2023-04-21 14:44:17 +00:00
{
"type" : "bundle" ,
"id" : "bundle--5a9e8885-2290-43d4-99bb-4cb3950d210f" ,
"objects" : [
{
"type" : "identity" ,
"spec_version" : "2.1" ,
"id" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-03-08T13:52:48.000Z" ,
"modified" : "2018-03-08T13:52:48.000Z" ,
"name" : "CIRCL" ,
"identity_class" : "organization"
} ,
{
"type" : "report" ,
"spec_version" : "2.1" ,
"id" : "report--5a9e8885-2290-43d4-99bb-4cb3950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-03-08T13:52:48.000Z" ,
"modified" : "2018-03-08T13:52:48.000Z" ,
"name" : "Malware \u00e2\u20ac\u0153TSCookie\u00e2\u20ac\u009d" ,
"published" : "2018-03-08T13:52:52Z" ,
"object_refs" : [
"observed-data--5a9e8895-38ec-41ba-a81c-44b4950d210f" ,
"url--5a9e8895-38ec-41ba-a81c-44b4950d210f" ,
"x-misp-attribute--5a9e8e1a-d450-44c2-b777-4ced950d210f" ,
"indicator--5a9e90c7-ef6c-4759-8056-43ac950d210f" ,
"indicator--5a9e90c8-a068-404a-95c5-4449950d210f" ,
"indicator--5a9e90c8-7b58-4e44-9c1e-490e950d210f" ,
"indicator--5a9e90c9-1c40-493a-a0c5-4aba950d210f" ,
"indicator--5a9e90c9-d88c-4a6b-bf40-47c1950d210f" ,
"indicator--5a9e90ca-d674-4629-a625-44e5950d210f" ,
"indicator--5a9e90cb-39ac-46ce-8179-4f56950d210f" ,
"indicator--5a9e90cb-563c-4243-bc6e-43fc950d210f" ,
"indicator--5a9e90cb-b174-403e-9ade-410e950d210f" ,
"indicator--5a9e90cc-2098-44d3-a908-4500950d210f" ,
"indicator--5a9e90cd-3534-4e4f-9c8e-4f2f950d210f" ,
"indicator--5a9e90cd-2a78-4840-8ca9-4c5f950d210f" ,
"indicator--5a9e90cd-78e0-40ae-8fac-49b0950d210f" ,
"indicator--5a9e90ce-ef24-4ef6-8398-4224950d210f" ,
"indicator--5a9e90ce-372c-4fc2-b16b-4bc7950d210f" ,
"indicator--5a9e90cf-0b10-4409-8a01-4a74950d210f" ,
"indicator--5a9e90cf-8edc-47db-b3ce-4133950d210f" ,
"indicator--5a9e90cf-9c6c-4485-a9fc-42c4950d210f" ,
"indicator--5a9e90d0-fff0-4f03-b913-4ed8950d210f" ,
"indicator--5a9e90d0-de70-4b60-a696-46fe950d210f" ,
"indicator--5a9e90d1-b800-4565-b6c1-4f11950d210f" ,
"indicator--5a9e90d1-ccec-4f91-b446-477c950d210f" ,
"indicator--5a9e9110-66b4-4296-bc51-55b6950d210f" ,
"indicator--5a9e9110-30bc-4b7f-9691-55b6950d210f" ,
"indicator--5a9e9111-93d4-48b2-8ac1-55b6950d210f" ,
"indicator--5a9e9111-20b4-4376-9ea1-55b6950d210f" ,
"indicator--5a9e9112-869c-47eb-b9f9-55b6950d210f" ,
"indicator--5a9e9112-e9dc-4402-aff2-55b6950d210f" ,
"indicator--5a9e9113-9f48-4117-b539-55b6950d210f" ,
"indicator--5a9e9113-62b4-4776-b57c-55b6950d210f" ,
"indicator--5a9e9113-0bcc-4250-87f2-55b6950d210f" ,
"indicator--5a9e9114-f588-4734-9e2d-55b6950d210f" ,
"indicator--5a9e9114-b914-4a16-b294-55b6950d210f" ,
"indicator--5a9e9115-64d8-401f-929b-55b6950d210f" ,
"indicator--5a9e9115-2408-4143-9ffc-55b6950d210f" ,
"indicator--5a9e9116-6104-47e8-b0c8-55b6950d210f" ,
"indicator--5a9e9116-9fb8-401c-adf3-55b6950d210f" ,
"indicator--5a9e9117-1cb8-4839-bafd-55b6950d210f" ,
"indicator--5a9e9117-7a70-4ab4-80eb-55b6950d210f" ,
"indicator--5a9e9117-e7f0-4c0f-82d3-55b6950d210f" ,
"indicator--5a9e9119-6aa4-40cd-b858-55b6950d210f" ,
"indicator--5a9e9119-0b44-437f-b0f4-55b6950d210f" ,
"indicator--5a9e911a-c0f8-4cff-a02a-55b6950d210f" ,
"indicator--5a9e911a-1458-4cbe-83be-55b6950d210f" ,
"indicator--5a9e911b-2684-4ed7-a887-55b6950d210f" ,
"indicator--5a9e911b-9914-406b-9009-55b6950d210f" ,
"indicator--5a9e911c-dc5c-4220-9f31-55b6950d210f" ,
"indicator--5a9e911c-9488-41c7-bcf0-55b6950d210f" ,
"indicator--5a9e911d-9b40-4299-a142-55b6950d210f" ,
"indicator--5a9e911d-4f64-4ac8-93ba-55b6950d210f" ,
"indicator--5a9e911d-ff74-4dd1-b1ac-55b6950d210f" ,
"indicator--4402d608-b363-4916-ba54-30959e6890fc" ,
"x-misp-object--78256e1f-0a28-49e0-bfda-af70c4adead1" ,
"indicator--2d88ca86-0874-436c-9e4b-2604837db69a" ,
"x-misp-object--797f034d-87f8-49b0-9e2a-310e7fe4c58b" ,
"indicator--3f5a42ce-8371-4465-bfed-c336ae0003d9" ,
"x-misp-object--32f8255d-4249-4e93-9843-e858724387ec" ,
"indicator--9916cd8b-7200-4bc9-8f29-6c89e83c029d" ,
"x-misp-object--ba5f68f7-1759-4d5f-a585-57971978154a" ,
"indicator--621c93ce-a15f-475c-bd9c-f0a2c5392422" ,
"x-misp-object--a639913d-e8d7-4320-a6a4-b2e29a828317" ,
"indicator--e43ff2d1-04eb-4e81-a78a-c43bdef5e095" ,
"x-misp-object--2b595ed2-fe4e-4804-9dbb-2598290e9956" ,
"indicator--8d204442-f8c7-4b2a-9884-70a9f9f899cf" ,
"x-misp-object--681a90c5-a2ba-433f-a93b-1520613dd75d" ,
"indicator--8a842ea1-d356-49dd-99b4-f47f9b575563" ,
"x-misp-object--f35218de-6d10-41e4-96a8-3dbeb7b22de5" ,
"indicator--25716f26-fcc8-42ae-aeae-c77a4888fbc6" ,
"x-misp-object--d96b1e48-4f58-4696-9a98-49ed44cdac9f" ,
"indicator--29d1ffdf-3772-44a5-b7c8-df4d06771fa9" ,
"x-misp-object--b96da205-17e7-4eb9-a984-ea2bd87809d8" ,
"indicator--1db6bd91-44d8-4f89-829f-8cb6b5db212a" ,
"x-misp-object--f1ac3050-0bd8-4a7a-8cfa-2080afcb1f66" ,
"indicator--a38e103b-a56d-4858-8488-8c9479a4331d" ,
"x-misp-object--db938fa0-64a1-4a36-813b-aa7f8b59fd61" ,
"indicator--77982af4-a238-4e51-a92d-a9e271694920" ,
"x-misp-object--52dd0d58-fe73-465e-a936-b20e24fee56c" ,
"indicator--33a3808e-af5d-4539-9c3b-3df320a56a3a" ,
"x-misp-object--7b891a38-71ed-4ee6-b826-e3fb43321a32" ,
"indicator--24c2101e-dbd2-4110-b7a0-9c7d27a6475a" ,
"x-misp-object--86912550-75fc-4676-93f0-1d260ded8156" ,
"indicator--e0a2f3da-2d01-429d-a2d0-fdd5261fdd56" ,
"x-misp-object--04590309-e5c6-4057-8f0b-19d0a3daae99" ,
"indicator--6f8ea264-b4a9-4c73-a996-75ac4ca9b418" ,
"x-misp-object--19b68e1f-fc3f-4dac-8aba-1f63f27d9fef" ,
"indicator--5e18fe15-a21c-40bd-b25f-9f5e89410a20" ,
"x-misp-object--ec86284c-3541-494f-aae4-66d72ccb9f61" ,
"indicator--4f7f4a20-8183-452b-b43d-5e56ae0703ee" ,
"x-misp-object--9b33f48e-da51-4027-9ba3-828e393d71d0" ,
"indicator--9c952bd8-be45-416a-8a4c-8cb1a3587b43" ,
"x-misp-object--54b5178b-08da-4117-a5c0-93e27f27cd89" ,
"indicator--86b54c18-f08b-4699-abd4-13467a486427" ,
"x-misp-object--9d152d94-b595-467c-856b-1d3d6875232f" ,
"indicator--01fac250-d6a8-4c3a-aa84-f6e03afeed0c" ,
"x-misp-object--9837ef09-06e8-4e9b-b16f-c5cda02cb39f" ,
2023-12-14 14:30:15 +00:00
"relationship--757ab3ab-408f-461d-9ebf-7bd0b4121891" ,
"relationship--c0fba675-7494-49a6-8ac8-8b43b3296bdd" ,
"relationship--5ddd5c28-b8ed-4a85-b263-e7bf1947359e" ,
"relationship--667be796-a680-47cd-86fb-96680633dac2" ,
"relationship--109f5993-c01d-4adc-863a-6a5a7662b11e" ,
"relationship--7cdd3896-7504-491a-ac29-43ef53c6ee16" ,
"relationship--b21e7fd4-c97f-4e1a-a040-bd950a2af406" ,
"relationship--7dd2e7d8-df75-457f-8519-44ad942f1c30" ,
"relationship--b10599b5-de7b-47f9-b78c-f61ea7822351" ,
"relationship--0082f4f4-a969-433f-9233-38f9f9265ee9" ,
"relationship--5f8bc041-3581-4e31-84d1-8fc8c23c2b40" ,
"relationship--32d1aa76-2981-4448-a070-5e4bb5d747e3" ,
"relationship--eb9809cf-6f4f-475f-9b64-2913893816d4" ,
"relationship--504c4205-a674-4b4f-9ded-7b04a57fe31b" ,
"relationship--9b2109ae-cc3d-4609-8d49-cc7305ca370b" ,
"relationship--fc2fcc79-11c5-49db-8c82-898d5c9504dc" ,
"relationship--1f01a3dd-6c0e-41ff-bfed-5c9d5584edb1" ,
"relationship--f01adb78-6ff2-4382-82c5-a2747a73bec7" ,
"relationship--8388c68a-909f-4e88-a8b3-4cfe0a76cd1e" ,
"relationship--604a7624-2043-4cfe-b9fb-874290697e85" ,
"relationship--9dbca8f7-b0d9-4679-8aa0-7308538f866f" ,
"relationship--8e09cee6-c923-4dc7-bc72-fa0eddb0aaf6"
2023-04-21 14:44:17 +00:00
] ,
"labels" : [
"Threat-Report" ,
"misp:tool=\"MISP-STIX-Converter\"" ,
"circl:incident-classification=\"malware\"" ,
"osint:source-type=\"blog-post\"" ,
"workflow:todo=\"create-missing-misp-galaxy-cluster-values\""
] ,
"object_marking_refs" : [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--5a9e8895-38ec-41ba-a81c-44b4950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-03-06T21:34:52.000Z" ,
"modified" : "2018-03-06T21:34:52.000Z" ,
"first_observed" : "2018-03-06T21:34:52Z" ,
"last_observed" : "2018-03-06T21:34:52Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--5a9e8895-38ec-41ba-a81c-44b4950d210f"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\"" ,
"osint:source-type=\"blog-post\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--5a9e8895-38ec-41ba-a81c-44b4950d210f" ,
"value" : "http://blog.jpcert.or.jp/.s/2018/03/malware-tscooki-7aa0.html"
} ,
{
"type" : "x-misp-attribute" ,
"spec_version" : "2.1" ,
"id" : "x-misp-attribute--5a9e8e1a-d450-44c2-b777-4ced950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-03-06T21:34:52.000Z" ,
"modified" : "2018-03-06T21:34:52.000Z" ,
"labels" : [
"misp:type=\"comment\"" ,
"misp:category=\"External analysis\"" ,
"osint:source-type=\"blog-post\""
] ,
"x_misp_category" : "External analysis" ,
"x_misp_type" : "comment" ,
