misp-circl-feed/feeds/circl/stix-2.1/5b325da8-0434-48ad-8b27-48de950d210f.json

2205 lines
95 KiB
JSON
Raw Normal View History

2023-04-21 14:44:17 +00:00
{
"type": "bundle",
"id": "bundle--5b325da8-0434-48ad-8b27-48de950d210f",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-07-03T09:28:06.000Z",
"modified": "2018-07-03T09:28:06.000Z",
"name": "CIRCL",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--5b325da8-0434-48ad-8b27-48de950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-07-03T09:28:06.000Z",
"modified": "2018-07-03T09:28:06.000Z",
"name": "OSINT - RANCOR: Targeted Attacks in South East Asia Using PLAINTEE and DDKONG Malware Families",
"published": "2018-07-03T09:28:49Z",
"object_refs": [
"x-misp-attribute--5b325dc2-90c0-4944-9e86-4072950d210f",
"observed-data--5b325dd5-5a74-419b-bc1a-41d7950d210f",
"url--5b325dd5-5a74-419b-bc1a-41d7950d210f",
"indicator--5b3344db-0f88-4bec-b454-422a950d210f",
"indicator--5b3344dc-bedc-4624-8b60-4f7b950d210f",
"indicator--5b334872-9e80-4ce8-80c8-49df950d210f",
"observed-data--5b334b13-a7cc-48de-9517-4db9950d210f",
"mutex--5b334b13-a7cc-48de-9517-4db9950d210f",
"observed-data--5b334b5e-3568-42d1-98f3-4f63950d210f",
"mutex--5b334b5e-3568-42d1-98f3-4f63950d210f",
"indicator--5b33515d-58b4-42bd-9440-4d80950d210f",
"indicator--5b33515e-eef0-41af-82e3-4542950d210f",
"indicator--5b33515f-86a4-4d15-81eb-4878950d210f",
"indicator--5b33515f-a7e4-455a-83e1-41af950d210f",
"indicator--5b335160-6560-4bbf-b10a-47c9950d210f",
"indicator--5b3353b3-0db4-4cbf-a6a8-4578950d210f",
"indicator--5b3353b4-8968-45b6-9874-4b21950d210f",
"indicator--5b3353b5-a744-4a97-99f1-4219950d210f",
"indicator--5b3353b5-c0b8-468f-b5b7-4156950d210f",
"indicator--5b3353b6-6d70-4c7d-ad9e-40bc950d210f",
"indicator--5b3353b6-ea54-49bb-8b4d-42bf950d210f",
"indicator--5b3353b6-d9c4-4e9a-bfbf-41ad950d210f",
"indicator--5b3353b7-7b08-4e4c-9806-4b78950d210f",
"indicator--5b333f9d-538c-44ae-af71-405a950d210f",
"indicator--5b333fcb-7060-4d26-8dc5-4970950d210f",
"indicator--5b334422-f2f8-4b4e-8873-47b4950d210f",
"indicator--5b3349f9-6a74-42cd-a80f-4c15950d210f",
"indicator--5b335268-0f64-4354-a783-4b2d950d210f",
"indicator--5b335279-2d7c-47dd-a880-40af950d210f",
"indicator--5b3352a3-669c-429e-93c5-4079950d210f",
"indicator--5b3352bb-b844-43d1-ad06-4b7f950d210f",
"indicator--5b3352e8-2f2c-4dbd-9eff-457f950d210f",
"indicator--5b3352f9-5c88-4d97-b859-4b93950d210f",
"indicator--5b33530d-aa10-4f2b-b024-449f950d210f",
"indicator--5b3354cd-2058-4b73-9df3-4133950d210f",
"indicator--5b3354fd-c4c4-482f-a3e3-4bdb950d210f",
"indicator--5b335b27-0e54-43fb-970a-4c73950d210f",
"indicator--5b335c5b-9a8c-4f72-a350-4591950d210f",
"indicator--5b338cf5-09c4-49a2-9488-6911950d210f",
"indicator--5b338d23-d4e0-4283-b2a1-6911950d210f",
"indicator--5b338d3d-b4a8-4b78-9ec1-6911950d210f",
"x-misp-object--48ba6e13-09f5-446b-9696-dd43ff1924a7",
"x-misp-object--3b010446-7afc-4607-bdf2-7d1e0f550f4a",
"x-misp-object--2191df90-0868-4154-9da7-ebb1fc04afb8",
"x-misp-object--4b87e0fc-b38b-40a1-bb46-402498c0e827",
"x-misp-object--56bba473-0d45-4b8c-8d1d-b722ebc2aefa",
"x-misp-object--3791a2f2-8068-4583-845d-d0a38d0d5f11",
"x-misp-object--2e2c8997-8848-4d46-8f1d-172737e258ce",
"x-misp-object--994f5e7a-bbff-4ccd-b521-4af728076b9b",
"x-misp-object--bad2cd96-e6c3-487a-8935-28ef07751b2d",
"x-misp-object--fa8aae14-51ae-4de9-9813-238d85ffcc42",
"x-misp-object--5e7b0cd5-84eb-4c69-beb2-7f7db2ad6101",
"x-misp-object--bed6e009-2d42-47a0-84f1-12427f4ff522",
"x-misp-object--365db456-80ba-443a-b956-843a1a4cb7a8",
"x-misp-object--84129c9d-378e-477f-90b6-c754134a86a1",
"x-misp-object--3deff8a7-8e00-4b54-a4bf-1fcdd7bf387f",
"x-misp-object--2e6a29ad-5626-4495-bbfd-35acdee329e0",
"x-misp-object--5a837ade-bafe-45f2-816f-03095c0e0135",
"x-misp-object--34f23e73-32cb-434e-837b-f4d22a714360",
"indicator--5b3390c0-6268-40af-9ab0-68df950d210f",
"indicator--5b3390d6-42fc-46d2-b142-6861950d210f",
"indicator--5b3390e7-57f0-4f04-879a-4bb9950d210f",
"indicator--5b3390f7-4030-4aa5-b421-3027950d210f",
"indicator--5b339125-37a4-4213-bc65-4e4c950d210f",
"indicator--5b33913d-8114-4770-a12b-68df950d210f",
"indicator--5b339151-0254-4c6c-a8a6-44fb950d210f",
"indicator--5b339163-3204-4054-bb53-4e3d950d210f",
"indicator--5b339174-eafc-4de2-873a-da6b950d210f",
"indicator--5b339189-bcf4-44cc-908a-6911950d210f",
"indicator--5b33919b-c95c-4f0b-ac98-689c950d210f",
"indicator--5b3391b7-53c8-4a3a-aceb-dee7950d210f",
"indicator--5b3391c8-0bf4-4091-bff9-da6b950d210f",
"x-misp-object--019a94d0-c591-4b83-94aa-daff7409c321",
"x-misp-object--db6b617b-49c8-43b4-8908-afe5af51cee7",
"x-misp-object--d828cbe9-16af-4937-ada0-720c7367914b",
"x-misp-object--c92cf1ba-27fb-41a2-8ca0-cce941a58606",
"x-misp-object--ea16e710-32df-4c89-b829-35a82d88c511",
"x-misp-object--c0504c9d-3f68-4187-b5ab-c27a322a30e9",
"x-misp-object--095c3d91-1477-4199-89d0-a8eae5dc7c40",
