2023-04-21 14:44:17 +00:00
{
"type" : "bundle" ,
"id" : "bundle--5b325da8-0434-48ad-8b27-48de950d210f" ,
"objects" : [
{
"type" : "identity" ,
"spec_version" : "2.1" ,
"id" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-07-03T09:28:06.000Z" ,
"modified" : "2018-07-03T09:28:06.000Z" ,
"name" : "CIRCL" ,
"identity_class" : "organization"
} ,
{
"type" : "report" ,
"spec_version" : "2.1" ,
"id" : "report--5b325da8-0434-48ad-8b27-48de950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-07-03T09:28:06.000Z" ,
"modified" : "2018-07-03T09:28:06.000Z" ,
"name" : "OSINT - RANCOR: Targeted Attacks in South East Asia Using PLAINTEE and DDKONG Malware Families" ,
"published" : "2018-07-03T09:28:49Z" ,
"object_refs" : [
"x-misp-attribute--5b325dc2-90c0-4944-9e86-4072950d210f" ,
"observed-data--5b325dd5-5a74-419b-bc1a-41d7950d210f" ,
"url--5b325dd5-5a74-419b-bc1a-41d7950d210f" ,
"indicator--5b3344db-0f88-4bec-b454-422a950d210f" ,
"indicator--5b3344dc-bedc-4624-8b60-4f7b950d210f" ,
"indicator--5b334872-9e80-4ce8-80c8-49df950d210f" ,
"observed-data--5b334b13-a7cc-48de-9517-4db9950d210f" ,
"mutex--5b334b13-a7cc-48de-9517-4db9950d210f" ,
"observed-data--5b334b5e-3568-42d1-98f3-4f63950d210f" ,
"mutex--5b334b5e-3568-42d1-98f3-4f63950d210f" ,
"indicator--5b33515d-58b4-42bd-9440-4d80950d210f" ,
"indicator--5b33515e-eef0-41af-82e3-4542950d210f" ,
"indicator--5b33515f-86a4-4d15-81eb-4878950d210f" ,
"indicator--5b33515f-a7e4-455a-83e1-41af950d210f" ,
"indicator--5b335160-6560-4bbf-b10a-47c9950d210f" ,
"indicator--5b3353b3-0db4-4cbf-a6a8-4578950d210f" ,
"indicator--5b3353b4-8968-45b6-9874-4b21950d210f" ,
"indicator--5b3353b5-a744-4a97-99f1-4219950d210f" ,
"indicator--5b3353b5-c0b8-468f-b5b7-4156950d210f" ,
"indicator--5b3353b6-6d70-4c7d-ad9e-40bc950d210f" ,
"indicator--5b3353b6-ea54-49bb-8b4d-42bf950d210f" ,
"indicator--5b3353b6-d9c4-4e9a-bfbf-41ad950d210f" ,
"indicator--5b3353b7-7b08-4e4c-9806-4b78950d210f" ,
"indicator--5b333f9d-538c-44ae-af71-405a950d210f" ,
"indicator--5b333fcb-7060-4d26-8dc5-4970950d210f" ,
"indicator--5b334422-f2f8-4b4e-8873-47b4950d210f" ,
"indicator--5b3349f9-6a74-42cd-a80f-4c15950d210f" ,
"indicator--5b335268-0f64-4354-a783-4b2d950d210f" ,
"indicator--5b335279-2d7c-47dd-a880-40af950d210f" ,
"indicator--5b3352a3-669c-429e-93c5-4079950d210f" ,
"indicator--5b3352bb-b844-43d1-ad06-4b7f950d210f" ,
"indicator--5b3352e8-2f2c-4dbd-9eff-457f950d210f" ,
"indicator--5b3352f9-5c88-4d97-b859-4b93950d210f" ,
"indicator--5b33530d-aa10-4f2b-b024-449f950d210f" ,
"indicator--5b3354cd-2058-4b73-9df3-4133950d210f" ,
"indicator--5b3354fd-c4c4-482f-a3e3-4bdb950d210f" ,
"indicator--5b335b27-0e54-43fb-970a-4c73950d210f" ,
"indicator--5b335c5b-9a8c-4f72-a350-4591950d210f" ,
"indicator--5b338cf5-09c4-49a2-9488-6911950d210f" ,
"indicator--5b338d23-d4e0-4283-b2a1-6911950d210f" ,
"indicator--5b338d3d-b4a8-4b78-9ec1-6911950d210f" ,
"x-misp-object--48ba6e13-09f5-446b-9696-dd43ff1924a7" ,
"x-misp-object--3b010446-7afc-4607-bdf2-7d1e0f550f4a" ,
"x-misp-object--2191df90-0868-4154-9da7-ebb1fc04afb8" ,
"x-misp-object--4b87e0fc-b38b-40a1-bb46-402498c0e827" ,
"x-misp-object--56bba473-0d45-4b8c-8d1d-b722ebc2aefa" ,
"x-misp-object--3791a2f2-8068-4583-845d-d0a38d0d5f11" ,
"x-misp-object--2e2c8997-8848-4d46-8f1d-172737e258ce" ,
"x-misp-object--994f5e7a-bbff-4ccd-b521-4af728076b9b" ,
"x-misp-object--bad2cd96-e6c3-487a-8935-28ef07751b2d" ,
"x-misp-object--fa8aae14-51ae-4de9-9813-238d85ffcc42" ,
"x-misp-object--5e7b0cd5-84eb-4c69-beb2-7f7db2ad6101" ,
"x-misp-object--bed6e009-2d42-47a0-84f1-12427f4ff522" ,
"x-misp-object--365db456-80ba-443a-b956-843a1a4cb7a8" ,
"x-misp-object--84129c9d-378e-477f-90b6-c754134a86a1" ,
"x-misp-object--3deff8a7-8e00-4b54-a4bf-1fcdd7bf387f" ,
"x-misp-object--2e6a29ad-5626-4495-bbfd-35acdee329e0" ,
"x-misp-object--5a837ade-bafe-45f2-816f-03095c0e0135" ,
"x-misp-object--34f23e73-32cb-434e-837b-f4d22a714360" ,
"indicator--5b3390c0-6268-40af-9ab0-68df950d210f" ,
"indicator--5b3390d6-42fc-46d2-b142-6861950d210f" ,
"indicator--5b3390e7-57f0-4f04-879a-4bb9950d210f" ,
"indicator--5b3390f7-4030-4aa5-b421-3027950d210f" ,
"indicator--5b339125-37a4-4213-bc65-4e4c950d210f" ,
"indicator--5b33913d-8114-4770-a12b-68df950d210f" ,
"indicator--5b339151-0254-4c6c-a8a6-44fb950d210f" ,
"indicator--5b339163-3204-4054-bb53-4e3d950d210f" ,
"indicator--5b339174-eafc-4de2-873a-da6b950d210f" ,
"indicator--5b339189-bcf4-44cc-908a-6911950d210f" ,
"indicator--5b33919b-c95c-4f0b-ac98-689c950d210f" ,
"indicator--5b3391b7-53c8-4a3a-aceb-dee7950d210f" ,
"indicator--5b3391c8-0bf4-4091-bff9-da6b950d210f" ,
"x-misp-object--019a94d0-c591-4b83-94aa-daff7409c321" ,
"x-misp-object--db6b617b-49c8-43b4-8908-afe5af51cee7" ,
"x-misp-object--d828cbe9-16af-4937-ada0-720c7367914b" ,
"x-misp-object--c92cf1ba-27fb-41a2-8ca0-cce941a58606" ,
"x-misp-object--ea16e710-32df-4c89-b829-35a82d88c511" ,
"x-misp-object--c0504c9d-3f68-4187-b5ab-c27a322a30e9" ,
"x-misp-object--095c3d91-1477-4199-89d0-a8eae5dc7c40" ,
"x-misp-object--4968cfb4-ca59-44f4-bdbf-694750b99d4c" ,