"x_misp_value" : "Around 17 January 2018, there were some reports on the social media about malicious emails purporting to be from Ministry of Education, Culture, Sports, Science and Technology of Japan [1]. This email contains a URL leading to a malware called \u00e2\u20ac\u0153TSCookie\u00e2\u20ac\u009d. (Trend Micro calls it \u00e2\u20ac\u0153PLEAD\u00e2\u20ac\u009d malware [2]. Since PLEAD is also referred to as an attack campaign, we call this malware TSCookie in this article.) TSCookie has been observed in the wild since 2015, and it is suspected that an attacker group \u00e2\u20ac\u0153BlackTech\u00e2\u20ac\u009d is related to this campaign [3]. JPCERT/CC confirmed that adversaries using the malware had conducted targeted attacks against Japanese organisations in the past. This article presents findings from TSCookie analysis."
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a9e90c7-ef6c-4759-8056-43ac950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-03-06T12:59:51.000Z" ,
"modified" : "2018-03-06T12:59:51.000Z" ,
"description" : "TSCookie" ,
"pattern" : "[file:hashes.SHA256 = '6d2f5675630d0dae65a796ac624fb90f42f35fbe5dec2ec8f4adce5ebfaabf75']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-03-06T12:59:51Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a9e90c8-a068-404a-95c5-4449950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-03-06T12:59:52.000Z" ,
"modified" : "2018-03-06T12:59:52.000Z" ,
"description" : "TSCookie" ,
"pattern" : "[file:hashes.SHA256 = 'cdf0e4c415eb55bccb43a650e330348b63bc3cbb53f71a215c44ede939b4b830']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-03-06T12:59:52Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a9e90c8-7b58-4e44-9c1e-490e950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-03-06T12:59:52.000Z" ,
"modified" : "2018-03-06T12:59:52.000Z" ,
"description" : "TSCookie" ,
"pattern" : "[file:hashes.SHA256 = '17f1996ad7e602bd2a7e9524d7d70ee8588dac51469b08017df9aaaca09d8dd9']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-03-06T12:59:52Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a9e90c9-1c40-493a-a0c5-4aba950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-03-06T12:59:53.000Z" ,
"modified" : "2018-03-06T12:59:53.000Z" ,
"description" : "TSCookie" ,
"pattern" : "[file:hashes.SHA256 = '1fa7cbe57eedea0ebc8eb37b91e7536c07be7da7775a6c01e5b14489387b9ca8']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-03-06T12:59:53Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a9e90c9-d88c-4a6b-bf40-47c1950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-03-06T12:59:53.000Z" ,
"modified" : "2018-03-06T12:59:53.000Z" ,
"description" : "TSCookie" ,
"pattern" : "[file:hashes.SHA256 = 'e451a1e05c0cc363a185a98819cd2af421ac87154702bf72007ecc0134c7f417']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-03-06T12:59:53Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a9e90ca-d674-4629-a625-44e5950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-03-06T12:59:54.000Z" ,
"modified" : "2018-03-06T12:59:54.000Z" ,
"description" : "TSCookie" ,
"pattern" : "[file:hashes.SHA256 = '1da9b4a84041b8c72dad9626db822486ce47b9a3ab6b36c41b0637cd1f6444d6']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-03-06T12:59:54Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a9e90cb-39ac-46ce-8179-4f56950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-03-06T12:59:55.000Z" ,
"modified" : "2018-03-06T12:59:55.000Z" ,
"description" : "TSCookie" ,
"pattern" : "[file:hashes.SHA256 = '35f966187098ac42684361b2a93b0cee5e2762a0d1e13b8d366a18bccf4f5a91']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-03-06T12:59:55Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a9e90cb-563c-4243-bc6e-43fc950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-03-06T12:59:55.000Z" ,
"modified" : "2018-03-06T12:59:55.000Z" ,
"description" : "TSCookie" ,
"pattern" : "[file:hashes.SHA256 = '0683437aebd980c395a83e837a6056df1a21e137e875f234d1ed9f9a91dfdc7f']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-03-06T12:59:55Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a9e90cb-b174-403e-9ade-410e950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-03-06T12:59:55.000Z" ,
"modified" : "2018-03-06T12:59:55.000Z" ,
"description" : "TSCookie" ,
"pattern" : "[file:hashes.SHA256 = '0debbcc297cb8f9b81c8c217e748122243562357297b63749c3847af3b7fd646']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-03-06T12:59:55Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a9e90cc-2098-44d3-a908-4500950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-03-06T12:59:56.000Z" ,
"modified" : "2018-03-06T12:59:56.000Z" ,
"description" : "TSCookie" ,
"pattern" : "[file:hashes.SHA256 = '96306202b0c4495cf93e805e9185ea6f2626650d6132a98a8f097f8c6a424a33']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-03-06T12:59:56Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a9e90cd-3534-4e4f-9c8e-4f2f950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-03-06T12:59:57.000Z" ,
"modified" : "2018-03-06T12:59:57.000Z" ,
"description" : "TSCookie" ,
"pattern" : "[file:hashes.SHA256 = '6b66c6d8859dfe06c0415be4df2bd836561d5a6eabce98ddd2ee54e89e37fd44']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-03-06T12:59:57Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a9e90cd-2a78-4840-8ca9-4c5f950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-03-06T12:59:57.000Z" ,
"modified" : "2018-03-06T12:59:57.000Z" ,
"description" : "TSCookie" ,
"pattern" : "[file:hashes.SHA256 = '06a9c71342eeb14b7e8871f77524e8acc7b86670411b854fa7f6f57c918ffd2b']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-03-06T12:59:57Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a9e90cd-78e0-40ae-8fac-49b0950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-03-06T12:59:57.000Z" ,
"modified" : "2018-03-06T12:59:57.000Z" ,
"description" : "TSCookie" ,
"pattern" : "[file:hashes.SHA256 = '20f7f367f9cb8beca7ce1ba980fafa870863245f27fea48b971859a8cb47eb09']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-03-06T12:59:57Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a9e90ce-ef24-4ef6-8398-4224950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-03-06T12:59:58.000Z" ,
"modified" : "2018-03-06T12:59:58.000Z" ,
"description" : "TSCookie" ,
"pattern" : "[file:hashes.SHA256 = 'f16befd79b7f8ffdaf934ef337a91a5f1dc6da54c4b2bee5fe7a0eb38e8af39e']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-03-06T12:59:58Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a9e90ce-372c-4fc2-b16b-4bc7950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-03-06T12:59:58.000Z" ,
"modified" : "2018-03-06T12:59:58.000Z" ,
"description" : "TSCookie" ,
"pattern" : "[file:hashes.SHA256 = '12b0f1337bda78f8a7963d2744668854d81e1f1b64790b74d486281bc54e6647']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-03-06T12:59:58Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a9e90cf-0b10-4409-8a01-4a74950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-03-06T12:59:59.000Z" ,
"modified" : "2018-03-06T12:59:59.000Z" ,
"description" : "TSCookie" ,
"pattern" : "[file:hashes.SHA256 = '201bf3cd2a723d6c728d18a9e41ff038549eac8406f453c5197a1a7b45998673']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-03-06T12:59:59Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a9e90cf-8edc-47db-b3ce-4133950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-03-06T12:59:59.000Z" ,
"modified" : "2018-03-06T12:59:59.000Z" ,
"description" : "TSCookie" ,
"pattern" : "[file:hashes.SHA256 = '5443ee54a532846da3182630e2bb031f54825025700bcd5f0e34802e7345c7b2']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-03-06T12:59:59Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a9e90cf-9c6c-4485-a9fc-42c4950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-03-06T12:59:59.000Z" ,
"modified" : "2018-03-06T12:59:59.000Z" ,
"description" : "TSCookie" ,
"pattern" : "[file:hashes.SHA256 = '39d7d764405b9c613dff6da4909d9bc46620beee7a7913c4666acf9e76a171e4']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-03-06T12:59:59Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a9e90d0-fff0-4f03-b913-4ed8950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-03-06T13:00:00.000Z" ,
"modified" : "2018-03-06T13:00:00.000Z" ,
"description" : "TSCookie" ,
"pattern" : "[file:hashes.SHA256 = 'afe780ba2af6c86babf2d0270156da61f556c493259d4ca54c67665c17b02023']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-03-06T13:00:00Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a9e90d0-de70-4b60-a696-46fe950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-03-06T13:00:00.000Z" ,
"modified" : "2018-03-06T13:00:00.000Z" ,
"description" : "TSCookie" ,