"x-misp-object--4968cfb4-ca59-44f4-bdbf-694750b99d4c",
"x-misp-object--de4c3619-8744-47c3-b8cd-6fda495bd942",
"x-misp-object--df29dca7-7156-4cfe-a8ba-3ccd39c0cec5",
"x-misp-object--7b66e013-aa3e-47f4-8332-2b066e66a6e6",
"x-misp-object--a1cacbf6-59f6-415f-baff-edff18badf81",
"x-misp-object--0f4fd687-aa8e-457d-84fd-42c38b4c82a3",
"x-misp-object--303af87f-901c-403e-9f6d-1d3d82fdaa16",
"x-misp-object--90d4404c-2895-4d88-ab4e-d996ba26c724",
"x-misp-object--6ec49067-5762-48e9-9fbd-28092708d5ba",
"x-misp-object--1e424c4b-7b22-435e-bbee-376e02c27c01",
"x-misp-object--20ddb2fc-05bf-41a5-840f-987eb82ed0c4",
"x-misp-object--a6f4384b-c7bb-466b-bd50-905a7c5ae4c8",
"x-misp-object--e281f0e7-57ca-4348-ae1c-79b7de45d17f",
"x-misp-object--9942331c-fb6a-48ca-8a9d-8c088b87eceb",
"x-misp-object--91446d13-bed9-4a80-9b2f-b2fed41ef4c8",
"x-misp-object--442da37d-2272-45e1-b75c-ef0ca6c63019",
"x-misp-object--a833bc24-8211-4579-86d9-4f756414083c",
2023-12-14 14:30:15 +00:00
"relationship--d3ba6b9b-1a6a-45c6-8bb3-f48db75529a1",
"relationship--088843cf-50cf-467f-a73e-0b5f3f0a4931",
"relationship--62ca2d95-c13c-48dc-8c4f-fbccb4b1e16d",
"relationship--8b8d7455-bcd3-4e8e-907f-09ee26e546ef",
"relationship--0c89cbcf-a19f-4d3b-a413-d0660c96b513",
"relationship--fad1ab4e-6d7f-4dd0-b980-09f20a616a5a",
"relationship--d890abac-3ec5-4fd8-bafe-e85c4b037c23",
"relationship--86a64e8c-74fd-46d5-a5a7-f2f7c8a557e0",
"relationship--f18f37ae-10f6-4503-936b-7bbeb8a0799f",
"relationship--5802278b-f6a2-4b11-9d3e-32abc29e319e",
"relationship--c656a06d-c850-476c-b8fa-58537f923f13",
"relationship--58692890-1f9f-47a7-9788-54acc91c4ec5",
"relationship--16e3ee75-2f5f-4d74-ae8b-a587c58ab0f5",
"relationship--2eacbfff-105c-41d1-8455-bd212a625209",
"relationship--899272ff-522a-4f82-9866-0bb966638c9f",
"relationship--497d01ce-4984-4168-9bea-a8b4678e5ed6",
"relationship--3c65cfc2-b00d-4180-a9c6-00b526f9c237",
"relationship--3c639674-6c85-4238-8cb6-cf7ea70b5551",
"relationship--2455e4ba-3770-4b50-bf5f-9a20198733e7",
"relationship--01f4c19e-5d11-47c4-a07b-22f53e2018be",
"relationship--8577fc18-488a-48b7-8c75-803b170e7577",
"relationship--bb07e7ae-fb5c-401c-8967-a0ff64a4876c",
"relationship--9907fa29-4f6d-4df4-9014-3637b656781d"
2023-04-21 14:44:17 +00:00
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"misp-galaxy:tool=\"KHRAT\"",
"misp-galaxy:rat=\"KhRAT\"",
"circl:incident-classification=\"malware\"",
"osint:source-type=\"blog-post\"",
"misp-galaxy:threat-actor=\"RANCOR\"",
"misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Spearphishing Attachment - T1193\""
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--5b325dc2-90c0-4944-9e86-4072950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-06-27T10:03:40.000Z",
"modified": "2018-06-27T10:03:40.000Z",
"labels": [
"misp:type=\"text\"",
"misp:category=\"External analysis\"",
"osint:source-type=\"blog-post\""
],
"x_misp_category": "External analysis",
"x_misp_type": "text",
"x_misp_value": "Throughout 2017 and 2018 Unit 42 has been tracking and observing a series of highly targeted attacks focused in South East Asia, building on our research into the KHRAT Trojan. Based on the evidence, these attacks appear to be conducted by the same set of attackers using previously unknown malware families. In addition, these attacks appear to be highly targeted in their distribution of the malware used, as well as the targets chosen. Based on these factors, Unit 42 believes the attackers behind these attacks are conducting their campaigns for espionage purposes.\r\n\r\nWe believe this group is previously unidentified and therefore have we have dubbed it \u00e2\u20ac\u0153RANCOR\u00e2\u20ac\u009d. The Rancor group\u00e2\u20ac\u2122s attacks use two primary malware families which we describe in depth later in this blog and are naming DDKONG and PLAINTEE. DDKONG is used throughout the campaign and PLAINTEE appears to be new addition to these attackers\u00e2\u20ac\u2122 toolkit. Countries Unit 42 has identified as targeted by Rancor with these malware families include, but are not limited to:\r\n\r\n Singapore\r\n Cambodia\r\n\r\nWe identified decoy files which indicate these attacks began with spear phishing messages but have not observed the actual messages. These decoys contain details from public news articles focused primarily on political news and events. Based on this, we believe the Rancor attackers were targeting political entities. Additionally, these decoy documents are hosted on legitimate websites including a government website belonging to the Cambodia Government and in at least once case, Facebook.\r\n\r\nThe malware and infrastructure used in these attacks falls into two distinct clusters, which we are labeling A and B, that are linked through their use of the PLAINTEE malware and several \u00e2\u20ac\u0153softer\u00e2\u20ac\u009d linkages."