"x-misp-object--de4c3619-8744-47c3-b8cd-6fda495bd942" ,
"x-misp-object--df29dca7-7156-4cfe-a8ba-3ccd39c0cec5" ,
"x-misp-object--7b66e013-aa3e-47f4-8332-2b066e66a6e6" ,
"x-misp-object--a1cacbf6-59f6-415f-baff-edff18badf81" ,
"x-misp-object--0f4fd687-aa8e-457d-84fd-42c38b4c82a3" ,
"x-misp-object--303af87f-901c-403e-9f6d-1d3d82fdaa16" ,
"x-misp-object--90d4404c-2895-4d88-ab4e-d996ba26c724" ,
"x-misp-object--6ec49067-5762-48e9-9fbd-28092708d5ba" ,
"x-misp-object--1e424c4b-7b22-435e-bbee-376e02c27c01" ,
"x-misp-object--20ddb2fc-05bf-41a5-840f-987eb82ed0c4" ,
"x-misp-object--a6f4384b-c7bb-466b-bd50-905a7c5ae4c8" ,
"x-misp-object--e281f0e7-57ca-4348-ae1c-79b7de45d17f" ,
"x-misp-object--9942331c-fb6a-48ca-8a9d-8c088b87eceb" ,
"x-misp-object--91446d13-bed9-4a80-9b2f-b2fed41ef4c8" ,
"x-misp-object--442da37d-2272-45e1-b75c-ef0ca6c63019" ,
"x-misp-object--a833bc24-8211-4579-86d9-4f756414083c" ,
2023-12-14 14:30:15 +00:00
"relationship--d3ba6b9b-1a6a-45c6-8bb3-f48db75529a1" ,
"relationship--088843cf-50cf-467f-a73e-0b5f3f0a4931" ,
"relationship--62ca2d95-c13c-48dc-8c4f-fbccb4b1e16d" ,
"relationship--8b8d7455-bcd3-4e8e-907f-09ee26e546ef" ,
"relationship--0c89cbcf-a19f-4d3b-a413-d0660c96b513" ,
"relationship--fad1ab4e-6d7f-4dd0-b980-09f20a616a5a" ,
"relationship--d890abac-3ec5-4fd8-bafe-e85c4b037c23" ,
"relationship--86a64e8c-74fd-46d5-a5a7-f2f7c8a557e0" ,
"relationship--f18f37ae-10f6-4503-936b-7bbeb8a0799f" ,
"relationship--5802278b-f6a2-4b11-9d3e-32abc29e319e" ,
"relationship--c656a06d-c850-476c-b8fa-58537f923f13" ,
"relationship--58692890-1f9f-47a7-9788-54acc91c4ec5" ,
"relationship--16e3ee75-2f5f-4d74-ae8b-a587c58ab0f5" ,
"relationship--2eacbfff-105c-41d1-8455-bd212a625209" ,
"relationship--899272ff-522a-4f82-9866-0bb966638c9f" ,
"relationship--497d01ce-4984-4168-9bea-a8b4678e5ed6" ,
"relationship--3c65cfc2-b00d-4180-a9c6-00b526f9c237" ,
"relationship--3c639674-6c85-4238-8cb6-cf7ea70b5551" ,
"relationship--2455e4ba-3770-4b50-bf5f-9a20198733e7" ,
"relationship--01f4c19e-5d11-47c4-a07b-22f53e2018be" ,
"relationship--8577fc18-488a-48b7-8c75-803b170e7577" ,
"relationship--bb07e7ae-fb5c-401c-8967-a0ff64a4876c" ,
"relationship--9907fa29-4f6d-4df4-9014-3637b656781d"
2023-04-21 14:44:17 +00:00
] ,
"labels" : [
"Threat-Report" ,
"misp:tool=\"MISP-STIX-Converter\"" ,
"misp-galaxy:tool=\"KHRAT\"" ,
"misp-galaxy:rat=\"KhRAT\"" ,
"circl:incident-classification=\"malware\"" ,
"osint:source-type=\"blog-post\"" ,
"misp-galaxy:threat-actor=\"RANCOR\"" ,
"misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Spearphishing Attachment - T1193\""
] ,
"object_marking_refs" : [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
} ,
{
"type" : "x-misp-attribute" ,
"spec_version" : "2.1" ,
"id" : "x-misp-attribute--5b325dc2-90c0-4944-9e86-4072950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-06-27T10:03:40.000Z" ,
"modified" : "2018-06-27T10:03:40.000Z" ,
"labels" : [
"misp:type=\"text\"" ,
"misp:category=\"External analysis\"" ,
"osint:source-type=\"blog-post\""
] ,
"x_misp_category" : "External analysis" ,
"x_misp_type" : "text" ,
"x_misp_value" : "Throughout 2017 and 2018 Unit 42 has been tracking and observing a series of highly targeted attacks focused in South East Asia, building on our research into the KHRAT Trojan. Based on the evidence, these attacks appear to be conducted by the same set of attackers using previously unknown malware families. In addition, these attacks appear to be highly targeted in their distribution of the malware used, as well as the targets chosen. Based on these factors, Unit 42 believes the attackers behind these attacks are conducting their campaigns for espionage purposes.\r\n\r\nWe believe this group is previously unidentified and therefore have we have dubbed it \u00e2\u20ac\u0153RANCOR\u00e2\u20ac\u009d. The Rancor group\u00e2\u20ac\u2122s attacks use two primary malware families which we describe in depth later in this blog and are naming DDKONG and PLAINTEE. DDKONG is used throughout the campaign and PLAINTEE appears to be new addition to these attackers\u00e2\u20ac\u2122 toolkit. Countries Unit 42 has identified as targeted by Rancor with these malware families include, but are not limited to:\r\n\r\n Singapore\r\n Cambodia\r\n\r\nWe identified decoy files which indicate these attacks began with spear phishing messages but have not observed the actual messages. These decoys contain details from public news articles focused primarily on political news and events. Based on this, we believe the Rancor attackers were targeting political entities. Additionally, these decoy documents are hosted on legitimate websites including a government website belonging to the Cambodia Government and in at least once case, Facebook.\r\n\r\nThe malware and infrastructure used in these attacks falls into two distinct clusters, which we are labeling A and B, that are linked through their use of the PLAINTEE malware and several \u00e2\u20ac\u0153softer\u00e2\u20ac\u009d linkages."