"pattern" : "[file:hashes.SHA256 = '4a8237f9ecdad3b51ffd00d769e23f61f1e791f998d1959ad9b61d53ea306c09']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-03-06T13:00:00Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a9e90d1-b800-4565-b6c1-4f11950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-03-06T13:00:01.000Z" ,
"modified" : "2018-03-06T13:00:01.000Z" ,
"description" : "TSCookie" ,
"pattern" : "[file:hashes.SHA256 = '203c924cd274d052e8e95246d31bd168f3d8a0700a774c98eff882c8b8399a2f']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-03-06T13:00:01Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a9e90d1-ccec-4f91-b446-477c950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-03-06T13:00:01.000Z" ,
"modified" : "2018-03-06T13:00:01.000Z" ,
"description" : "TSCookieRAT" ,
"pattern" : "[file:hashes.SHA256 = '2bd13d63797864a70b775bd1994016f5052dc8fd1fd83ce1c13234b5d304330d']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-03-06T13:00:01Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a9e9110-66b4-4296-bc51-55b6950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-03-06T21:34:53.000Z" ,
"modified" : "2018-03-06T21:34:53.000Z" ,
"description" : "Destination hosts associated with TSCookie" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '220.130.216.76']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-03-06T21:34:53Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a9e9110-30bc-4b7f-9691-55b6950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-03-06T21:34:53.000Z" ,
"modified" : "2018-03-06T21:34:53.000Z" ,
"description" : "Destination hosts associated with TSCookie" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '60.244.52.29']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-03-06T21:34:53Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a9e9111-93d4-48b2-8ac1-55b6950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-03-06T21:34:53.000Z" ,
"modified" : "2018-03-06T21:34:53.000Z" ,
"description" : "Destination hosts associated with TSCookie" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '45.76.102.145']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-03-06T21:34:53Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a9e9111-20b4-4376-9ea1-55b6950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-03-06T21:34:54.000Z" ,
"modified" : "2018-03-06T21:34:54.000Z" ,
"description" : "Destination hosts associated with TSCookie" ,
"pattern" : "[domain-name:value = 'jpcerts.jpcertinfo.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-03-06T21:34:54Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"hostname\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a9e9112-869c-47eb-b9f9-55b6950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-03-06T21:34:54.000Z" ,
"modified" : "2018-03-06T21:34:54.000Z" ,
"description" : "Destination hosts associated with TSCookie" ,
"pattern" : "[domain-name:value = 'jpcert.ignorelist.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-03-06T21:34:54Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"hostname\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a9e9112-e9dc-4402-aff2-55b6950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-03-06T21:34:55.000Z" ,
"modified" : "2018-03-06T21:34:55.000Z" ,
"description" : "Destination hosts associated with TSCookie" ,
"pattern" : "[domain-name:value = 'twnicsi.ignorelist.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-03-06T21:34:55Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"hostname\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a9e9113-9f48-4117-b539-55b6950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-03-06T21:34:55.000Z" ,
"modified" : "2018-03-06T21:34:55.000Z" ,
"description" : "Destination hosts associated with TSCookie" ,
"pattern" : "[domain-name:value = 'twcertcc.jumpingcrab.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-03-06T21:34:55Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"hostname\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a9e9113-62b4-4776-b57c-55b6950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-03-06T21:34:55.000Z" ,
"modified" : "2018-03-06T21:34:55.000Z" ,
"description" : "Destination hosts associated with TSCookie" ,
"pattern" : "[domain-name:value = 'okinawas.ssl443.org']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-03-06T21:34:55Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"hostname\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a9e9113-0bcc-4250-87f2-55b6950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-03-06T21:34:56.000Z" ,
"modified" : "2018-03-06T21:34:56.000Z" ,
"description" : "Destination hosts associated with TSCookie" ,
"pattern" : "[domain-name:value = 'apk36501.flnet.org']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-03-06T21:34:56Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"hostname\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a9e9114-f588-4734-9e2d-55b6950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-03-06T21:34:56.000Z" ,
"modified" : "2018-03-06T21:34:56.000Z" ,
"description" : "Destination hosts associated with TSCookie" ,
"pattern" : "[domain-name:value = 'appinfo.fairuse.org']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-03-06T21:34:56Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"hostname\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a9e9114-b914-4a16-b294-55b6950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-03-06T21:34:57.000Z" ,
"modified" : "2018-03-06T21:34:57.000Z" ,
"description" : "Destination hosts associated with TSCookie" ,
"pattern" : "[domain-name:value = 'carcolors.effers.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-03-06T21:34:57Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"hostname\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a9e9115-64d8-401f-929b-55b6950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-03-06T21:34:57.000Z" ,
"modified" : "2018-03-06T21:34:57.000Z" ,
"description" : "Destination hosts associated with TSCookie" ,
"pattern" : "[domain-name:value = 'edu.microsoftmse.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-03-06T21:34:57Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"hostname\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a9e9115-2408-4143-9ffc-55b6950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-03-06T21:34:57.000Z" ,
"modified" : "2018-03-06T21:34:57.000Z" ,
"description" : "Destination hosts associated with TSCookie" ,
"pattern" : "[domain-name:value = 'eoffice.etowns.org']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-03-06T21:34:57Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"hostname\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a9e9116-6104-47e8-b0c8-55b6950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-03-06T21:34:58.000Z" ,
"modified" : "2018-03-06T21:34:58.000Z" ,
"description" : "Destination hosts associated with TSCookie" ,
"pattern" : "[domain-name:value = 'epayplus.flnet.org']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-03-06T21:34:58Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"hostname\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a9e9116-9fb8-401c-adf3-55b6950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-03-06T21:34:58.000Z" ,
"modified" : "2018-03-06T21:34:58.000Z" ,
"description" : "Destination hosts associated with TSCookie" ,
"pattern" : "[domain-name:value = 'fatgirls.fatdiary.org']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-03-06T21:34:58Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"hostname\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a9e9117-1cb8-4839-bafd-55b6950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-03-06T21:34:59.000Z" ,
"modified" : "2018-03-06T21:34:59.000Z" ,
"description" : "Destination hosts associated with TSCookie" ,
"pattern" : "[domain-name:value = 'gethappy.effers.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-03-06T21:34:59Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"hostname\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a9e9117-7a70-4ab4-80eb-55b6950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-03-06T21:34:59.000Z" ,
"modified" : "2018-03-06T21:34:59.000Z" ,
"description" : "Destination hosts associated with TSCookie" ,
"pattern" : "[domain-name:value = 'iawntsilk.dnset.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-03-06T21:34:59Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"hostname\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a9e9117-e7f0-4c0f-82d3-55b6950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-03-06T21:35:00.000Z" ,
"modified" : "2018-03-06T21:35:00.000Z" ,