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5b325dd5-5a74-419b-bc1a-41d7950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-06-27T10:03:51.000Z",
"modified": "2018-06-27T10:03:51.000Z",
"first_observed": "2018-06-27T10:03:51Z",
"last_observed": "2018-06-27T10:03:51Z",
"number_observed": 1,
"object_refs": [
"url--5b325dd5-5a74-419b-bc1a-41d7950d210f"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\"",
"osint:source-type=\"blog-post\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5b325dd5-5a74-419b-bc1a-41d7950d210f",
"value": "https://researchcenter.paloaltonetworks.com/2018/06/unit42-rancor-targeted-attacks-south-east-asia-using-plaintee-ddkong-malware-families/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b3344db-0f88-4bec-b454-422a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-06-27T08:03:39.000Z",
"modified": "2018-06-27T08:03:39.000Z",
"description": "Loader",
"pattern": "[domain-name:value = 'www.facebook-apps.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-06-27T08:03:39Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b3344dc-bedc-4624-8b60-4f7b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-06-27T08:03:40.000Z",
"modified": "2018-06-27T08:03:40.000Z",
"description": "Loader",
"pattern": "[domain-name:value = 'dlj40s.jdanief.xyz']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-06-27T08:03:40Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b334872-9e80-4ce8-80c8-49df950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-06-27T08:18:58.000Z",
"modified": "2018-06-27T08:18:58.000Z",
"description": "Loader",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '89.46.222.97']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-06-27T08:18:58Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5b334b13-a7cc-48de-9517-4db9950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-06-27T08:30:11.000Z",
"modified": "2018-06-27T08:30:11.000Z",
"first_observed": "2018-06-27T08:30:11Z",
"last_observed": "2018-06-27T08:30:11Z",
"number_observed": 1,
"object_refs": [
"mutex--5b334b13-a7cc-48de-9517-4db9950d210f"
],
"labels": [
"misp:type=\"mutex\"",
"misp:category=\"Artifacts dropped\""
]
},
{
"type": "mutex",
"spec_version": "2.1",
"id": "mutex--5b334b13-a7cc-48de-9517-4db9950d210f",
"name": "microsoftfuckedupb"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5b334b5e-3568-42d1-98f3-4f63950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-06-27T08:31:26.000Z",
"modified": "2018-06-27T08:31:26.000Z",
"first_observed": "2018-06-27T08:31:26Z",
"last_observed": "2018-06-27T08:31:26Z",
"number_observed": 1,
"object_refs": [
"mutex--5b334b5e-3568-42d1-98f3-4f63950d210f"
],
"labels": [
"misp:type=\"mutex\"",
"misp:category=\"Artifacts dropped\""
]
},
{
"type": "mutex",
"spec_version": "2.1",
"id": "mutex--5b334b5e-3568-42d1-98f3-4f63950d210f",
"name": "Microsoftfuckedup"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b33515d-58b4-42bd-9440-4d80950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-06-27T08:57:01.000Z",
"modified": "2018-06-27T08:57:01.000Z",
"description": "PLAINTEE",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '199.247.6.253']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-06-27T08:57:01Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b33515e-eef0-41af-82e3-4542950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-06-27T08:57:02.000Z",
"modified": "2018-06-27T08:57:02.000Z",
"description": "PLAINTEE",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '45.76.176.236']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-06-27T08:57:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b33515f-86a4-4d15-81eb-4878950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-06-27T09:08:00.000Z",
"modified": "2018-06-27T09:08:00.000Z",
"description": "PLAINTEE - DDKONG",
"pattern": "[domain-name:value = 'goole.authorizeddns.us']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-06-27T09:08:00Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b33515f-a7e4-455a-83e1-41af950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-06-27T09:08:20.000Z",
"modified": "2018-06-27T09:08:20.000Z",
"description": "PLAINTEE - DDKONG",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '103.75.189.74']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-06-27T09:08:20Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b335160-6560-4bbf-b10a-47c9950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-06-27T08:57:04.000Z",
"modified": "2018-06-27T08:57:04.000Z",
"description": "PLAINTEE",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '131.153.48.146']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-06-27T08:57:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b3353b3-0db4-4cbf-a6a8-4578950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-06-27T09:07:48.000Z",
"modified": "2018-06-27T09:07:48.000Z",
"description": "DDKONG",
"pattern": "[domain-name:value = 'microsoft.authorizeddns.us']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-06-27T09:07:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b3353b4-8968-45b6-9874-4b21950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-06-27T09:08:03.000Z",
"modified": "2018-06-27T09:08:03.000Z",
"description": "DDKONG",
"pattern": "[file:name = 'www.google_ssl.onmypc.org']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-06-27T09:08:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b3353b5-a744-4a97-99f1-4219950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-06-27T09:07:26.000Z",
"modified": "2018-06-27T09:07:26.000Z",
"description": "DDKONG",
"pattern": "[domain-name:value = 'ftp.chinhphu.ddns.ms']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-06-27T09:07:26Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b3353b5-c0b8-468f-b5b7-4156950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-06-27T09:07:52.000Z",
"modified": "2018-06-27T09:07:52.000Z",
"description": "DDKONG",