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--5b325dd5-5a74-419b-bc1a-41d7950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-06-27T10:03:51.000Z" ,
"modified" : "2018-06-27T10:03:51.000Z" ,
"first_observed" : "2018-06-27T10:03:51Z" ,
"last_observed" : "2018-06-27T10:03:51Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--5b325dd5-5a74-419b-bc1a-41d7950d210f"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\"" ,
"osint:source-type=\"blog-post\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--5b325dd5-5a74-419b-bc1a-41d7950d210f" ,
"value" : "https://researchcenter.paloaltonetworks.com/2018/06/unit42-rancor-targeted-attacks-south-east-asia-using-plaintee-ddkong-malware-families/"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b3344db-0f88-4bec-b454-422a950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-06-27T08:03:39.000Z" ,
"modified" : "2018-06-27T08:03:39.000Z" ,
"description" : "Loader" ,
"pattern" : "[domain-name:value = 'www.facebook-apps.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-06-27T08:03:39Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"hostname\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b3344dc-bedc-4624-8b60-4f7b950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-06-27T08:03:40.000Z" ,
"modified" : "2018-06-27T08:03:40.000Z" ,
"description" : "Loader" ,
"pattern" : "[domain-name:value = 'dlj40s.jdanief.xyz']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-06-27T08:03:40Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"hostname\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b334872-9e80-4ce8-80c8-49df950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-06-27T08:18:58.000Z" ,
"modified" : "2018-06-27T08:18:58.000Z" ,
"description" : "Loader" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '89.46.222.97']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-06-27T08:18:58Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--5b334b13-a7cc-48de-9517-4db9950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-06-27T08:30:11.000Z" ,
"modified" : "2018-06-27T08:30:11.000Z" ,
"first_observed" : "2018-06-27T08:30:11Z" ,
"last_observed" : "2018-06-27T08:30:11Z" ,
"number_observed" : 1 ,
"object_refs" : [
"mutex--5b334b13-a7cc-48de-9517-4db9950d210f"
] ,
"labels" : [
"misp:type=\"mutex\"" ,
"misp:category=\"Artifacts dropped\""
]
} ,
{
"type" : "mutex" ,
"spec_version" : "2.1" ,
"id" : "mutex--5b334b13-a7cc-48de-9517-4db9950d210f" ,
"name" : "microsoftfuckedupb"
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--5b334b5e-3568-42d1-98f3-4f63950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-06-27T08:31:26.000Z" ,
"modified" : "2018-06-27T08:31:26.000Z" ,
"first_observed" : "2018-06-27T08:31:26Z" ,
"last_observed" : "2018-06-27T08:31:26Z" ,
"number_observed" : 1 ,
"object_refs" : [
"mutex--5b334b5e-3568-42d1-98f3-4f63950d210f"
] ,
"labels" : [
"misp:type=\"mutex\"" ,
"misp:category=\"Artifacts dropped\""
]
} ,
{
"type" : "mutex" ,
"spec_version" : "2.1" ,
"id" : "mutex--5b334b5e-3568-42d1-98f3-4f63950d210f" ,
"name" : "Microsoftfuckedup"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b33515d-58b4-42bd-9440-4d80950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-06-27T08:57:01.000Z" ,
"modified" : "2018-06-27T08:57:01.000Z" ,
"description" : "PLAINTEE" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '199.247.6.253']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-06-27T08:57:01Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b33515e-eef0-41af-82e3-4542950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-06-27T08:57:02.000Z" ,
"modified" : "2018-06-27T08:57:02.000Z" ,
"description" : "PLAINTEE" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '45.76.176.236']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-06-27T08:57:02Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b33515f-86a4-4d15-81eb-4878950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-06-27T09:08:00.000Z" ,
"modified" : "2018-06-27T09:08:00.000Z" ,
"description" : "PLAINTEE - DDKONG" ,
"pattern" : "[domain-name:value = 'goole.authorizeddns.us']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-06-27T09:08:00Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"hostname\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b33515f-a7e4-455a-83e1-41af950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-06-27T09:08:20.000Z" ,
"modified" : "2018-06-27T09:08:20.000Z" ,
"description" : "PLAINTEE - DDKONG" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '103.75.189.74']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-06-27T09:08:20Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b335160-6560-4bbf-b10a-47c9950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-06-27T08:57:04.000Z" ,
"modified" : "2018-06-27T08:57:04.000Z" ,
"description" : "PLAINTEE" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '131.153.48.146']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-06-27T08:57:04Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b3353b3-0db4-4cbf-a6a8-4578950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-06-27T09:07:48.000Z" ,
"modified" : "2018-06-27T09:07:48.000Z" ,
"description" : "DDKONG" ,
"pattern" : "[domain-name:value = 'microsoft.authorizeddns.us']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-06-27T09:07:48Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"hostname\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b3353b4-8968-45b6-9874-4b21950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-06-27T09:08:03.000Z" ,
"modified" : "2018-06-27T09:08:03.000Z" ,
"description" : "DDKONG" ,
"pattern" : "[file:name = 'www.google_ssl.onmypc.org']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-06-27T09:08:03Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b3353b5-a744-4a97-99f1-4219950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-06-27T09:07:26.000Z" ,
"modified" : "2018-06-27T09:07:26.000Z" ,
"description" : "DDKONG" ,
"pattern" : "[domain-name:value = 'ftp.chinhphu.ddns.ms']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-06-27T09:07:26Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"hostname\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b3353b5-c0b8-468f-b5b7-4156950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-06-27T09:07:52.000Z" ,
"modified" : "2018-06-27T09:07:52.000Z" ,
"description" : "DDKONG" ,
"pattern" : "[domain-name:value = 'www.microsoft.https443.org']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-06-27T09:07:52Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"hostname\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b3353b6-6d70-4c7d-ad9e-40bc950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-06-27T09:07:44.000Z" ,
"modified" : "2018-06-27T09:07:44.000Z" ,
"description" : "DDKONG" ,
"pattern" : "[domain-name:value = 'msdns.otzo.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-06-27T09:07:44Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"hostname\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b3353b6-ea54-49bb-8b4d-42bf950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-06-27T09:08:35.000Z" ,
"modified" : "2018-06-27T09:08:35.000Z" ,
