cfbc1514ed']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-01-12T09:48:35Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--6a5caeb6-3bcf-454d-85ea-96e9e13142d9" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-01-12T09:48:32.000Z" ,
"modified" : "2018-01-12T09:48:32.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/67c4e8ab0f12fae7b4aeb66f7e59e286bd98d3a77e5a291e8d58b3cfbc1514ed/analysis/1512091712/" ,
"category" : "External analysis" ,
"comment" : "TidePool DLL" ,
"uuid" : "5a588470-d520-4bdf-a8cd-4b5002de0b81"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "49/66" ,
"category" : "Other" ,
"comment" : "TidePool DLL" ,
"uuid" : "5a588470-5f84-413e-992a-4b8202de0b81"
} ,
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2017-12-01T01:28:32" ,
"category" : "Other" ,
"comment" : "TidePool DLL" ,
"uuid" : "5a588470-eaf8-4911-8673-4ac302de0b81"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--1bed7c4f-08df-4dce-8a44-b45a17fac214" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-01-12T09:48:35.000Z" ,
"modified" : "2018-01-12T09:48:35.000Z" ,
"pattern" : "[file:hashes.MD5 = '50611814ad2a843a8f998c57786abad7' AND file:hashes.SHA1 = '1178ddd92e0121e2ede7e1091661a324d31f0de0' AND file:hashes.SHA256 = '25a3b374894cacd922e7ff870bb19c84a9abfd69405dded13c3a6ceb5abe4d27']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-01-12T09:48:35Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--2cc94589-3349-4fad-b8a0-f90063b03212" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-01-12T09:48:32.000Z" ,
"modified" : "2018-01-12T09:48:32.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/25a3b374894cacd922e7ff870bb19c84a9abfd69405dded13c3a6ceb5abe4d27/analysis/1464323932/" ,
"category" : "External analysis" ,
"comment" : "Group 1: 3/1/2012 \u00e2\u20ac\u201c 3/22/2012" ,
"uuid" : "5a588471-14f8-4028-b391-41de02de0b81"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "43/57" ,
"category" : "Other" ,
"comment" : "Group 1: 3/1/2012 \u00e2\u20ac\u201c 3/22/2012" ,
"uuid" : "5a588471-59e0-419e-854d-43bf02de0b81"
} ,
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2016-05-27T04:38:52" ,
"category" : "Other" ,
"comment" : "Group 1: 3/1/2012 \u00e2\u20ac\u201c 3/22/2012" ,
"uuid" : "5a588471-c3b4-4b8c-8e72-40e002de0b81"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2023-12-14 14:30:15 +00:00
"id" : "relationship--b582a5d0-4580-4c19-9147-ebc95581bf34" ,
2023-04-21 14:44:17 +00:00
"created" : "2018-02-16T08:49:18.000Z" ,
"modified" : "2018-02-16T08:49:18.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "indicator--d36aca31-f8d7-4ac8-bf33-30fd88480de8" ,
"target_ref" : "x-misp-object--4c3e5932-e6a1-4554-9610-4cc1725c0b76"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2023-12-14 14:30:15 +00:00
"id" : "relationship--ab06d6bf-16db-45fa-98af-0290e7cedef8" ,
2023-04-21 14:44:17 +00:00
"created" : "2018-02-16T08:49:18.000Z" ,
"modified" : "2018-02-16T08:49:18.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "indicator--29317953-8a0f-4c20-9835-6cf7c4bdab52" ,
"target_ref" : "x-misp-object--abfa1b03-38a3-4cf7-9d5d-9bf1948898f4"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2023-12-14 14:30:15 +00:00
"id" : "relationship--ca5ca6e7-460b-45ec-b2df-a7f0fa218967" ,
2023-04-21 14:44:17 +00:00
"created" : "2018-02-16T08:49:18.000Z" ,
"modified" : "2018-02-16T08:49:18.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "indicator--33819efb-eb82-4a95-b1bf-1f78fe34b6fa" ,
"target_ref" : "x-misp-object--72f41d65-1c52-4c37-a1d6-e5d684df9bd8"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2023-12-14 14:30:15 +00:00
"id" : "relationship--22d665f3-ad99-4690-9f43-d5ec63aa4cd2" ,
2023-04-21 14:44:17 +00:00
"created" : "2018-02-16T08:49:18.000Z" ,
"modified" : "2018-02-16T08:49:18.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "indicator--f1715b9e-1213-45d0-b05e-89b657a557a9" ,
"target_ref" : "x-misp-object--670070b9-6439-402d-b6ea-1224c3b9fea8"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2023-12-14 14:30:15 +00:00
"id" : "relationship--392912d2-d1df-453e-a272-86d6b0175c33" ,
2023-04-21 14:44:17 +00:00
"created" : "2018-02-16T08:49:18.000Z" ,
"modified" : "2018-02-16T08:49:18.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "indicator--38b19130-caab-4039-85c5-064242831cd4" ,
"target_ref" : "x-misp-object--b7768dd0-8628-45a0-a1c0-30ff2c345300"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2023-12-14 14:30:15 +00:00