"pattern": "[domain-name:value = 'www.microsoft.https443.org']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-06-27T09:07:52Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b3353b6-6d70-4c7d-ad9e-40bc950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-06-27T09:07:44.000Z",
"modified": "2018-06-27T09:07:44.000Z",
"description": "DDKONG",
"pattern": "[domain-name:value = 'msdns.otzo.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-06-27T09:07:44Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b3353b6-ea54-49bb-8b4d-42bf950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-06-27T09:08:35.000Z",
"modified": "2018-06-27T09:08:35.000Z",
"description": "DDKONG",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '103.75.191.177']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-06-27T09:08:35Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b3353b6-d9c4-4e9a-bfbf-41ad950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-06-27T09:08:28.000Z",
"modified": "2018-06-27T09:08:28.000Z",
"description": "DDKONG",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '103.75.191.75']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-06-27T09:08:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b3353b7-7b08-4e4c-9806-4b78950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-06-27T09:08:32.000Z",
"modified": "2018-06-27T09:08:32.000Z",
"description": "DDKONG",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '45.121.146.26']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-06-27T09:08:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b333f9d-538c-44ae-af71-405a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-06-27T07:41:17.000Z",
"modified": "2018-06-27T07:41:17.000Z",
"description": "PLAINTEE older variant",
"pattern": "[file:hashes.SHA256 = 'bcd37f1d625772c162350e5383903fe8dbed341ebf0dc38035be5078624c039e' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-06-27T07:41:17Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b333fcb-7060-4d26-8dc5-4970950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-06-27T07:42:03.000Z",
"modified": "2018-06-27T07:42:03.000Z",
"description": "PLAINTEE older variant",
"pattern": "[file:hashes.SHA256 = '6aad1408a72e7adc88c2e60631a6eee3d77f18a70e4eee868623588612efdd31' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-06-27T07:42:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b334422-f2f8-4b4e-8873-47b4950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-06-27T09:29:00.000Z",
"modified": "2018-06-27T09:29:00.000Z",
"description": "Loader - Delivery via HTA Loader",
"pattern": "[file:hashes.SHA256 = '1dc5966572e94afc2fbcf8e93e3382eef4e4d7b5bc02f24069c403a28fa6a458' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-06-27T09:29:00Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b3349f9-6a74-42cd-a80f-4c15950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-06-27T09:18:15.000Z",
"modified": "2018-06-27T09:18:15.000Z",
"description": "Loader - Delivery via document property macro",
"pattern": "[file:hashes.SHA256 = 'a789a282e0d65a050cccae66c56632245af1c8a589ace2ca5ca79572289fd483' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-06-27T09:18:15Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b335268-0f64-4354-a783-4b2d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-06-27T09:01:28.000Z",
"modified": "2018-06-27T09:01:28.000Z",
"description": "PLAINTEE",
"pattern": "[file:hashes.SHA256 = '863a9199decf36895d5d7d148ce9fd622e825f393d7ebe7591b4d37ef3f5f677' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-06-27T09:01:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b335279-2d7c-47dd-a880-40af950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-06-27T09:01:45.000Z",
"modified": "2018-06-27T09:01:45.000Z",
"description": "PLAINTEE",
"pattern": "[file:hashes.SHA256 = '22a5bd54f15f33f4218454e53679d7cfae32c03ddb6ec186fb5e6f8b7f7c098b' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-06-27T09:01:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b3352a3-669c-429e-93c5-4079950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-06-27T10:00:49.000Z",
"modified": "2018-06-27T10:00:49.000Z",
"description": "PLAINTEE - PE32 executable (DLL) (GUI) Intel 80386, for MS Windows",
"pattern": "[file:hashes.MD5 = 'd5679158937ce288837efe62bc1d9693' AND file:hashes.SHA1 = '0bdb44255e9472d80ee0197d0bfad7d8eb4a18e9' AND file:hashes.SHA256 = 'c35609822e6239934606a99cb3dbc925f4768f0b0654d6a2adc35eca473c505d' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-06-27T10:00:49Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b3352bb-b844-43d1-ad06-4b7f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-06-27T09:02:51.000Z",
"modified": "2018-06-27T09:02:51.000Z",
"description": "PLAINTEE",
"pattern": "[file:hashes.SHA256 = '6aad1408a72e7adc88c2e60631a6eee3d77f18a70e4eee868623588612efdd31' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-06-27T09:02:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b3352e8-2f2c-4dbd-9eff-457f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-06-27T10:01:35.000Z",
"modified": "2018-06-27T10:01:35.000Z",
"description": "PLAINTEE - PE32 executable (DLL) (GUI) Intel 80386, for MS Windows",
"pattern": "[file:hashes.MD5 = '7c65565dcf5b40bd8358472d032bc8fb' AND file:hashes.SHA1 = 'ac3f20ddc2567af0b050c672ecd59dddab1fe55e' AND file:hashes.SHA256 = 'b099c31515947f0e86eed0c26c76805b13ca2d47ecbdb61fd07917732e38ae78' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-06-27T10:01:35Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b3352f9-5c88-4d97-b859-4b93950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-06-27T09:03:53.000Z",
"modified": "2018-06-27T09:03:53.000Z",
"description": "PLAINTEE",
"pattern": "[file:hashes.SHA256 = 'bcd37f1d625772c162350e5383903fe8dbed341ebf0dc38035be5078624c039e' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-06-27T09:03:53Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b33530d-aa10-4f2b-b024-449f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-06-27T09:04:13.000Z",