"description" : "DDKONG" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '103.75.191.177']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-06-27T09:08:35Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b3353b6-d9c4-4e9a-bfbf-41ad950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-06-27T09:08:28.000Z" ,
"modified" : "2018-06-27T09:08:28.000Z" ,
"description" : "DDKONG" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '103.75.191.75']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-06-27T09:08:28Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b3353b7-7b08-4e4c-9806-4b78950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-06-27T09:08:32.000Z" ,
"modified" : "2018-06-27T09:08:32.000Z" ,
"description" : "DDKONG" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '45.121.146.26']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-06-27T09:08:32Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b333f9d-538c-44ae-af71-405a950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-06-27T07:41:17.000Z" ,
"modified" : "2018-06-27T07:41:17.000Z" ,
"description" : "PLAINTEE older variant" ,
"pattern" : "[file:hashes.SHA256 = 'bcd37f1d625772c162350e5383903fe8dbed341ebf0dc38035be5078624c039e' AND file:x_misp_state = 'Malicious']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-06-27T07:41:17Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b333fcb-7060-4d26-8dc5-4970950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-06-27T07:42:03.000Z" ,
"modified" : "2018-06-27T07:42:03.000Z" ,
"description" : "PLAINTEE older variant" ,
"pattern" : "[file:hashes.SHA256 = '6aad1408a72e7adc88c2e60631a6eee3d77f18a70e4eee868623588612efdd31' AND file:x_misp_state = 'Malicious']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-06-27T07:42:03Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b334422-f2f8-4b4e-8873-47b4950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-06-27T09:29:00.000Z" ,
"modified" : "2018-06-27T09:29:00.000Z" ,
"description" : "Loader - Delivery via HTA Loader" ,
"pattern" : "[file:hashes.SHA256 = '1dc5966572e94afc2fbcf8e93e3382eef4e4d7b5bc02f24069c403a28fa6a458' AND file:x_misp_state = 'Malicious']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-06-27T09:29:00Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b3349f9-6a74-42cd-a80f-4c15950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-06-27T09:18:15.000Z" ,
"modified" : "2018-06-27T09:18:15.000Z" ,
"description" : "Loader - Delivery via document property macro" ,
"pattern" : "[file:hashes.SHA256 = 'a789a282e0d65a050cccae66c56632245af1c8a589ace2ca5ca79572289fd483' AND file:x_misp_state = 'Malicious']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-06-27T09:18:15Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b335268-0f64-4354-a783-4b2d950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-06-27T09:01:28.000Z" ,
"modified" : "2018-06-27T09:01:28.000Z" ,
"description" : "PLAINTEE" ,
"pattern" : "[file:hashes.SHA256 = '863a9199decf36895d5d7d148ce9fd622e825f393d7ebe7591b4d37ef3f5f677' AND file:x_misp_state = 'Malicious']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-06-27T09:01:28Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b335279-2d7c-47dd-a880-40af950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-06-27T09:01:45.000Z" ,
"modified" : "2018-06-27T09:01:45.000Z" ,
"description" : "PLAINTEE" ,
"pattern" : "[file:hashes.SHA256 = '22a5bd54f15f33f4218454e53679d7cfae32c03ddb6ec186fb5e6f8b7f7c098b' AND file:x_misp_state = 'Malicious']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-06-27T09:01:45Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b3352a3-669c-429e-93c5-4079950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-06-27T10:00:49.000Z" ,
"modified" : "2018-06-27T10:00:49.000Z" ,
"description" : "PLAINTEE - PE32 executable (DLL) (GUI) Intel 80386, for MS Windows" ,
"pattern" : "[file:hashes.MD5 = 'd5679158937ce288837efe62bc1d9693' AND file:hashes.SHA1 = '0bdb44255e9472d80ee0197d0bfad7d8eb4a18e9' AND file:hashes.SHA256 = 'c35609822e6239934606a99cb3dbc925f4768f0b0654d6a2adc35eca473c505d' AND file:x_misp_state = 'Malicious']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-06-27T10:00:49Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b3352bb-b844-43d1-ad06-4b7f950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-06-27T09:02:51.000Z" ,
"modified" : "2018-06-27T09:02:51.000Z" ,
"description" : "PLAINTEE" ,
"pattern" : "[file:hashes.SHA256 = '6aad1408a72e7adc88c2e60631a6eee3d77f18a70e4eee868623588612efdd31' AND file:x_misp_state = 'Malicious']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-06-27T09:02:51Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b3352e8-2f2c-4dbd-9eff-457f950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-06-27T10:01:35.000Z" ,
"modified" : "2018-06-27T10:01:35.000Z" ,
"description" : "PLAINTEE - PE32 executable (DLL) (GUI) Intel 80386, for MS Windows" ,
"pattern" : "[file:hashes.MD5 = '7c65565dcf5b40bd8358472d032bc8fb' AND file:hashes.SHA1 = 'ac3f20ddc2567af0b050c672ecd59dddab1fe55e' AND file:hashes.SHA256 = 'b099c31515947f0e86eed0c26c76805b13ca2d47ecbdb61fd07917732e38ae78' AND file:x_misp_state = 'Malicious']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-06-27T10:01:35Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b3352f9-5c88-4d97-b859-4b93950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-06-27T09:03:53.000Z" ,
"modified" : "2018-06-27T09:03:53.000Z" ,
"description" : "PLAINTEE" ,
"pattern" : "[file:hashes.SHA256 = 'bcd37f1d625772c162350e5383903fe8dbed341ebf0dc38035be5078624c039e' AND file:x_misp_state = 'Malicious']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-06-27T09:03:53Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b33530d-aa10-4f2b-b024-449f950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-06-27T09:04:13.000Z" ,
"modified" : "2018-06-27T09:04:13.000Z" ,
"description" : "PLAINTEE" ,
"pattern" : "[file:hashes.SHA256 = '9f779d920443d50ef48d4abfa40b43f5cb2c4eb769205b973b115e04f3b978f5' AND file:x_misp_state = 'Malicious']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-06-27T09:04:13Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b3354cd-2058-4b73-9df3-4133950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-06-27T09:37:33.000Z" ,
"modified" : "2018-06-27T09:37:33.000Z" ,
"description" : "Loader - Delivery via DLL Loader" ,
"pattern" : "[file:hashes.SHA256 = '0bb20a9570a9b1e3a72203951268ffe83af6dcae7342a790fe195a2ef109d855' AND file:x_misp_state = 'Malicious']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-06-27T09:37:33Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b3354fd-c4c4-482f-a3e3-4bdb950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-06-27T09:12:29.000Z" ,
"modified" : "2018-06-27T09:12:29.000Z" ,
"description" : "C2" ,
"pattern" : "[domain-name:value = 'facebook-apps.com' AND domain-name:resolves_to_refs[*].value = '89.46.222.97']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-06-27T09:12:29Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "network"
}
] ,
"labels" : [
"misp:name=\"domain-ip\"" ,
"misp:meta-category=\"network\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b335b27-0e54-43fb-970a-4c73950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-06-27T09:38:47.000Z" ,
"modified" : "2018-06-27T09:38:47.000Z" ,