"description" : "Destination hosts associated with TSCookie" ,
"pattern" : "[domain-name:value = 'inewdays.csproject.org']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-03-06T21:35:00Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"hostname\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a9e9119-6aa4-40cd-b858-55b6950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-03-06T21:35:00.000Z" ,
"modified" : "2018-03-06T21:35:00.000Z" ,
"description" : "Destination hosts associated with TSCookie" ,
"pattern" : "[domain-name:value = 'ktyguxs.dnset.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-03-06T21:35:00Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"hostname\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a9e9119-0b44-437f-b0f4-55b6950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-03-06T21:35:00.000Z" ,
"modified" : "2018-03-06T21:35:00.000Z" ,
"description" : "Destination hosts associated with TSCookie" ,
"pattern" : "[domain-name:value = 'lang.suroot.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-03-06T21:35:00Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"hostname\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a9e911a-c0f8-4cff-a02a-55b6950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-03-06T21:35:01.000Z" ,
"modified" : "2018-03-06T21:35:01.000Z" ,
"description" : "Destination hosts associated with TSCookie" ,
"pattern" : "[domain-name:value = 'langlang.dnset.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-03-06T21:35:01Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"hostname\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a9e911a-1458-4cbe-83be-55b6950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-03-06T21:35:01.000Z" ,
"modified" : "2018-03-06T21:35:01.000Z" ,
"description" : "Destination hosts associated with TSCookie" ,
"pattern" : "[domain-name:value = 'longdays.csproject.org']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-03-06T21:35:01Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"hostname\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a9e911b-2684-4ed7-a887-55b6950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-03-06T21:35:02.000Z" ,
"modified" : "2018-03-06T21:35:02.000Z" ,
"description" : "Destination hosts associated with TSCookie" ,
"pattern" : "[domain-name:value = 'lookatinfo.dnset.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-03-06T21:35:02Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"hostname\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a9e911b-9914-406b-9009-55b6950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-03-06T21:35:02.000Z" ,
"modified" : "2018-03-06T21:35:02.000Z" ,
"description" : "Destination hosts associated with TSCookie" ,
"pattern" : "[domain-name:value = 'newtowns.flnet.org']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-03-06T21:35:02Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"hostname\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a9e911c-dc5c-4220-9f31-55b6950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-03-06T21:35:03.000Z" ,
"modified" : "2018-03-06T21:35:03.000Z" ,
"description" : "Destination hosts associated with TSCookie" ,
"pattern" : "[domain-name:value = 'ntp.ukrootns1.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-03-06T21:35:03Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"hostname\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a9e911c-9488-41c7-bcf0-55b6950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-03-06T21:35:03.000Z" ,
"modified" : "2018-03-06T21:35:03.000Z" ,
"description" : "Destination hosts associated with TSCookie" ,
"pattern" : "[domain-name:value = 'office.dns04.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-03-06T21:35:03Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"hostname\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a9e911d-9b40-4299-a142-55b6950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-03-06T21:35:03.000Z" ,
"modified" : "2018-03-06T21:35:03.000Z" ,
"description" : "Destination hosts associated with TSCookie" ,
"pattern" : "[domain-name:value = 'savecars.dnset.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-03-06T21:35:03Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"hostname\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a9e911d-4f64-4ac8-93ba-55b6950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-03-06T21:35:04.000Z" ,
"modified" : "2018-03-06T21:35:04.000Z" ,
"description" : "Destination hosts associated with TSCookie" ,
"pattern" : "[domain-name:value = 'splashed.effers.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-03-06T21:35:04Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"hostname\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a9e911d-ff74-4dd1-b1ac-55b6950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-03-06T21:35:04.000Z" ,
"modified" : "2018-03-06T21:35:04.000Z" ,
"description" : "Destination hosts associated with TSCookie" ,
"pattern" : "[domain-name:value = 'sslmaker.ssl443.org']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-03-06T21:35:04Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"hostname\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--4402d608-b363-4916-ba54-30959e6890fc" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-03-06T21:35:08.000Z" ,
"modified" : "2018-03-06T21:35:08.000Z" ,
"pattern" : "[file:hashes.MD5 = '28ded83e93dea7b119d78096a8e06161' AND file:hashes.SHA1 = '9d5a919bfd43d07667a63faf63e6728a3ec565e9' AND file:hashes.SHA256 = 'afe780ba2af6c86babf2d0270156da61f556c493259d4ca54c67665c17b02023']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-03-06T21:35:08Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--78256e1f-0a28-49e0-bfda-af70c4adead1" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-03-06T21:35:06.000Z" ,
"modified" : "2018-03-06T21:35:06.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/afe780ba2af6c86babf2d0270156da61f556c493259d4ca54c67665c17b02023/analysis/1520362133/" ,
"category" : "External analysis" ,
"comment" : "TSCookie" ,
"uuid" : "5a9f098b-d23c-4383-b681-465702de0b81"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "40/67" ,
"category" : "Other" ,
"comment" : "TSCookie" ,
"uuid" : "5a9f098b-c208-44ea-977c-412302de0b81"
} ,
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2018-03-06T18:48:53" ,
"category" : "Other" ,
"comment" : "TSCookie" ,
"uuid" : "5a9f098b-8128-4367-bcc2-441802de0b81"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--2d88ca86-0874-436c-9e4b-2604837db69a" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-03-06T21:35:11.000Z" ,
"modified" : "2018-03-06T21:35:11.000Z" ,
"pattern" : "[file:hashes.MD5 = 'd86df4f012398a9ea8742e62685415a1' AND file:hashes.SHA1 = 'f4a34fb98384ff961a7eaacd71318b43ec022992' AND file:hashes.SHA256 = '96306202b0c4495cf93e805e9185ea6f2626650d6132a98a8f097f8c6a424a33']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-03-06T21:35:11Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--797f034d-87f8-49b0-9e2a-310e7fe4c58b" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-03-06T21:35:09.000Z" ,
"modified" : "2018-03-06T21:35:09.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/96306202b0c4495cf93e805e9185ea6f2626650d6132a98a8f097f8c6a424a33/analysis/1481789434/" ,
"category" : "External analysis" ,
"comment" : "TSCookie" ,
"uuid" : "5a9f098d-2df8-48eb-ac68-421602de0b81"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "18/56" ,
"category" : "Other" ,
"comment" : "TSCookie" ,
"uuid" : "5a9f098e-ea8c-4ed0-a0b2-44e602de0b81"
} ,
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2016-12-15T08:10:34" ,
"category" : "Other" ,
"comment" : "TSCookie" ,
"uuid" : "5a9f098e-692c-4c5f-a865-4e6b02de0b81"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--3f5a42ce-8371-4465-bfed-c336ae0003d9" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-03-06T21:35:13.000Z" ,
"modified" : "2018-03-06T21:35:13.000Z" ,
"pattern" : "[file:hashes.MD5 = '64841350aca9f0c347c29a46c839e7db' AND file:hashes.SHA1 = '2e2453ae1bdbbd954093779e040d5d27507f526b' AND file:hashes.SHA256 = '35f966187098ac42684361b2a93b0cee5e2762a0d1e13b8d366a18bccf4f5a91']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-03-06T21:35:13Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--32f8255d-4249-4e93-9843-e858724387ec" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-03-06T21:35:11.000Z" ,
"modified" : "2018-03-06T21:35:11.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/35f966187098ac42684361b2a93b0cee5e2762a0d1e13b8d366a18bccf4f5a91/analysis/1507058503/" ,