"modified": "2018-06-27T09:04:13.000Z",
"description": "PLAINTEE",
"pattern": "[file:hashes.SHA256 = '9f779d920443d50ef48d4abfa40b43f5cb2c4eb769205b973b115e04f3b978f5' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-06-27T09:04:13Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b3354cd-2058-4b73-9df3-4133950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-06-27T09:37:33.000Z",
"modified": "2018-06-27T09:37:33.000Z",
"description": "Loader - Delivery via DLL Loader",
"pattern": "[file:hashes.SHA256 = '0bb20a9570a9b1e3a72203951268ffe83af6dcae7342a790fe195a2ef109d855' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-06-27T09:37:33Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b3354fd-c4c4-482f-a3e3-4bdb950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-06-27T09:12:29.000Z",
"modified": "2018-06-27T09:12:29.000Z",
"description": "C2",
"pattern": "[domain-name:value = 'facebook-apps.com' AND domain-name:resolves_to_refs[*].value = '89.46.222.97']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-06-27T09:12:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"domain-ip\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b335b27-0e54-43fb-970a-4c73950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-06-27T09:38:47.000Z",
"modified": "2018-06-27T09:38:47.000Z",
"description": "DDKONg - PE32 executable (DLL) (GUI) Intel 80386, for MS Windows",
"pattern": "[file:hashes.MD5 = '6fa5bcedaf124cdaccfa5548eed7f4b0' AND file:hashes.SHA1 = '25ba920cb440b4a1c127c8eb0fb23ee783c9e01a' AND file:hashes.SHA256 = '119572fafe502907e1d036cdf76f62b0308b2676ebdfc3a51dbab614d92bc7d0' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-06-27T09:38:47Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b335c5b-9a8c-4f72-a350-4591950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-06-27T09:43:55.000Z",
"modified": "2018-06-27T09:43:55.000Z",
"description": "Plugin downloaded during runtime for DDKong sample.DDKong sample - PE32 executable (DLL) (GUI) Intel 80386, for MS Windows",
"pattern": "[file:hashes.MD5 = 'a5164c686c405734b7362bc6b02488cb' AND file:hashes.SHA1 = '03defdda9397e7536cf39951246483a0339ccd35' AND file:hashes.SHA256 = '0517b62233c9574cb24b78fb533f6e92d35bc6451770f9f6001487ff9c154ad7' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-06-27T09:43:55Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b338cf5-09c4-49a2-9488-6911950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-06-27T13:11:17.000Z",
"modified": "2018-06-27T13:11:17.000Z",
"description": "DDKONG",
"pattern": "[file:hashes.SHA256 = 'c78fef9ef931ffc559ea416d45dc6f43574f524ba073713fddb79e4f8ec1a319' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-06-27T13:11:17Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b338d23-d4e0-4283-b2a1-6911950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-06-27T13:12:03.000Z",
"modified": "2018-06-27T13:12:03.000Z",
"description": "DDKONG",
"pattern": "[file:hashes.SHA256 = '0f102e66bc2df4d14dc493ba8b93a88f6b622c168e0c2b63d0ceb7589910999d' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-06-27T13:12:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b338d3d-b4a8-4b78-9ec1-6911950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-06-27T13:12:29.000Z",
"modified": "2018-06-27T13:12:29.000Z",
"description": "DDKONG",
"pattern": "[file:hashes.SHA256 = '82e1e296403be99129aced295e1c12fbb23f871c6fa2acafab9e08d9a728cb96' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-06-27T13:12:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--48ba6e13-09f5-446b-9696-dd43ff1924a7",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-07-03T09:11:46.000Z",
"modified": "2018-07-03T09:11:46.000Z",
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\""
],
"x_misp_meta_category": "file",
"x_misp_name": "file"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--3b010446-7afc-4607-bdf2-7d1e0f550f4a",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-06-27T13:18:02.000Z",
"modified": "2018-06-27T13:18:02.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--2191df90-0868-4154-9da7-ebb1fc04afb8",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-07-03T09:11:46.000Z",
"modified": "2018-07-03T09:11:46.000Z",
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\""
],
"x_misp_meta_category": "file",
"x_misp_name": "file"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--4b87e0fc-b38b-40a1-bb46-402498c0e827",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-06-27T13:18:07.000Z",
"modified": "2018-06-27T13:18:07.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--56bba473-0d45-4b8c-8d1d-b722ebc2aefa",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-07-03T09:11:46.000Z",
"modified": "2018-07-03T09:11:46.000Z",
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\""
],
"x_misp_meta_category": "file",
"x_misp_name": "file"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--3791a2f2-8068-4583-845d-d0a38d0d5f11",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-06-27T13:18:11.000Z",
"modified": "2018-06-27T13:18:11.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--2e2c8997-8848-4d46-8f1d-172737e258ce",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-07-03T09:11:46.000Z",
"modified": "2018-07-03T09:11:46.000Z",
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\""
],
"x_misp_meta_category": "file",
"x_misp_name": "file"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--994f5e7a-bbff-4ccd-b521-4af728076b9b",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-06-27T13:18:14.000Z",
"modified": "2018-06-27T13:18:14.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--bad2cd96-e6c3-487a-8935-28ef07751b2d",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-07-03T09:11:47.000Z",
"modified": "2018-07-03T09:11:47.000Z",
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\""