"description" : "DDKONg - PE32 executable (DLL) (GUI) Intel 80386, for MS Windows" ,
"pattern" : "[file:hashes.MD5 = '6fa5bcedaf124cdaccfa5548eed7f4b0' AND file:hashes.SHA1 = '25ba920cb440b4a1c127c8eb0fb23ee783c9e01a' AND file:hashes.SHA256 = '119572fafe502907e1d036cdf76f62b0308b2676ebdfc3a51dbab614d92bc7d0' AND file:x_misp_state = 'Malicious']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-06-27T09:38:47Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b335c5b-9a8c-4f72-a350-4591950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-06-27T09:43:55.000Z" ,
"modified" : "2018-06-27T09:43:55.000Z" ,
"description" : "Plugin downloaded during runtime for DDKong sample.DDKong sample - PE32 executable (DLL) (GUI) Intel 80386, for MS Windows" ,
"pattern" : "[file:hashes.MD5 = 'a5164c686c405734b7362bc6b02488cb' AND file:hashes.SHA1 = '03defdda9397e7536cf39951246483a0339ccd35' AND file:hashes.SHA256 = '0517b62233c9574cb24b78fb533f6e92d35bc6451770f9f6001487ff9c154ad7' AND file:x_misp_state = 'Malicious']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-06-27T09:43:55Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b338cf5-09c4-49a2-9488-6911950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-06-27T13:11:17.000Z" ,
"modified" : "2018-06-27T13:11:17.000Z" ,
"description" : "DDKONG" ,
"pattern" : "[file:hashes.SHA256 = 'c78fef9ef931ffc559ea416d45dc6f43574f524ba073713fddb79e4f8ec1a319' AND file:x_misp_state = 'Malicious']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-06-27T13:11:17Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b338d23-d4e0-4283-b2a1-6911950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-06-27T13:12:03.000Z" ,
"modified" : "2018-06-27T13:12:03.000Z" ,
"description" : "DDKONG" ,
"pattern" : "[file:hashes.SHA256 = '0f102e66bc2df4d14dc493ba8b93a88f6b622c168e0c2b63d0ceb7589910999d' AND file:x_misp_state = 'Malicious']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-06-27T13:12:03Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b338d3d-b4a8-4b78-9ec1-6911950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-06-27T13:12:29.000Z" ,
"modified" : "2018-06-27T13:12:29.000Z" ,
"description" : "DDKONG" ,
"pattern" : "[file:hashes.SHA256 = '82e1e296403be99129aced295e1c12fbb23f871c6fa2acafab9e08d9a728cb96' AND file:x_misp_state = 'Malicious']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-06-27T13:12:29Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--48ba6e13-09f5-446b-9696-dd43ff1924a7" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-07-03T09:11:46.000Z" ,
"modified" : "2018-07-03T09:11:46.000Z" ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\""
] ,
"x_misp_meta_category" : "file" ,
"x_misp_name" : "file"
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--3b010446-7afc-4607-bdf2-7d1e0f550f4a" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-06-27T13:18:02.000Z" ,
"modified" : "2018-06-27T13:18:02.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--2191df90-0868-4154-9da7-ebb1fc04afb8" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-07-03T09:11:46.000Z" ,
"modified" : "2018-07-03T09:11:46.000Z" ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\""
] ,
"x_misp_meta_category" : "file" ,
"x_misp_name" : "file"
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--4b87e0fc-b38b-40a1-bb46-402498c0e827" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-06-27T13:18:07.000Z" ,
"modified" : "2018-06-27T13:18:07.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--56bba473-0d45-4b8c-8d1d-b722ebc2aefa" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-07-03T09:11:46.000Z" ,
"modified" : "2018-07-03T09:11:46.000Z" ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\""
] ,
"x_misp_meta_category" : "file" ,
"x_misp_name" : "file"
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--3791a2f2-8068-4583-845d-d0a38d0d5f11" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-06-27T13:18:11.000Z" ,
"modified" : "2018-06-27T13:18:11.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--2e2c8997-8848-4d46-8f1d-172737e258ce" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-07-03T09:11:46.000Z" ,
"modified" : "2018-07-03T09:11:46.000Z" ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\""
] ,
"x_misp_meta_category" : "file" ,
"x_misp_name" : "file"
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--994f5e7a-bbff-4ccd-b521-4af728076b9b" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-06-27T13:18:14.000Z" ,
"modified" : "2018-06-27T13:18:14.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--bad2cd96-e6c3-487a-8935-28ef07751b2d" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-07-03T09:11:47.000Z" ,
"modified" : "2018-07-03T09:11:47.000Z" ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\""
] ,
"x_misp_meta_category" : "file" ,
"x_misp_name" : "file"
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--fa8aae14-51ae-4de9-9813-238d85ffcc42" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-06-27T13:18:17.000Z" ,
"modified" : "2018-06-27T13:18:17.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--5e7b0cd5-84eb-4c69-beb2-7f7db2ad6101" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-07-03T09:11:47.000Z" ,
"modified" : "2018-07-03T09:11:47.000Z" ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\""
] ,
"x_misp_meta_category" : "file" ,
"x_misp_name" : "file"
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--bed6e009-2d42-47a0-84f1-12427f4ff522" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-06-27T13:18:21.000Z" ,
"modified" : "2018-06-27T13:18:21.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--365db456-80ba-443a-b956-843a1a4cb7a8" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-07-03T09:11:47.000Z" ,
"modified" : "2018-07-03T09:11:47.000Z" ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\""
] ,
"x_misp_meta_category" : "file" ,
"x_misp_name" : "file"
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--84129c9d-378e-477f-90b6-c754134a86a1" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-06-27T13:18:30.000Z" ,
"modified" : "2018-06-27T13:18:30.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--3deff8a7-8e00-4b54-a4bf-1fcdd7bf387f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-07-03T09:11:47.000Z" ,
"modified" : "2018-07-03T09:11:47.000Z" ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\""
] ,
"x_misp_meta_category" : "file" ,
"x_misp_name" : "file"
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--2e6a29ad-5626-4495-bbfd-35acdee329e0" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-06-27T13:18:36.000Z" ,
"modified" : "2018-06-27T13:18:36.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--5a837ade-bafe-45f2-816f-03095c0e0135" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-07-03T09:11:47.000Z" ,
"modified" : "2018-07-03T09:11:47.000Z" ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\""
] ,
"x_misp_meta_category" : "file" ,
"x_misp_name" : "file"
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--34f23e73-32cb-434e-837b-f4d22a714360" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-06-27T13:18:39.000Z" ,
"modified" : "2018-06-27T13:18:39.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b3390c0-6268-40af-9ab0-68df950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-06-27T13:27:28.000Z" ,