"category" : "External analysis" ,
"comment" : "TSCookie" ,
"uuid" : "5a9f098f-5aac-4395-8e7c-4e7402de0b81"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "33/65" ,
"category" : "Other" ,
"comment" : "TSCookie" ,
"uuid" : "5a9f0990-b9fc-4c31-958e-480f02de0b81"
} ,
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2017-10-03T19:21:43" ,
"category" : "Other" ,
"comment" : "TSCookie" ,
"uuid" : "5a9f0990-8a98-46c3-ac7f-47f402de0b81"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--9916cd8b-7200-4bc9-8f29-6c89e83c029d" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-03-06T21:35:15.000Z" ,
"modified" : "2018-03-06T21:35:15.000Z" ,
"pattern" : "[file:hashes.MD5 = '1e0905f399e8c935eb08806037187f4b' AND file:hashes.SHA1 = '9c3fdf269b4e6f01faed70ff358e8a2923140722' AND file:hashes.SHA256 = '6b66c6d8859dfe06c0415be4df2bd836561d5a6eabce98ddd2ee54e89e37fd44']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-03-06T21:35:15Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--ba5f68f7-1759-4d5f-a585-57971978154a" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-03-06T21:35:14.000Z" ,
"modified" : "2018-03-06T21:35:14.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/6b66c6d8859dfe06c0415be4df2bd836561d5a6eabce98ddd2ee54e89e37fd44/analysis/1520362129/" ,
"category" : "External analysis" ,
"comment" : "TSCookie" ,
"uuid" : "5a9f0992-6a94-471b-a99e-400f02de0b81"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "43/66" ,
"category" : "Other" ,
"comment" : "TSCookie" ,
"uuid" : "5a9f0992-1148-494a-ba7e-426c02de0b81"
} ,
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2018-03-06T18:48:49" ,
"category" : "Other" ,
"comment" : "TSCookie" ,
"uuid" : "5a9f0992-5a64-4573-945b-49d802de0b81"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--621c93ce-a15f-475c-bd9c-f0a2c5392422" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-03-06T21:35:18.000Z" ,
"modified" : "2018-03-06T21:35:18.000Z" ,
"pattern" : "[file:hashes.MD5 = 'f99fa1c64e4e7b17cb45c7727e38bfa1' AND file:hashes.SHA1 = '3e37ad081f5b041166b2e3f1632c54019e9f102f' AND file:hashes.SHA256 = '20f7f367f9cb8beca7ce1ba980fafa870863245f27fea48b971859a8cb47eb09']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-03-06T21:35:18Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--a639913d-e8d7-4320-a6a4-b2e29a828317" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-03-06T21:35:16.000Z" ,
"modified" : "2018-03-06T21:35:16.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/20f7f367f9cb8beca7ce1ba980fafa870863245f27fea48b971859a8cb47eb09/analysis/1498159435/" ,
"category" : "External analysis" ,
"comment" : "TSCookie" ,
"uuid" : "5a9f0994-c388-4d6a-8843-480b02de0b81"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "41/62" ,
"category" : "Other" ,
"comment" : "TSCookie" ,
"uuid" : "5a9f0994-2c34-4ac3-ab63-4a4a02de0b81"
} ,
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2017-06-22T19:23:55" ,
"category" : "Other" ,
"comment" : "TSCookie" ,
"uuid" : "5a9f0995-2a3c-4213-861e-465902de0b81"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--e43ff2d1-04eb-4e81-a78a-c43bdef5e095" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-03-06T21:35:20.000Z" ,
"modified" : "2018-03-06T21:35:20.000Z" ,
"pattern" : "[file:hashes.MD5 = '8a99dd73d756a7a82de5cf1f86394a8c' AND file:hashes.SHA1 = '07e81725263f2fbc0002b8ba4b68a86dd14a5fa2' AND file:hashes.SHA256 = '2bd13d63797864a70b775bd1994016f5052dc8fd1fd83ce1c13234b5d304330d']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-03-06T21:35:20Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--2b595ed2-fe4e-4804-9dbb-2598290e9956" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-03-06T21:35:18.000Z" ,
"modified" : "2018-03-06T21:35:18.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/2bd13d63797864a70b775bd1994016f5052dc8fd1fd83ce1c13234b5d304330d/analysis/1520360770/" ,
"category" : "External analysis" ,
"comment" : "TSCookieRAT" ,
"uuid" : "5a9f0997-bb3c-48b1-baee-462b02de0b81"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "12/64" ,
"category" : "Other" ,
"comment" : "TSCookieRAT" ,
"uuid" : "5a9f0997-d33c-4c50-8e9d-487702de0b81"
} ,
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2018-03-06T18:26:10" ,
"category" : "Other" ,
"comment" : "TSCookieRAT" ,
"uuid" : "5a9f0997-7a2c-4614-9c3c-45af02de0b81"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--8d204442-f8c7-4b2a-9884-70a9f9f899cf" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-03-06T21:35:23.000Z" ,
"modified" : "2018-03-06T21:35:23.000Z" ,
"pattern" : "[file:hashes.MD5 = '7f92dab9133fb818b807aefe6d09cc1c' AND file:hashes.SHA1 = 'b8e13908d04c9e538254595ea5889ba287da04e6' AND file:hashes.SHA256 = '39d7d764405b9c613dff6da4909d9bc46620beee7a7913c4666acf9e76a171e4']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-03-06T21:35:23Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--681a90c5-a2ba-433f-a93b-1520613dd75d" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-03-06T21:35:21.000Z" ,
"modified" : "2018-03-06T21:35:21.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/39d7d764405b9c613dff6da4909d9bc46620beee7a7913c4666acf9e76a171e4/analysis/1520362132/" ,
"category" : "External analysis" ,
"comment" : "TSCookie" ,
"uuid" : "5a9f0999-6888-4317-a1e4-407602de0b81"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "36/67" ,
"category" : "Other" ,
"comment" : "TSCookie" ,
"uuid" : "5a9f099a-617c-4899-a80c-429c02de0b81"
} ,
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2018-03-06T18:48:52" ,
"category" : "Other" ,
"comment" : "TSCookie" ,
"uuid" : "5a9f099a-5ac8-410b-b3af-410402de0b81"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--8a842ea1-d356-49dd-99b4-f47f9b575563" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-03-06T21:35:25.000Z" ,
"modified" : "2018-03-06T21:35:25.000Z" ,
"pattern" : "[file:hashes.MD5 = '9c1f66b9db71396f4e746c8dcdbad17e' AND file:hashes.SHA1 = '9deac7031408047293f409752337fe0d2a18b1db' AND file:hashes.SHA256 = '06a9c71342eeb14b7e8871f77524e8acc7b86670411b854fa7f6f57c918ffd2b']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-03-06T21:35:25Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--f35218de-6d10-41e4-96a8-3dbeb7b22de5" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-03-06T21:35:24.000Z" ,
"modified" : "2018-03-06T21:35:24.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/06a9c71342eeb14b7e8871f77524e8acc7b86670411b854fa7f6f57c918ffd2b/analysis/1520335768/" ,
"category" : "External analysis" ,
"comment" : "TSCookie" ,
"uuid" : "5a9f099c-44ec-4f90-8f4d-40e102de0b81"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "31/66" ,
"category" : "Other" ,
"comment" : "TSCookie" ,
"uuid" : "5a9f099c-c540-45bd-85de-4f5702de0b81"
} ,
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2018-03-06T11:29:28" ,
"category" : "Other" ,
"comment" : "TSCookie" ,
"uuid" : "5a9f099c-0b84-4ee7-b7df-46ef02de0b81"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--25716f26-fcc8-42ae-aeae-c77a4888fbc6" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-03-06T21:35:28.000Z" ,
"modified" : "2018-03-06T21:35:28.000Z" ,
"pattern" : "[file:hashes.MD5 = 'e8b4a73a2f661df4b1970af81028cb03' AND file:hashes.SHA1 = '92d5a58258ecd219d36d066e379e4eeab19ae1eb' AND file:hashes.SHA256 = '0683437aebd980c395a83e837a6056df1a21e137e875f234d1ed9f9a91dfdc7f']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-03-06T21:35:28Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--d96b1e48-4f58-4696-9a98-49ed44cdac9f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-03-06T21:35:26.000Z" ,
"modified" : "2018-03-06T21:35:26.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/0683437aebd980c395a83e837a6056df1a21e137e875f234d1ed9f9a91dfdc7f/analysis/1520362128/" ,
"category" : "External analysis" ,
"comment" : "TSCookie" ,
"uuid" : "5a9f099e-8d24-46f5-b61f-425e02de0b81"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "36/67" ,
"category" : "Other" ,
"comment" : "TSCookie" ,
"uuid" : "5a9f099f-0b78-473b-bdc3-48d702de0b81"
} ,
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2018-03-06T18:48:48" ,
"category" : "Other" ,
"comment" : "TSCookie" ,
"uuid" : "5a9f099f-14fc-4207-b9b6-49c302de0b81"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--29d1ffdf-3772-44a5-b7c8-df4d06771fa9" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-03-06T21:35:30.000Z" ,
"modified" : "2018-03-06T21:35:30.000Z" ,