],
"x_misp_meta_category": "file",
"x_misp_name": "file"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--fa8aae14-51ae-4de9-9813-238d85ffcc42",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-06-27T13:18:17.000Z",
"modified": "2018-06-27T13:18:17.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--5e7b0cd5-84eb-4c69-beb2-7f7db2ad6101",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-07-03T09:11:47.000Z",
"modified": "2018-07-03T09:11:47.000Z",
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\""
],
"x_misp_meta_category": "file",
"x_misp_name": "file"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--bed6e009-2d42-47a0-84f1-12427f4ff522",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-06-27T13:18:21.000Z",
"modified": "2018-06-27T13:18:21.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--365db456-80ba-443a-b956-843a1a4cb7a8",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-07-03T09:11:47.000Z",
"modified": "2018-07-03T09:11:47.000Z",
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\""
],
"x_misp_meta_category": "file",
"x_misp_name": "file"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--84129c9d-378e-477f-90b6-c754134a86a1",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-06-27T13:18:30.000Z",
"modified": "2018-06-27T13:18:30.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--3deff8a7-8e00-4b54-a4bf-1fcdd7bf387f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-07-03T09:11:47.000Z",
"modified": "2018-07-03T09:11:47.000Z",
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\""
],
"x_misp_meta_category": "file",
"x_misp_name": "file"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--2e6a29ad-5626-4495-bbfd-35acdee329e0",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-06-27T13:18:36.000Z",
"modified": "2018-06-27T13:18:36.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--5a837ade-bafe-45f2-816f-03095c0e0135",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-07-03T09:11:47.000Z",
"modified": "2018-07-03T09:11:47.000Z",
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\""
],
"x_misp_meta_category": "file",
"x_misp_name": "file"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--34f23e73-32cb-434e-837b-f4d22a714360",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-06-27T13:18:39.000Z",
"modified": "2018-06-27T13:18:39.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b3390c0-6268-40af-9ab0-68df950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-06-27T13:27:28.000Z",
"modified": "2018-06-27T13:27:28.000Z",
"description": "DDKONG",
"pattern": "[file:hashes.SHA256 = '84607a2abfd64d61299b0313337e85dd371642e9654b12288c8a1fc7c8c1cf0a' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-06-27T13:27:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b3390d6-42fc-46d2-b142-6861950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-06-27T13:27:50.000Z",
"modified": "2018-06-27T13:27:50.000Z",
"description": "DDKONG",
"pattern": "[file:hashes.SHA256 = 'a725abb8fe76939f0e0532978eacd7d4afb4459bb6797ec32a7a9f670778bd7e' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-06-27T13:27:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b3390e7-57f0-4f04-879a-4bb9950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-06-27T13:28:07.000Z",
"modified": "2018-06-27T13:28:07.000Z",
"description": "DDKONG",
"pattern": "[file:hashes.SHA256 = '15f4c0a589dff62200fd7c885f1e7aa8863b8efa91e23c020de271061f4918eb' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-06-27T13:28:07Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b3390f7-4030-4aa5-b421-3027950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-06-27T13:28:23.000Z",
"modified": "2018-06-27T13:28:23.000Z",
"description": "DDKONG",
"pattern": "[file:hashes.SHA256 = '9996e108ade2ef3911d5d38e9f3c1deb0300aa0a82d33e36d376c6927e3ee5af' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-06-27T13:28:23Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b339125-37a4-4213-bc65-4e4c950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-06-27T13:29:09.000Z",
"modified": "2018-06-27T13:29:09.000Z",
"description": "DDKONG",
"pattern": "[file:hashes.SHA256 = '18e102201409237547ab2754daa212cc1454f32c993b6e10a0297b0e6a980823' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-06-27T13:29:09Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b33913d-8114-4770-a12b-68df950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-06-27T13:29:33.000Z",
"modified": "2018-06-27T13:29:33.000Z",
"description": "DDKONG",
"pattern": "[file:hashes.SHA256 = 'b8528c8e325db76b139d46e9f29835382a1b48d8941c47060076f367539c2559' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-06-27T13:29:33Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b339151-0254-4c6c-a8a6-44fb950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-06-27T13:29:53.000Z",
"modified": "2018-06-27T13:29:53.000Z",
"description": "DDKONG",
"pattern": "[file:hashes.SHA256 = '01315e211bac543195f2c703033ba31b229001f844854b147c4b2a0973a7d17b' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-06-27T13:29:53Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b339163-3204-4054-bb53-4e3d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-06-27T13:30:11.000Z",
"modified": "2018-06-27T13:30:11.000Z",
"description": "DDKONG",
"pattern": "[file:hashes.SHA256 = 'df14de6b43f902ac8c35ecf0582ddb33e12e682700eb55dc4706b73f5aed40f6' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-06-27T13:30:11Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b339174-eafc-4de2-873a-da6b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-06-27T13:30:28.000Z",
"modified": "2018-06-27T13:30:28.000Z",
"description": "DDKONG",
"pattern": "[file:hashes.SHA256 = '177906cb9170adc26082e44d9ad1b3fbdcba7c0b57e28b614c1b66cc4a99f906' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-06-27T13:30:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b339189-bcf4-44cc-908a-6911950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-06-27T13:30:49.000Z",