"id" : "relationship--2bdbf810-ca69-40d4-a3f4-c1ed8512ab1d" ,
2023-04-21 14:44:17 +00:00
"created" : "2018-02-16T08:49:19.000Z" ,
"modified" : "2018-02-16T08:49:19.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "indicator--1acad919-6ce1-465a-9c60-a3ac588a180d" ,
"target_ref" : "x-misp-object--7cdf00e3-c53f-40b4-b7cd-514c78f9c864"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2023-12-14 14:30:15 +00:00
"id" : "relationship--fef36d72-317b-4e78-b765-59afdf3a8899" ,
2023-04-21 14:44:17 +00:00
"created" : "2018-02-16T08:49:19.000Z" ,
"modified" : "2018-02-16T08:49:19.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "indicator--64cf2807-9421-4a99-bcdd-e82af40c7346" ,
"target_ref" : "x-misp-object--0b830feb-b802-42b3-9c13-f90d67dc3095"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2023-12-14 14:30:15 +00:00
"id" : "relationship--c83c98f2-05f0-4966-8722-1f91ee02f77c" ,
2023-04-21 14:44:17 +00:00
"created" : "2018-02-16T08:49:19.000Z" ,
"modified" : "2018-02-16T08:49:19.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "indicator--96db58ab-0377-4a31-871b-c96f4652500e" ,
"target_ref" : "x-misp-object--ea777cda-e274-445b-9504-912fdaf5ec18"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2023-12-14 14:30:15 +00:00
"id" : "relationship--d4bf757e-4fb1-4aa8-9779-fc0730e21f76" ,
2023-04-21 14:44:17 +00:00
"created" : "2018-02-16T08:49:19.000Z" ,
"modified" : "2018-02-16T08:49:19.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "indicator--ab660ec7-d756-4009-91c7-ef5ac5f7afcf" ,
"target_ref" : "x-misp-object--c4c4e9f6-4680-4789-b6a4-ec623a695c71"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2023-12-14 14:30:15 +00:00
"id" : "relationship--fcea8eb2-1ebd-45dc-8bde-b85f645a107a" ,
2023-04-21 14:44:17 +00:00
"created" : "2018-02-16T08:49:19.000Z" ,
"modified" : "2018-02-16T08:49:19.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "indicator--faaab687-1aa7-4f25-aab1-e4c6800a80ab" ,
"target_ref" : "x-misp-object--b2e9a6ec-2c61-459b-9c48-a6d5b09d7fd6"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2023-12-14 14:30:15 +00:00
"id" : "relationship--05d70ad3-ae05-46d7-9981-dd81385d7b4b" ,
2023-04-21 14:44:17 +00:00
"created" : "2018-02-16T08:49:19.000Z" ,
"modified" : "2018-02-16T08:49:19.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "indicator--8ec4d47a-540f-4bbb-bac4-083f4f481aab" ,
"target_ref" : "x-misp-object--3cd6bcdd-bbcf-45e1-9950-90c48d7756db"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2023-12-14 14:30:15 +00:00
"id" : "relationship--355f22d9-d2d2-4932-8fe5-73746ab92733" ,
2023-04-21 14:44:17 +00:00
"created" : "2018-02-16T08:49:19.000Z" ,
"modified" : "2018-02-16T08:49:19.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "indicator--29618e84-7d70-49ea-8c5e-d888d51f24ab" ,
"target_ref" : "x-misp-object--88f47bd4-e874-45e1-9c95-941a7cb0f52f"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2023-12-14 14:30:15 +00:00
"id" : "relationship--e0030221-71e9-4ffe-91ee-64dd636c92f0" ,
2023-04-21 14:44:17 +00:00
"created" : "2018-02-16T08:49:19.000Z" ,
"modified" : "2018-02-16T08:49:19.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "indicator--0756b913-74c9-432d-819b-a421d08d375d" ,
"target_ref" : "x-misp-object--ecd39cdd-ca7c-48fd-b0e5-ad1d6abbce67"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2023-12-14 14:30:15 +00:00
"id" : "relationship--a568abee-d8e6-4ccc-af4f-d9032497a4a5" ,
2023-04-21 14:44:17 +00:00
"created" : "2018-02-16T08:49:19.000Z" ,
"modified" : "2018-02-16T08:49:19.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "indicator--2404272c-a873-48c4-bc1f-2af5dde7d96e" ,
"target_ref" : "x-misp-object--6a5caeb6-3bcf-454d-85ea-96e9e13142d9"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2023-12-14 14:30:15 +00:00
"id" : "relationship--58ad8271-9019-4340-8e3f-9f9b4b890b87" ,
2023-04-21 14:44:17 +00:00
"created" : "2018-02-16T08:49:19.000Z" ,
"modified" : "2018-02-16T08:49:19.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "indicator--1bed7c4f-08df-4dce-8a44-b45a17fac214" ,
"target_ref" : "x-misp-object--2cc94589-3349-4fad-b8a0-f90063b03212"
} ,
{
"type" : "marking-definition" ,
"spec_version" : "2.1" ,
"id" : "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ,
"created" : "2017-01-20T00:00:00.000Z" ,
"definition_type" : "tlp" ,
"name" : "TLP:WHITE" ,
"definition" : {
"tlp" : "white"
}
}
]
}