"pattern" : "[file:hashes.MD5 = 'c6cd766b34472a34bc53093acf161540' AND file:hashes.SHA1 = 'a7718ce26da62a89d25e865fee26875d93844412' AND file:hashes.SHA256 = '1da9b4a84041b8c72dad9626db822486ce47b9a3ab6b36c41b0637cd1f6444d6']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-03-06T21:35:30Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--b96da205-17e7-4eb9-a984-ea2bd87809d8" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-03-06T21:35:30.000Z" ,
"modified" : "2018-03-06T21:35:30.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/1da9b4a84041b8c72dad9626db822486ce47b9a3ab6b36c41b0637cd1f6444d6/analysis/1516592885/" ,
"category" : "External analysis" ,
"comment" : "TSCookie" ,
"uuid" : "5a9f09a2-8a10-4929-ab54-43bd02de0b81"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "38/64" ,
"category" : "Other" ,
"comment" : "TSCookie" ,
"uuid" : "5a9f09a2-59f4-4e80-a733-465102de0b81"
} ,
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2018-01-22T03:48:05" ,
"category" : "Other" ,
"comment" : "TSCookie" ,
"uuid" : "5a9f09a2-e22c-4700-8474-4cda02de0b81"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--1db6bd91-44d8-4f89-829f-8cb6b5db212a" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-03-06T21:35:34.000Z" ,
"modified" : "2018-03-06T21:35:34.000Z" ,
"pattern" : "[file:hashes.MD5 = 'ac7a5d7d094beeb0022ebd4123fe7814' AND file:hashes.SHA1 = 'ba26c6c7ab2cf92c10df3a13a5f9d1f96111a201' AND file:hashes.SHA256 = '5443ee54a532846da3182630e2bb031f54825025700bcd5f0e34802e7345c7b2']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-03-06T21:35:34Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--f1ac3050-0bd8-4a7a-8cfa-2080afcb1f66" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-03-06T21:35:32.000Z" ,
"modified" : "2018-03-06T21:35:32.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/5443ee54a532846da3182630e2bb031f54825025700bcd5f0e34802e7345c7b2/analysis/1510087341/" ,
"category" : "External analysis" ,
"comment" : "TSCookie" ,
"uuid" : "5a9f09a4-4c58-46bc-bca2-4d3802de0b81"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "36/68" ,
"category" : "Other" ,
"comment" : "TSCookie" ,
"uuid" : "5a9f09a5-9b74-4caa-9800-470e02de0b81"
} ,
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2017-11-07T20:42:21" ,
"category" : "Other" ,
"comment" : "TSCookie" ,
"uuid" : "5a9f09a5-4668-48d2-a8bc-4e0002de0b81"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--a38e103b-a56d-4858-8488-8c9479a4331d" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-03-06T21:35:36.000Z" ,
"modified" : "2018-03-06T21:35:36.000Z" ,
"pattern" : "[file:hashes.MD5 = '1d6d1b6cd719f0346760b5be8fe4e236' AND file:hashes.SHA1 = 'a1304ba55b4d42e37d794baae325b727d4d381ec' AND file:hashes.SHA256 = 'cdf0e4c415eb55bccb43a650e330348b63bc3cbb53f71a215c44ede939b4b830']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-03-06T21:35:36Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--db938fa0-64a1-4a36-813b-aa7f8b59fd61" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-03-06T21:35:35.000Z" ,
"modified" : "2018-03-06T21:35:35.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/cdf0e4c415eb55bccb43a650e330348b63bc3cbb53f71a215c44ede939b4b830/analysis/1520362125/" ,
"category" : "External analysis" ,
"comment" : "TSCookie" ,
"uuid" : "5a9f09a7-8658-41e0-9b86-480b02de0b81"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "43/66" ,
"category" : "Other" ,
"comment" : "TSCookie" ,
"uuid" : "5a9f09a7-be1c-4a49-88fd-4dff02de0b81"
} ,
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2018-03-06T18:48:45" ,
"category" : "Other" ,
"comment" : "TSCookie" ,
"uuid" : "5a9f09a7-1150-41ca-b196-45e802de0b81"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--77982af4-a238-4e51-a92d-a9e271694920" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-03-06T21:35:39.000Z" ,
"modified" : "2018-03-06T21:35:39.000Z" ,
"pattern" : "[file:hashes.MD5 = 'eb67c8be4b0cbbf073e7361d314d28d3' AND file:hashes.SHA1 = '8744e49f4d774e96b90caa84ef03f3bb47fffd47' AND file:hashes.SHA256 = '203c924cd274d052e8e95246d31bd168f3d8a0700a774c98eff882c8b8399a2f']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-03-06T21:35:39Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--52dd0d58-fe73-465e-a936-b20e24fee56c" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-03-06T21:35:37.000Z" ,
"modified" : "2018-03-06T21:35:37.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/203c924cd274d052e8e95246d31bd168f3d8a0700a774c98eff882c8b8399a2f/analysis/1520359741/" ,
"category" : "External analysis" ,
"comment" : "TSCookie" ,
"uuid" : "5a9f09a9-4e20-4e98-a862-419302de0b81"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "43/65" ,
"category" : "Other" ,
"comment" : "TSCookie" ,
"uuid" : "5a9f09aa-3d20-41f7-b52a-4a6a02de0b81"
} ,
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2018-03-06T18:09:01" ,
"category" : "Other" ,
"comment" : "TSCookie" ,
"uuid" : "5a9f09aa-3fa4-4bd0-8bac-419902de0b81"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--33a3808e-af5d-4539-9c3b-3df320a56a3a" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-03-06T21:35:41.000Z" ,
"modified" : "2018-03-06T21:35:41.000Z" ,
"pattern" : "[file:hashes.MD5 = '263fcd049ac2bfff425846e6c2cd6818' AND file:hashes.SHA1 = '955b746b8dbee47a4fb6f9a8248539ad5eab9c3c' AND file:hashes.SHA256 = '0debbcc297cb8f9b81c8c217e748122243562357297b63749c3847af3b7fd646']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-03-06T21:35:41Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--7b891a38-71ed-4ee6-b826-e3fb43321a32" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-03-06T21:35:40.000Z" ,
"modified" : "2018-03-06T21:35:40.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/0debbcc297cb8f9b81c8c217e748122243562357297b63749c3847af3b7fd646/analysis/1490842588/" ,
"category" : "External analysis" ,
"comment" : "TSCookie" ,
"uuid" : "5a9f09ac-1e70-430c-80b6-403002de0b81"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "33/60" ,
"category" : "Other" ,
"comment" : "TSCookie" ,
"uuid" : "5a9f09ac-636c-42e1-b365-47c602de0b81"
} ,
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2017-03-30T02:56:28" ,
"category" : "Other" ,
"comment" : "TSCookie" ,
"uuid" : "5a9f09ac-b4f0-486c-8479-457702de0b81"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--24c2101e-dbd2-4110-b7a0-9c7d27a6475a" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-03-06T21:35:44.000Z" ,
"modified" : "2018-03-06T21:35:44.000Z" ,
"pattern" : "[file:hashes.MD5 = 'bbc5d571955bd8fc9f17bb85db44069a' AND file:hashes.SHA1 = '62a693f5e4f92ccb5a2821239efbe5bd792a46cd' AND file:hashes.SHA256 = 'e451a1e05c0cc363a185a98819cd2af421ac87154702bf72007ecc0134c7f417']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-03-06T21:35:44Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--86912550-75fc-4676-93f0-1d260ded8156" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-03-06T21:35:42.000Z" ,
"modified" : "2018-03-06T21:35:42.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/e451a1e05c0cc363a185a98819cd2af421ac87154702bf72007ecc0134c7f417/analysis/1520360971/" ,
"category" : "External analysis" ,
"comment" : "TSCookie" ,
"uuid" : "5a9f09af-400c-426c-a6c2-406e02de0b81"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "13/66" ,
"category" : "Other" ,
"comment" : "TSCookie" ,
"uuid" : "5a9f09af-c9d4-46bf-9a24-4a1902de0b81"
} ,
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2018-03-06T18:29:31" ,
"category" : "Other" ,
"comment" : "TSCookie" ,
"uuid" : "5a9f09af-42fc-428c-83d9-42c802de0b81"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--e0a2f3da-2d01-429d-a2d0-fdd5261fdd56" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-03-06T21:35:46.000Z" ,
"modified" : "2018-03-06T21:35:46.000Z" ,
"pattern" : "[file:hashes.MD5 = '66a48063fefd7388017549045ce61dff' AND file:hashes.SHA1 = '429abbbdc4f0746b775858ac965827e4e5274884' AND file:hashes.SHA256 = '6d2f5675630d0dae65a796ac624fb90f42f35fbe5dec2ec8f4adce5ebfaabf75']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-03-06T21:35:46Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--04590309-e5c6-4057-8f0b-19d0a3daae99" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-03-06T21:35:45.000Z" ,
"modified" : "2018-03-06T21:35:45.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/6d2f5675630d0dae65a796ac624fb90f42f35fbe5dec2ec8f4adce5ebfaabf75/analysis/1518051176/" ,
"category" : "External analysis" ,
"comment" : "TSCookie" ,
"uuid" : "5a9f09b1-622c-41c0-9107-4d5002de0b81"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "44/68" ,
"category" : "Other" ,
"comment" : "TSCookie" ,
"uuid" : "5a9f09b1-ab88-4ddf-a203-44d002de0b81"
} ,
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2018-02-08T00:52:56" ,
"category" : "Other" ,
"comment" : "TSCookie" ,