"modified" : "2018-06-27T13:27:28.000Z" ,
"description" : "DDKONG" ,
"pattern" : "[file:hashes.SHA256 = '84607a2abfd64d61299b0313337e85dd371642e9654b12288c8a1fc7c8c1cf0a' AND file:x_misp_state = 'Malicious']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-06-27T13:27:28Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b3390d6-42fc-46d2-b142-6861950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-06-27T13:27:50.000Z" ,
"modified" : "2018-06-27T13:27:50.000Z" ,
"description" : "DDKONG" ,
"pattern" : "[file:hashes.SHA256 = 'a725abb8fe76939f0e0532978eacd7d4afb4459bb6797ec32a7a9f670778bd7e' AND file:x_misp_state = 'Malicious']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-06-27T13:27:50Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b3390e7-57f0-4f04-879a-4bb9950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-06-27T13:28:07.000Z" ,
"modified" : "2018-06-27T13:28:07.000Z" ,
"description" : "DDKONG" ,
"pattern" : "[file:hashes.SHA256 = '15f4c0a589dff62200fd7c885f1e7aa8863b8efa91e23c020de271061f4918eb' AND file:x_misp_state = 'Malicious']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-06-27T13:28:07Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b3390f7-4030-4aa5-b421-3027950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-06-27T13:28:23.000Z" ,
"modified" : "2018-06-27T13:28:23.000Z" ,
"description" : "DDKONG" ,
"pattern" : "[file:hashes.SHA256 = '9996e108ade2ef3911d5d38e9f3c1deb0300aa0a82d33e36d376c6927e3ee5af' AND file:x_misp_state = 'Malicious']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-06-27T13:28:23Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b339125-37a4-4213-bc65-4e4c950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-06-27T13:29:09.000Z" ,
"modified" : "2018-06-27T13:29:09.000Z" ,
"description" : "DDKONG" ,
"pattern" : "[file:hashes.SHA256 = '18e102201409237547ab2754daa212cc1454f32c993b6e10a0297b0e6a980823' AND file:x_misp_state = 'Malicious']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-06-27T13:29:09Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b33913d-8114-4770-a12b-68df950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-06-27T13:29:33.000Z" ,
"modified" : "2018-06-27T13:29:33.000Z" ,
"description" : "DDKONG" ,
"pattern" : "[file:hashes.SHA256 = 'b8528c8e325db76b139d46e9f29835382a1b48d8941c47060076f367539c2559' AND file:x_misp_state = 'Malicious']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-06-27T13:29:33Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b339151-0254-4c6c-a8a6-44fb950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-06-27T13:29:53.000Z" ,
"modified" : "2018-06-27T13:29:53.000Z" ,
"description" : "DDKONG" ,
"pattern" : "[file:hashes.SHA256 = '01315e211bac543195f2c703033ba31b229001f844854b147c4b2a0973a7d17b' AND file:x_misp_state = 'Malicious']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-06-27T13:29:53Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b339163-3204-4054-bb53-4e3d950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-06-27T13:30:11.000Z" ,
"modified" : "2018-06-27T13:30:11.000Z" ,
"description" : "DDKONG" ,
"pattern" : "[file:hashes.SHA256 = 'df14de6b43f902ac8c35ecf0582ddb33e12e682700eb55dc4706b73f5aed40f6' AND file:x_misp_state = 'Malicious']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-06-27T13:30:11Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b339174-eafc-4de2-873a-da6b950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-06-27T13:30:28.000Z" ,
"modified" : "2018-06-27T13:30:28.000Z" ,
"description" : "DDKONG" ,
"pattern" : "[file:hashes.SHA256 = '177906cb9170adc26082e44d9ad1b3fbdcba7c0b57e28b614c1b66cc4a99f906' AND file:x_misp_state = 'Malicious']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-06-27T13:30:28Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b339189-bcf4-44cc-908a-6911950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-06-27T13:30:49.000Z" ,
"modified" : "2018-06-27T13:30:49.000Z" ,
"description" : "DDKONG" ,
"pattern" : "[file:hashes.SHA256 = '113ae6f4d6a2963d5c9a7f42f782b176da096d17296f5a546433f7f27f260895' AND file:x_misp_state = 'Malicious']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-06-27T13:30:49Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b33919b-c95c-4f0b-ac98-689c950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-06-27T13:31:07.000Z" ,
"modified" : "2018-06-27T13:31:07.000Z" ,
"description" : "DDKONG" ,
"pattern" : "[file:hashes.SHA256 = '119572fafe502907e1d036cdf76f62b0308b2676ebdfc3a51dbab614d92bc7d0' AND file:x_misp_state = 'Malicious']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-06-27T13:31:07Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b3391b7-53c8-4a3a-aceb-dee7950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-06-27T13:31:35.000Z" ,
"modified" : "2018-06-27T13:31:35.000Z" ,
"description" : "DDKONG" ,
"pattern" : "[file:hashes.SHA256 = '5afbee76af2a09c173cf782fd5e51b5076b87f19b709577ddae1c8e5455fc642' AND file:x_misp_state = 'Malicious']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-06-27T13:31:35Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5b3391c8-0bf4-4091-bff9-da6b950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-06-27T13:31:52.000Z" ,
"modified" : "2018-06-27T13:31:52.000Z" ,
"description" : "DDKONG" ,
"pattern" : "[file:hashes.SHA256 = '128adaba3e6251d1af305a85ebfaafb2a8028eed3b9b031c54176ca7cef539d2' AND file:x_misp_state = 'Malicious']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-06-27T13:31:52Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--019a94d0-c591-4b83-94aa-daff7409c321" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-07-03T09:11:47.000Z" ,
"modified" : "2018-07-03T09:11:47.000Z" ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\""
] ,
"x_misp_meta_category" : "file" ,
"x_misp_name" : "file"
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--db6b617b-49c8-43b4-8908-afe5af51cee7" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-07-03T09:11:45.000Z" ,
"modified" : "2018-07-03T09:11:45.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--d828cbe9-16af-4937-ada0-720c7367914b" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-07-03T09:11:54.000Z" ,
"modified" : "2018-07-03T09:11:54.000Z" ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\""
] ,
"x_misp_meta_category" : "file" ,
"x_misp_name" : "file"
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--c92cf1ba-27fb-41a2-8ca0-cce941a58606" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-07-03T09:11:53.000Z" ,
"modified" : "2018-07-03T09:11:53.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--ea16e710-32df-4c89-b829-35a82d88c511" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-07-03T09:11:57.000Z" ,
"modified" : "2018-07-03T09:11:57.000Z" ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\""
] ,
"x_misp_meta_category" : "file" ,
"x_misp_name" : "file"
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--c0504c9d-3f68-4187-b5ab-c27a322a30e9" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-07-03T09:11:55.000Z" ,
"modified" : "2018-07-03T09:11:55.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--095c3d91-1477-4199-89d0-a8eae5dc7c40" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-07-03T09:12:00.000Z" ,