"modified": "2018-06-27T13:30:49.000Z",
"description": "DDKONG",
"pattern": "[file:hashes.SHA256 = '113ae6f4d6a2963d5c9a7f42f782b176da096d17296f5a546433f7f27f260895' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-06-27T13:30:49Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b33919b-c95c-4f0b-ac98-689c950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-06-27T13:31:07.000Z",
"modified": "2018-06-27T13:31:07.000Z",
"description": "DDKONG",
"pattern": "[file:hashes.SHA256 = '119572fafe502907e1d036cdf76f62b0308b2676ebdfc3a51dbab614d92bc7d0' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-06-27T13:31:07Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b3391b7-53c8-4a3a-aceb-dee7950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-06-27T13:31:35.000Z",
"modified": "2018-06-27T13:31:35.000Z",
"description": "DDKONG",
"pattern": "[file:hashes.SHA256 = '5afbee76af2a09c173cf782fd5e51b5076b87f19b709577ddae1c8e5455fc642' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-06-27T13:31:35Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b3391c8-0bf4-4091-bff9-da6b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-06-27T13:31:52.000Z",
"modified": "2018-06-27T13:31:52.000Z",
"description": "DDKONG",
"pattern": "[file:hashes.SHA256 = '128adaba3e6251d1af305a85ebfaafb2a8028eed3b9b031c54176ca7cef539d2' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-06-27T13:31:52Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--019a94d0-c591-4b83-94aa-daff7409c321",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-07-03T09:11:47.000Z",
"modified": "2018-07-03T09:11:47.000Z",
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\""
],
"x_misp_meta_category": "file",
"x_misp_name": "file"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--db6b617b-49c8-43b4-8908-afe5af51cee7",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-07-03T09:11:45.000Z",
"modified": "2018-07-03T09:11:45.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--d828cbe9-16af-4937-ada0-720c7367914b",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-07-03T09:11:54.000Z",
"modified": "2018-07-03T09:11:54.000Z",
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\""
],
"x_misp_meta_category": "file",
"x_misp_name": "file"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--c92cf1ba-27fb-41a2-8ca0-cce941a58606",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-07-03T09:11:53.000Z",
"modified": "2018-07-03T09:11:53.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--ea16e710-32df-4c89-b829-35a82d88c511",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-07-03T09:11:57.000Z",
"modified": "2018-07-03T09:11:57.000Z",
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\""
],
"x_misp_meta_category": "file",
"x_misp_name": "file"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--c0504c9d-3f68-4187-b5ab-c27a322a30e9",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-07-03T09:11:55.000Z",
"modified": "2018-07-03T09:11:55.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--095c3d91-1477-4199-89d0-a8eae5dc7c40",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-07-03T09:12:00.000Z",
"modified": "2018-07-03T09:12:00.000Z",
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\""
],
"x_misp_meta_category": "file",
"x_misp_name": "file"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--4968cfb4-ca59-44f4-bdbf-694750b99d4c",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-07-03T09:11:58.000Z",
"modified": "2018-07-03T09:11:58.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--de4c3619-8744-47c3-b8cd-6fda495bd942",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-07-03T09:12:03.000Z",
"modified": "2018-07-03T09:12:03.000Z",
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\""
],
"x_misp_meta_category": "file",
"x_misp_name": "file"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--df29dca7-7156-4cfe-a8ba-3ccd39c0cec5",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-07-03T09:12:01.000Z",
"modified": "2018-07-03T09:12:01.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--7b66e013-aa3e-47f4-8332-2b066e66a6e6",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-07-03T09:12:06.000Z",
"modified": "2018-07-03T09:12:06.000Z",
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\""
],
"x_misp_meta_category": "file",
"x_misp_name": "file"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--a1cacbf6-59f6-415f-baff-edff18badf81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-07-03T09:12:05.000Z",
"modified": "2018-07-03T09:12:05.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--0f4fd687-aa8e-457d-84fd-42c38b4c82a3",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-07-03T09:12:10.000Z",
"modified": "2018-07-03T09:12:10.000Z",
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\""
],
"x_misp_meta_category": "file",
"x_misp_name": "file"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--303af87f-901c-403e-9f6d-1d3d82fdaa16",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-07-03T09:12:08.000Z",
"modified": "2018-07-03T09:12:08.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--90d4404c-2895-4d88-ab4e-d996ba26c724",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-07-03T09:12:12.000Z",
"modified": "2018-07-03T09:12:12.000Z",
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\""
],
"x_misp_meta_category": "file",
"x_misp_name": "file"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--6ec49067-5762-48e9-9fbd-28092708d5ba",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-07-03T09:12:10.000Z",
"modified": "2018-07-03T09:12:10.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--1e424c4b-7b22-435e-bbee-376e02c27c01",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-07-03T09:12:15.000Z",
"modified": "2018-07-03T09:12:15.000Z",
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\""