"uuid" : "5a9f09b1-19bc-4aa4-9048-401002de0b81"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--6f8ea264-b4a9-4c73-a996-75ac4ca9b418" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-03-06T21:35:49.000Z" ,
"modified" : "2018-03-06T21:35:49.000Z" ,
"pattern" : "[file:hashes.MD5 = '80954b330883569635f83f396f551093' AND file:hashes.SHA1 = 'ba589df6acc303ded7265779c2229b29de067994' AND file:hashes.SHA256 = '1fa7cbe57eedea0ebc8eb37b91e7536c07be7da7775a6c01e5b14489387b9ca8']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-03-06T21:35:49Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--19b68e1f-fc3f-4dac-8aba-1f63f27d9fef" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-03-06T21:35:47.000Z" ,
"modified" : "2018-03-06T21:35:47.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/1fa7cbe57eedea0ebc8eb37b91e7536c07be7da7775a6c01e5b14489387b9ca8/analysis/1498833607/" ,
"category" : "External analysis" ,
"comment" : "TSCookie" ,
"uuid" : "5a9f09b3-c008-447c-92ab-407a02de0b81"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "43/61" ,
"category" : "Other" ,
"comment" : "TSCookie" ,
"uuid" : "5a9f09b4-c174-4213-91a2-45cc02de0b81"
} ,
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2017-06-30T14:40:07" ,
"category" : "Other" ,
"comment" : "TSCookie" ,
"uuid" : "5a9f09b4-acf8-4cfa-9368-435b02de0b81"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5e18fe15-a21c-40bd-b25f-9f5e89410a20" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-03-06T21:35:51.000Z" ,
"modified" : "2018-03-06T21:35:51.000Z" ,
"pattern" : "[file:hashes.MD5 = '6b120a47b2a198d45bae677dc6b4078e' AND file:hashes.SHA1 = '7047f44487a8ddb5349ca892da7d100ca5cb8e2e' AND file:hashes.SHA256 = '12b0f1337bda78f8a7963d2744668854d81e1f1b64790b74d486281bc54e6647']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-03-06T21:35:51Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--ec86284c-3541-494f-aae4-66d72ccb9f61" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-03-06T21:35:50.000Z" ,
"modified" : "2018-03-06T21:35:50.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/12b0f1337bda78f8a7963d2744668854d81e1f1b64790b74d486281bc54e6647/analysis/1520362130/" ,
"category" : "External analysis" ,
"comment" : "TSCookie" ,
"uuid" : "5a9f09b6-cb94-4266-add5-456e02de0b81"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "37/65" ,
"category" : "Other" ,
"comment" : "TSCookie" ,
"uuid" : "5a9f09b6-cd14-4668-bfd1-403702de0b81"
} ,
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2018-03-06T18:48:50" ,
"category" : "Other" ,
"comment" : "TSCookie" ,
"uuid" : "5a9f09b7-a2d4-446d-8f53-443302de0b81"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--4f7f4a20-8183-452b-b43d-5e56ae0703ee" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-03-06T21:35:54.000Z" ,
"modified" : "2018-03-06T21:35:54.000Z" ,
"pattern" : "[file:hashes.MD5 = 'b050f044f26ed93ae573633934fd2135' AND file:hashes.SHA1 = '882ba94123daf56410c8863ed287b1e9bb366307' AND file:hashes.SHA256 = 'f16befd79b7f8ffdaf934ef337a91a5f1dc6da54c4b2bee5fe7a0eb38e8af39e']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-03-06T21:35:54Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--9b33f48e-da51-4027-9ba3-828e393d71d0" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-03-06T21:35:52.000Z" ,
"modified" : "2018-03-06T21:35:52.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/f16befd79b7f8ffdaf934ef337a91a5f1dc6da54c4b2bee5fe7a0eb38e8af39e/analysis/1498812788/" ,
"category" : "External analysis" ,
"comment" : "TSCookie" ,
"uuid" : "5a9f09b8-0900-4098-9b98-4c5e02de0b81"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "33/61" ,
"category" : "Other" ,
"comment" : "TSCookie" ,
"uuid" : "5a9f09b9-5da4-4169-987b-414d02de0b81"
} ,
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2017-06-30T08:53:08" ,
"category" : "Other" ,
"comment" : "TSCookie" ,
"uuid" : "5a9f09b9-9c1c-493b-9d3b-449202de0b81"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--9c952bd8-be45-416a-8a4c-8cb1a3587b43" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-03-06T21:35:56.000Z" ,
"modified" : "2018-03-06T21:35:56.000Z" ,
"pattern" : "[file:hashes.MD5 = '49243b0142ef1a604dad88a6ad98ec0a' AND file:hashes.SHA1 = 'd1289aa419f16a382af06aaf1c81fbf18f712483' AND file:hashes.SHA256 = '4a8237f9ecdad3b51ffd00d769e23f61f1e791f998d1959ad9b61d53ea306c09']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-03-06T21:35:56Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--54b5178b-08da-4117-a5c0-93e27f27cd89" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-03-06T21:35:55.000Z" ,
"modified" : "2018-03-06T21:35:55.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/4a8237f9ecdad3b51ffd00d769e23f61f1e791f998d1959ad9b61d53ea306c09/analysis/1477675906/" ,
"category" : "External analysis" ,
"comment" : "TSCookie" ,
"uuid" : "5a9f09bb-5098-45ea-8841-4f1202de0b81"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "38/57" ,
"category" : "Other" ,
"comment" : "TSCookie" ,
"uuid" : "5a9f09bb-d668-4914-aeea-4c8c02de0b81"
} ,
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2016-10-28T17:31:46" ,
"category" : "Other" ,
"comment" : "TSCookie" ,
"uuid" : "5a9f09bb-84c0-4979-ac00-46f802de0b81"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--86b54c18-f08b-4699-abd4-13467a486427" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-03-06T21:35:59.000Z" ,
"modified" : "2018-03-06T21:35:59.000Z" ,
"pattern" : "[file:hashes.MD5 = 'edd052b476be6aab5b3e9a83461ab51b' AND file:hashes.SHA1 = 'b9a610dbbb58f6411fdbcae30dfe9b895bcf6969' AND file:hashes.SHA256 = '201bf3cd2a723d6c728d18a9e41ff038549eac8406f453c5197a1a7b45998673']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-03-06T21:35:59Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--9d152d94-b595-467c-856b-1d3d6875232f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-03-06T21:35:57.000Z" ,
"modified" : "2018-03-06T21:35:57.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/201bf3cd2a723d6c728d18a9e41ff038549eac8406f453c5197a1a7b45998673/analysis/1520359681/" ,
"category" : "External analysis" ,
"comment" : "TSCookie" ,
"uuid" : "5a9f09bd-133c-4476-a80d-4bda02de0b81"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "35/66" ,
"category" : "Other" ,
"comment" : "TSCookie" ,
"uuid" : "5a9f09be-d574-4d4e-8d77-4be402de0b81"
} ,
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2018-03-06T18:08:01" ,
"category" : "Other" ,
"comment" : "TSCookie" ,
"uuid" : "5a9f09be-6040-4402-b102-44e802de0b81"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--01fac250-d6a8-4c3a-aa84-f6e03afeed0c" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-03-06T21:36:01.000Z" ,
"modified" : "2018-03-06T21:36:01.000Z" ,
"pattern" : "[file:hashes.MD5 = '55cf79bfd02b0cf36a524e7b813b686b' AND file:hashes.SHA1 = 'aec7648baac16b12c88e93e7320cb6d18ea214b1' AND file:hashes.SHA256 = '17f1996ad7e602bd2a7e9524d7d70ee8588dac51469b08017df9aaaca09d8dd9']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-03-06T21:36:01Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--9837ef09-06e8-4e9b-b16f-c5cda02cb39f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-03-06T21:36:00.000Z" ,
"modified" : "2018-03-06T21:36:00.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/17f1996ad7e602bd2a7e9524d7d70ee8588dac51469b08017df9aaaca09d8dd9/analysis/1511951739/" ,
"category" : "External analysis" ,
"comment" : "TSCookie" ,
"uuid" : "5a9f09c0-91a0-4761-9d62-45e402de0b81"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "43/68" ,
"category" : "Other" ,
"comment" : "TSCookie" ,
"uuid" : "5a9f09c0-6634-4d1f-b093-40e402de0b81"
} ,
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2017-11-29T10:35:39" ,
"category" : "Other" ,
"comment" : "TSCookie" ,
"uuid" : "5a9f09c0-34d8-4fd0-9214-473002de0b81"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2023-12-14 14:30:15 +00:00
"id" : "relationship--757ab3ab-408f-461d-9ebf-7bd0b4121891" ,
2023-04-21 14:44:17 +00:00
"created" : "2018-03-06T21:36:00.000Z" ,
"modified" : "2018-03-06T21:36:00.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "indicator--4402d608-b363-4916-ba54-30959e6890fc" ,
"target_ref" : "x-misp-object--78256e1f-0a28-49e0-bfda-af70c4adead1"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2023-12-14 14:30:15 +00:00
"id" : "relationship--c0fba675-7494-49a6-8ac8-8b43b3296bdd" ,
2023-04-21 14:44:17 +00:00
"created" : "2018-03-06T21:36:01.000Z" ,
"modified" : "2018-03-06T21:36:01.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "indicator--2d88ca86-0874-436c-9e4b-2604837db69a" ,