"modified" : "2018-07-03T09:12:00.000Z" ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\""
] ,
"x_misp_meta_category" : "file" ,
"x_misp_name" : "file"
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--4968cfb4-ca59-44f4-bdbf-694750b99d4c" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-07-03T09:11:58.000Z" ,
"modified" : "2018-07-03T09:11:58.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--de4c3619-8744-47c3-b8cd-6fda495bd942" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-07-03T09:12:03.000Z" ,
"modified" : "2018-07-03T09:12:03.000Z" ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\""
] ,
"x_misp_meta_category" : "file" ,
"x_misp_name" : "file"
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--df29dca7-7156-4cfe-a8ba-3ccd39c0cec5" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-07-03T09:12:01.000Z" ,
"modified" : "2018-07-03T09:12:01.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--7b66e013-aa3e-47f4-8332-2b066e66a6e6" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-07-03T09:12:06.000Z" ,
"modified" : "2018-07-03T09:12:06.000Z" ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\""
] ,
"x_misp_meta_category" : "file" ,
"x_misp_name" : "file"
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--a1cacbf6-59f6-415f-baff-edff18badf81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-07-03T09:12:05.000Z" ,
"modified" : "2018-07-03T09:12:05.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--0f4fd687-aa8e-457d-84fd-42c38b4c82a3" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-07-03T09:12:10.000Z" ,
"modified" : "2018-07-03T09:12:10.000Z" ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\""
] ,
"x_misp_meta_category" : "file" ,
"x_misp_name" : "file"
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--303af87f-901c-403e-9f6d-1d3d82fdaa16" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-07-03T09:12:08.000Z" ,
"modified" : "2018-07-03T09:12:08.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--90d4404c-2895-4d88-ab4e-d996ba26c724" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-07-03T09:12:12.000Z" ,
"modified" : "2018-07-03T09:12:12.000Z" ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\""
] ,
"x_misp_meta_category" : "file" ,
"x_misp_name" : "file"
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--6ec49067-5762-48e9-9fbd-28092708d5ba" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-07-03T09:12:10.000Z" ,
"modified" : "2018-07-03T09:12:10.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--1e424c4b-7b22-435e-bbee-376e02c27c01" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-07-03T09:12:15.000Z" ,
"modified" : "2018-07-03T09:12:15.000Z" ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\""
] ,
"x_misp_meta_category" : "file" ,
"x_misp_name" : "file"
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--20ddb2fc-05bf-41a5-840f-987eb82ed0c4" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-07-03T09:12:13.000Z" ,
"modified" : "2018-07-03T09:12:13.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--a6f4384b-c7bb-466b-bd50-905a7c5ae4c8" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-07-03T09:12:17.000Z" ,
"modified" : "2018-07-03T09:12:17.000Z" ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\""
] ,
"x_misp_meta_category" : "file" ,
"x_misp_name" : "file"
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--e281f0e7-57ca-4348-ae1c-79b7de45d17f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-07-03T09:12:15.000Z" ,
"modified" : "2018-07-03T09:12:15.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--9942331c-fb6a-48ca-8a9d-8c088b87eceb" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-07-03T09:12:19.000Z" ,
"modified" : "2018-07-03T09:12:19.000Z" ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\""
] ,
"x_misp_meta_category" : "file" ,
"x_misp_name" : "file"
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--91446d13-bed9-4a80-9b2f-b2fed41ef4c8" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-07-03T09:12:18.000Z" ,
"modified" : "2018-07-03T09:12:18.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--442da37d-2272-45e1-b75c-ef0ca6c63019" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-07-03T09:12:22.000Z" ,
"modified" : "2018-07-03T09:12:22.000Z" ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\""
] ,
"x_misp_meta_category" : "file" ,
"x_misp_name" : "file"
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--a833bc24-8211-4579-86d9-4f756414083c" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-07-03T09:12:20.000Z" ,
"modified" : "2018-07-03T09:12:20.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2023-12-14 14:30:15 +00:00
"id" : "relationship--d3ba6b9b-1a6a-45c6-8bb3-f48db75529a1" ,
2023-04-21 14:44:17 +00:00
"created" : "2018-06-27T09:17:36.000Z" ,
"modified" : "2018-06-27T09:17:36.000Z" ,
"relationship_type" : "connected-to" ,
"source_ref" : "indicator--5b3352a3-669c-429e-93c5-4079950d210f" ,
"target_ref" : "indicator--5b334872-9e80-4ce8-80c8-49df950d210f"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2023-12-14 14:30:15 +00:00
"id" : "relationship--088843cf-50cf-467f-a73e-0b5f3f0a4931" ,
2023-04-21 14:44:17 +00:00
"created" : "2018-06-27T09:12:49.000Z" ,
"modified" : "2018-06-27T09:12:49.000Z" ,
"relationship_type" : "connected-to" ,
"source_ref" : "indicator--5b3354cd-2058-4b73-9df3-4133950d210f" ,
"target_ref" : "indicator--5b3354fd-c4c4-482f-a3e3-4bdb950d210f"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2023-12-14 14:30:15 +00:00
"id" : "relationship--62ca2d95-c13c-48dc-8c4f-fbccb4b1e16d" ,
2023-04-21 14:44:17 +00:00
"created" : "2018-06-27T13:18:42.000Z" ,
"modified" : "2018-06-27T13:18:42.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "x-misp-object--48ba6e13-09f5-446b-9696-dd43ff1924a7" ,
"target_ref" : "x-misp-object--3b010446-7afc-4607-bdf2-7d1e0f550f4a"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2023-12-14 14:30:15 +00:00
"id" : "relationship--8b8d7455-bcd3-4e8e-907f-09ee26e546ef" ,
2023-04-21 14:44:17 +00:00
"created" : "2018-06-27T13:18:43.000Z" ,
"modified" : "2018-06-27T13:18:43.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "x-misp-object--2191df90-0868-4154-9da7-ebb1fc04afb8" ,
"target_ref" : "x-misp-object--4b87e0fc-b38b-40a1-bb46-402498c0e827"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2023-12-14 14:30:15 +00:00
"id" : "relationship--0c89cbcf-a19f-4d3b-a413-d0660c96b513" ,
2023-04-21 14:44:17 +00:00
"created" : "2018-06-27T13:18:43.000Z" ,
"modified" : "2018-06-27T13:18:43.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "x-misp-object--56bba473-0d45-4b8c-8d1d-b722ebc2aefa" ,
"target_ref" : "x-misp-object--3791a2f2-8068-4583-845d-d0a38d0d5f11"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2023-12-14 14:30:15 +00:00
"id" : "relationship--fad1ab4e-6d7f-4dd0-b980-09f20a616a5a" ,
2023-04-21 14:44:17 +00:00
"created" : "2018-06-27T13:18:43.000Z" ,
"modified" : "2018-06-27T13:18:43.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "x-misp-object--2e2c8997-8848-4d46-8f1d-172737e258ce" ,
"target_ref" : "x-misp-object--994f5e7a-bbff-4ccd-b521-4af728076b9b"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2023-12-14 14:30:15 +00:00
"id" : "relationship--d890abac-3ec5-4fd8-bafe-e85c4b037c23" ,
2023-04-21 14:44:17 +00:00
"created" : "2018-06-27T13:18:43.000Z" ,
"modified" : "2018-06-27T13:18:43.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "x-misp-object--bad2cd96-e6c3-487a-8935-28ef07751b2d" ,
"target_ref" : "x-misp-object--fa8aae14-51ae-4de9-9813-238d85ffcc42"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2023-12-14 14:30:15 +00:00
"id" : "relationship--86a64e8c-74fd-46d5-a5a7-f2f7c8a557e0" ,
2023-04-21 14:44:17 +00:00
"created" : "2018-06-27T13:18:43.000Z" ,
"modified" : "2018-06-27T13:18:43.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "x-misp-object--5e7b0cd5-84eb-4c69-beb2-7f7db2ad6101" ,
"target_ref" : "x-misp-object--bed6e009-2d42-47a0-84f1-12427f4ff522"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2023-12-14 14:30:15 +00:00
"id" : "relationship--f18f37ae-10f6-4503-936b-7bbeb8a0799f" ,
2023-04-21 14:44:17 +00:00
"created" : "2018-06-27T13:18:43.000Z" ,
"modified" : "2018-06-27T13:18:43.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "x-misp-object--365db456-80ba-443a-b956-843a1a4cb7a8" ,
"target_ref" : "x-misp-object--84129c9d-378e-477f-90b6-c754134a86a1"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2023-12-14 14:30:15 +00:00
"id" : "relationship--5802278b-f6a2-4b11-9d3e-32abc29e319e" ,
2023-04-21 14:44:17 +00:00
"created" : "2018-06-27T13:18:43.000Z" ,
"modified" : "2018-06-27T13:18:43.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "x-misp-object--3deff8a7-8e00-4b54-a4bf-1fcdd7bf387f" ,
"target_ref" : "x-misp-object--2e6a29ad-5626-4495-bbfd-35acdee329e0"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2023-12-14 14:30:15 +00:00
"id" : "relationship--c656a06d-c850-476c-b8fa-58537f923f13" ,
2023-04-21 14:44:17 +00:00
"created" : "2018-06-27T13:18:43.000Z" ,
"modified" : "2018-06-27T13:18:43.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "x-misp-object--5a837ade-bafe-45f2-816f-03095c0e0135" ,
"target_ref" : "x-misp-object--34f23e73-32cb-434e-837b-f4d22a714360"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2023-12-14 14:30:15 +00:00
"id" : "relationship--58692890-1f9f-47a7-9788-54acc91c4ec5" ,
2023-04-21 14:44:17 +00:00
"created" : "2018-07-03T09:12:23.000Z" ,
"modified" : "2018-07-03T09:12:23.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "x-misp-object--019a94d0-c591-4b83-94aa-daff7409c321" ,
"target_ref" : "x-misp-object--db6b617b-49c8-43b4-8908-afe5af51cee7"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2023-12-14 14:30:15 +00:00
"id" : "relationship--16e3ee75-2f5f-4d74-ae8b-a587c58ab0f5" ,
2023-04-21 14:44:17 +00:00
"created" : "2018-07-03T09:12:23.000Z" ,
"modified" : "2018-07-03T09:12:23.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "x-misp-object--d828cbe9-16af-4937-ada0-720c7367914b" ,
"target_ref" : "x-misp-object--c92cf1ba-27fb-41a2-8ca0-cce941a58606"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2023-12-14 14:30:15 +00:00
"id" : "relationship--2eacbfff-105c-41d1-8455-bd212a625209" ,
2023-04-21 14:44:17 +00:00
"created" : "2018-07-03T09:12:23.000Z" ,
"modified" : "2018-07-03T09:12:23.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "x-misp-object--ea16e710-32df-4c89-b829-35a82d88c511" ,
"target_ref" : "x-misp-object--c0504c9d-3f68-4187-b5ab-c27a322a30e9"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2023-12-14 14:30:15 +00:00
"id" : "relationship--899272ff-522a-4f82-9866-0bb966638c9f" ,
2023-04-21 14:44:17 +00:00
"created" : "2018-07-03T09:12:23.000Z" ,
"modified" : "2018-07-03T09:12:23.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "x-misp-object--095c3d91-1477-4199-89d0-a8eae5dc7c40" ,
"target_ref" : "x-misp-object--4968cfb4-ca59-44f4-bdbf-694750b99d4c"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2023-12-14 14:30:15 +00:00
"id" : "relationship--497d01ce-4984-4168-9bea-a8b4678e5ed6" ,
2023-04-21 14:44:17 +00:00
"created" : "2018-07-03T09:12:23.000Z" ,
"modified" : "2018-07-03T09:12:23.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "x-misp-object--de4c3619-8744-47c3-b8cd-6fda495bd942" ,
"target_ref" : "x-misp-object--df29dca7-7156-4cfe-a8ba-3ccd39c0cec5"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2023-12-14 14:30:15 +00:00
"id" : "relationship--3c65cfc2-b00d-4180-a9c6-00b526f9c237" ,
2023-04-21 14:44:17 +00:00
"created" : "2018-07-03T09:12:23.000Z" ,
"modified" : "2018-07-03T09:12:23.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "x-misp-object--7b66e013-aa3e-47f4-8332-2b066e66a6e6" ,
"target_ref" : "x-misp-object--a1cacbf6-59f6-415f-baff-edff18badf81"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2023-12-14 14:30:15 +00:00
"id" : "relationship--3c639674-6c85-4238-8cb6-cf7ea70b5551" ,
2023-04-21 14:44:17 +00:00
"created" : "2018-07-03T09:12:24.000Z" ,
"modified" : "2018-07-03T09:12:24.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "x-misp-object--0f4fd687-aa8e-457d-84fd-42c38b4c82a3" ,
"target_ref" : "x-misp-object--303af87f-901c-403e-9f6d-1d3d82fdaa16"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2023-12-14 14:30:15 +00:00
"id" : "relationship--2455e4ba-3770-4b50-bf5f-9a20198733e7" ,
2023-04-21 14:44:17 +00:00
"created" : "2018-07-03T09:12:24.000Z" ,
"modified" : "2018-07-03T09:12:24.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "x-misp-object--90d4404c-2895-4d88-ab4e-d996ba26c724" ,
"target_ref" : "x-misp-object--6ec49067-5762-48e9-9fbd-28092708d5ba"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2023-12-14 14:30:15 +00:00
"id" : "relationship--01f4c19e-5d11-47c4-a07b-22f53e2018be" ,
2023-04-21 14:44:17 +00:00
"created" : "2018-07-03T09:12:24.000Z" ,
"modified" : "2018-07-03T09:12:24.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "x-misp-object--1e424c4b-7b22-435e-bbee-376e02c27c01" ,
"target_ref" : "x-misp-object--20ddb2fc-05bf-41a5-840f-987eb82ed0c4"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2023-12-14 14:30:15 +00:00
"id" : "relationship--8577fc18-488a-48b7-8c75-803b170e7577" ,
2023-04-21 14:44:17 +00:00
"created" : "2018-07-03T09:12:24.000Z" ,
"modified" : "2018-07-03T09:12:24.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "x-misp-object--a6f4384b-c7bb-466b-bd50-905a7c5ae4c8" ,
"target_ref" : "x-misp-object--e281f0e7-57ca-4348-ae1c-79b7de45d17f"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2023-12-14 14:30:15 +00:00
"id" : "relationship--bb07e7ae-fb5c-401c-8967-a0ff64a4876c" ,
2023-04-21 14:44:17 +00:00
"created" : "2018-07-03T09:12:24.000Z" ,
"modified" : "2018-07-03T09:12:24.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "x-misp-object--9942331c-fb6a-48ca-8a9d-8c088b87eceb" ,
"target_ref" : "x-misp-object--91446d13-bed9-4a80-9b2f-b2fed41ef4c8"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2023-12-14 14:30:15 +00:00
"id" : "relationship--9907fa29-4f6d-4df4-9014-3637b656781d" ,
2023-04-21 14:44:17 +00:00
"created" : "2018-07-03T09:12:24.000Z" ,
"modified" : "2018-07-03T09:12:24.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "x-misp-object--442da37d-2272-45e1-b75c-ef0ca6c63019" ,
"target_ref" : "x-misp-object--a833bc24-8211-4579-86d9-4f756414083c"
} ,
{
"type" : "marking-definition" ,
"spec_version" : "2.1" ,
"id" : "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ,
"created" : "2017-01-20T00:00:00.000Z" ,
"definition_type" : "tlp" ,
"name" : "TLP:WHITE" ,
"definition" : {
"tlp" : "white"
}
}
]
}