"target_ref" : "x-misp-object--797f034d-87f8-49b0-9e2a-310e7fe4c58b"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2023-12-14 14:30:15 +00:00
"id" : "relationship--5ddd5c28-b8ed-4a85-b263-e7bf1947359e" ,
2023-04-21 14:44:17 +00:00
"created" : "2018-03-06T21:36:01.000Z" ,
"modified" : "2018-03-06T21:36:01.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "indicator--3f5a42ce-8371-4465-bfed-c336ae0003d9" ,
"target_ref" : "x-misp-object--32f8255d-4249-4e93-9843-e858724387ec"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2023-12-14 14:30:15 +00:00
"id" : "relationship--667be796-a680-47cd-86fb-96680633dac2" ,
2023-04-21 14:44:17 +00:00
"created" : "2018-03-06T21:36:01.000Z" ,
"modified" : "2018-03-06T21:36:01.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "indicator--9916cd8b-7200-4bc9-8f29-6c89e83c029d" ,
"target_ref" : "x-misp-object--ba5f68f7-1759-4d5f-a585-57971978154a"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2023-12-14 14:30:15 +00:00
"id" : "relationship--109f5993-c01d-4adc-863a-6a5a7662b11e" ,
2023-04-21 14:44:17 +00:00
"created" : "2018-03-06T21:36:01.000Z" ,
"modified" : "2018-03-06T21:36:01.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "indicator--621c93ce-a15f-475c-bd9c-f0a2c5392422" ,
"target_ref" : "x-misp-object--a639913d-e8d7-4320-a6a4-b2e29a828317"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2023-12-14 14:30:15 +00:00
"id" : "relationship--7cdd3896-7504-491a-ac29-43ef53c6ee16" ,
2023-04-21 14:44:17 +00:00
"created" : "2018-03-06T21:36:01.000Z" ,
"modified" : "2018-03-06T21:36:01.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "indicator--e43ff2d1-04eb-4e81-a78a-c43bdef5e095" ,
"target_ref" : "x-misp-object--2b595ed2-fe4e-4804-9dbb-2598290e9956"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2023-12-14 14:30:15 +00:00
"id" : "relationship--b21e7fd4-c97f-4e1a-a040-bd950a2af406" ,
2023-04-21 14:44:17 +00:00
"created" : "2018-03-06T21:36:01.000Z" ,
"modified" : "2018-03-06T21:36:01.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "indicator--8d204442-f8c7-4b2a-9884-70a9f9f899cf" ,
"target_ref" : "x-misp-object--681a90c5-a2ba-433f-a93b-1520613dd75d"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2023-12-14 14:30:15 +00:00
"id" : "relationship--7dd2e7d8-df75-457f-8519-44ad942f1c30" ,
2023-04-21 14:44:17 +00:00
"created" : "2018-03-06T21:36:01.000Z" ,
"modified" : "2018-03-06T21:36:01.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "indicator--8a842ea1-d356-49dd-99b4-f47f9b575563" ,
"target_ref" : "x-misp-object--f35218de-6d10-41e4-96a8-3dbeb7b22de5"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2023-12-14 14:30:15 +00:00
"id" : "relationship--b10599b5-de7b-47f9-b78c-f61ea7822351" ,
2023-04-21 14:44:17 +00:00
"created" : "2018-03-06T21:36:01.000Z" ,
"modified" : "2018-03-06T21:36:01.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "indicator--25716f26-fcc8-42ae-aeae-c77a4888fbc6" ,
"target_ref" : "x-misp-object--d96b1e48-4f58-4696-9a98-49ed44cdac9f"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2023-12-14 14:30:15 +00:00
"id" : "relationship--0082f4f4-a969-433f-9233-38f9f9265ee9" ,
2023-04-21 14:44:17 +00:00
"created" : "2018-03-06T21:36:02.000Z" ,
"modified" : "2018-03-06T21:36:02.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "indicator--29d1ffdf-3772-44a5-b7c8-df4d06771fa9" ,
"target_ref" : "x-misp-object--b96da205-17e7-4eb9-a984-ea2bd87809d8"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2023-12-14 14:30:15 +00:00
"id" : "relationship--5f8bc041-3581-4e31-84d1-8fc8c23c2b40" ,
2023-04-21 14:44:17 +00:00
"created" : "2018-03-06T21:36:02.000Z" ,
"modified" : "2018-03-06T21:36:02.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "indicator--1db6bd91-44d8-4f89-829f-8cb6b5db212a" ,
"target_ref" : "x-misp-object--f1ac3050-0bd8-4a7a-8cfa-2080afcb1f66"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2023-12-14 14:30:15 +00:00
"id" : "relationship--32d1aa76-2981-4448-a070-5e4bb5d747e3" ,
2023-04-21 14:44:17 +00:00
"created" : "2018-03-06T21:36:02.000Z" ,
"modified" : "2018-03-06T21:36:02.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "indicator--a38e103b-a56d-4858-8488-8c9479a4331d" ,
"target_ref" : "x-misp-object--db938fa0-64a1-4a36-813b-aa7f8b59fd61"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2023-12-14 14:30:15 +00:00
"id" : "relationship--eb9809cf-6f4f-475f-9b64-2913893816d4" ,
2023-04-21 14:44:17 +00:00
"created" : "2018-03-06T21:36:02.000Z" ,
"modified" : "2018-03-06T21:36:02.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "indicator--77982af4-a238-4e51-a92d-a9e271694920" ,
"target_ref" : "x-misp-object--52dd0d58-fe73-465e-a936-b20e24fee56c"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2023-12-14 14:30:15 +00:00
"id" : "relationship--504c4205-a674-4b4f-9ded-7b04a57fe31b" ,
2023-04-21 14:44:17 +00:00
"created" : "2018-03-06T21:36:02.000Z" ,
"modified" : "2018-03-06T21:36:02.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "indicator--33a3808e-af5d-4539-9c3b-3df320a56a3a" ,
"target_ref" : "x-misp-object--7b891a38-71ed-4ee6-b826-e3fb43321a32"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2023-12-14 14:30:15 +00:00
"id" : "relationship--9b2109ae-cc3d-4609-8d49-cc7305ca370b" ,
2023-04-21 14:44:17 +00:00
"created" : "2018-03-06T21:36:03.000Z" ,
"modified" : "2018-03-06T21:36:03.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "indicator--24c2101e-dbd2-4110-b7a0-9c7d27a6475a" ,
"target_ref" : "x-misp-object--86912550-75fc-4676-93f0-1d260ded8156"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2023-12-14 14:30:15 +00:00
"id" : "relationship--fc2fcc79-11c5-49db-8c82-898d5c9504dc" ,
2023-04-21 14:44:17 +00:00
"created" : "2018-03-06T21:36:03.000Z" ,
"modified" : "2018-03-06T21:36:03.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "indicator--e0a2f3da-2d01-429d-a2d0-fdd5261fdd56" ,
"target_ref" : "x-misp-object--04590309-e5c6-4057-8f0b-19d0a3daae99"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2023-12-14 14:30:15 +00:00
"id" : "relationship--1f01a3dd-6c0e-41ff-bfed-5c9d5584edb1" ,
2023-04-21 14:44:17 +00:00
"created" : "2018-03-06T21:36:03.000Z" ,
"modified" : "2018-03-06T21:36:03.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "indicator--6f8ea264-b4a9-4c73-a996-75ac4ca9b418" ,
"target_ref" : "x-misp-object--19b68e1f-fc3f-4dac-8aba-1f63f27d9fef"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2023-12-14 14:30:15 +00:00
"id" : "relationship--f01adb78-6ff2-4382-82c5-a2747a73bec7" ,
2023-04-21 14:44:17 +00:00
"created" : "2018-03-06T21:36:03.000Z" ,
"modified" : "2018-03-06T21:36:03.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "indicator--5e18fe15-a21c-40bd-b25f-9f5e89410a20" ,
"target_ref" : "x-misp-object--ec86284c-3541-494f-aae4-66d72ccb9f61"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2023-12-14 14:30:15 +00:00
"id" : "relationship--8388c68a-909f-4e88-a8b3-4cfe0a76cd1e" ,
2023-04-21 14:44:17 +00:00
"created" : "2018-03-06T21:36:03.000Z" ,
"modified" : "2018-03-06T21:36:03.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "indicator--4f7f4a20-8183-452b-b43d-5e56ae0703ee" ,
"target_ref" : "x-misp-object--9b33f48e-da51-4027-9ba3-828e393d71d0"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2023-12-14 14:30:15 +00:00
"id" : "relationship--604a7624-2043-4cfe-b9fb-874290697e85" ,
2023-04-21 14:44:17 +00:00
"created" : "2018-03-06T21:36:03.000Z" ,
"modified" : "2018-03-06T21:36:03.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "indicator--9c952bd8-be45-416a-8a4c-8cb1a3587b43" ,
"target_ref" : "x-misp-object--54b5178b-08da-4117-a5c0-93e27f27cd89"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2023-12-14 14:30:15 +00:00
"id" : "relationship--9dbca8f7-b0d9-4679-8aa0-7308538f866f" ,
2023-04-21 14:44:17 +00:00
"created" : "2018-03-06T21:36:03.000Z" ,
"modified" : "2018-03-06T21:36:03.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "indicator--86b54c18-f08b-4699-abd4-13467a486427" ,
"target_ref" : "x-misp-object--9d152d94-b595-467c-856b-1d3d6875232f"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2023-12-14 14:30:15 +00:00
"id" : "relationship--8e09cee6-c923-4dc7-bc72-fa0eddb0aaf6" ,
2023-04-21 14:44:17 +00:00
"created" : "2018-03-06T21:36:03.000Z" ,
"modified" : "2018-03-06T21:36:03.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "indicator--01fac250-d6a8-4c3a-aa84-f6e03afeed0c" ,
"target_ref" : "x-misp-object--9837ef09-06e8-4e9b-b16f-c5cda02cb39f"
} ,
{
"type" : "marking-definition" ,
"spec_version" : "2.1" ,
"id" : "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ,
"created" : "2017-01-20T00:00:00.000Z" ,
"definition_type" : "tlp" ,
"name" : "TLP:WHITE" ,
"definition" : {
"tlp" : "white"
}
}
]
}