],
"x_misp_meta_category": "file",
"x_misp_name": "file"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--20ddb2fc-05bf-41a5-840f-987eb82ed0c4",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-07-03T09:12:13.000Z",
"modified": "2018-07-03T09:12:13.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--a6f4384b-c7bb-466b-bd50-905a7c5ae4c8",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-07-03T09:12:17.000Z",
"modified": "2018-07-03T09:12:17.000Z",
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\""
],
"x_misp_meta_category": "file",
"x_misp_name": "file"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--e281f0e7-57ca-4348-ae1c-79b7de45d17f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-07-03T09:12:15.000Z",
"modified": "2018-07-03T09:12:15.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--9942331c-fb6a-48ca-8a9d-8c088b87eceb",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-07-03T09:12:19.000Z",
"modified": "2018-07-03T09:12:19.000Z",
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\""
],
"x_misp_meta_category": "file",
"x_misp_name": "file"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--91446d13-bed9-4a80-9b2f-b2fed41ef4c8",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-07-03T09:12:18.000Z",
"modified": "2018-07-03T09:12:18.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--442da37d-2272-45e1-b75c-ef0ca6c63019",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-07-03T09:12:22.000Z",
"modified": "2018-07-03T09:12:22.000Z",
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\""
],
"x_misp_meta_category": "file",
"x_misp_name": "file"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--a833bc24-8211-4579-86d9-4f756414083c",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-07-03T09:12:20.000Z",
"modified": "2018-07-03T09:12:20.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "relationship",
"spec_version": "2.1",
2023-12-14 14:30:15 +00:00
"id": "relationship--d3ba6b9b-1a6a-45c6-8bb3-f48db75529a1",
2023-04-21 14:44:17 +00:00
"created": "2018-06-27T09:17:36.000Z",
"modified": "2018-06-27T09:17:36.000Z",
"relationship_type": "connected-to",
"source_ref": "indicator--5b3352a3-669c-429e-93c5-4079950d210f",
"target_ref": "indicator--5b334872-9e80-4ce8-80c8-49df950d210f"
},
{
"type": "relationship",
"spec_version": "2.1",
2023-12-14 14:30:15 +00:00
"id": "relationship--088843cf-50cf-467f-a73e-0b5f3f0a4931",
2023-04-21 14:44:17 +00:00
"created": "2018-06-27T09:12:49.000Z",
"modified": "2018-06-27T09:12:49.000Z",
"relationship_type": "connected-to",
"source_ref": "indicator--5b3354cd-2058-4b73-9df3-4133950d210f",
"target_ref": "indicator--5b3354fd-c4c4-482f-a3e3-4bdb950d210f"
},
{
"type": "relationship",
"spec_version": "2.1",
2023-12-14 14:30:15 +00:00
"id": "relationship--62ca2d95-c13c-48dc-8c4f-fbccb4b1e16d",
2023-04-21 14:44:17 +00:00
"created": "2018-06-27T13:18:42.000Z",
"modified": "2018-06-27T13:18:42.000Z",
"relationship_type": "analysed-with",
"source_ref": "x-misp-object--48ba6e13-09f5-446b-9696-dd43ff1924a7",
"target_ref": "x-misp-object--3b010446-7afc-4607-bdf2-7d1e0f550f4a"
},
{
"type": "relationship",
"spec_version": "2.1",
2023-12-14 14:30:15 +00:00
"id": "relationship--8b8d7455-bcd3-4e8e-907f-09ee26e546ef",
2023-04-21 14:44:17 +00:00
"created": "2018-06-27T13:18:43.000Z",
"modified": "2018-06-27T13:18:43.000Z",
"relationship_type": "analysed-with",
"source_ref": "x-misp-object--2191df90-0868-4154-9da7-ebb1fc04afb8",
"target_ref": "x-misp-object--4b87e0fc-b38b-40a1-bb46-402498c0e827"
},
{
"type": "relationship",
"spec_version": "2.1",
2023-12-14 14:30:15 +00:00
"id": "relationship--0c89cbcf-a19f-4d3b-a413-d0660c96b513",
2023-04-21 14:44:17 +00:00
"created": "2018-06-27T13:18:43.000Z",
"modified": "2018-06-27T13:18:43.000Z",
"relationship_type": "analysed-with",
"source_ref": "x-misp-object--56bba473-0d45-4b8c-8d1d-b722ebc2aefa",
"target_ref": "x-misp-object--3791a2f2-8068-4583-845d-d0a38d0d5f11"
},
{
"type": "relationship",
"spec_version": "2.1",
2023-12-14 14:30:15 +00:00
"id": "relationship--fad1ab4e-6d7f-4dd0-b980-09f20a616a5a",
2023-04-21 14:44:17 +00:00
"created": "2018-06-27T13:18:43.000Z",
"modified": "2018-06-27T13:18:43.000Z",
"relationship_type": "analysed-with",
"source_ref": "x-misp-object--2e2c8997-8848-4d46-8f1d-172737e258ce",
"target_ref": "x-misp-object--994f5e7a-bbff-4ccd-b521-4af728076b9b"
},
{
"type": "relationship",
"spec_version": "2.1",
2023-12-14 14:30:15 +00:00
"id": "relationship--d890abac-3ec5-4fd8-bafe-e85c4b037c23",
2023-04-21 14:44:17 +00:00
"created": "2018-06-27T13:18:43.000Z",
"modified": "2018-06-27T13:18:43.000Z",
"relationship_type": "analysed-with",
"source_ref": "x-misp-object--bad2cd96-e6c3-487a-8935-28ef07751b2d",
"target_ref": "x-misp-object--fa8aae14-51ae-4de9-9813-238d85ffcc42"
},
{
"type": "relationship",
"spec_version": "2.1",
2023-12-14 14:30:15 +00:00
"id": "relationship--86a64e8c-74fd-46d5-a5a7-f2f7c8a557e0",
2023-04-21 14:44:17 +00:00
"created": "2018-06-27T13:18:43.000Z",
"modified": "2018-06-27T13:18:43.000Z",
"relationship_type": "analysed-with",
"source_ref": "x-misp-object--5e7b0cd5-84eb-4c69-beb2-7f7db2ad6101",
"target_ref": "x-misp-object--bed6e009-2d42-47a0-84f1-12427f4ff522"
},
{
"type": "relationship",
"spec_version": "2.1",
2023-12-14 14:30:15 +00:00
"id": "relationship--f18f37ae-10f6-4503-936b-7bbeb8a0799f",
2023-04-21 14:44:17 +00:00
"created": "2018-06-27T13:18:43.000Z",
"modified": "2018-06-27T13:18:43.000Z",
"relationship_type": "analysed-with",
"source_ref": "x-misp-object--365db456-80ba-443a-b956-843a1a4cb7a8",
"target_ref": "x-misp-object--84129c9d-378e-477f-90b6-c754134a86a1"
},
{
"type": "relationship",
"spec_version": "2.1",
2023-12-14 14:30:15 +00:00
"id": "relationship--5802278b-f6a2-4b11-9d3e-32abc29e319e",
2023-04-21 14:44:17 +00:00
"created": "2018-06-27T13:18:43.000Z",
"modified": "2018-06-27T13:18:43.000Z",
"relationship_type": "analysed-with",
"source_ref": "x-misp-object--3deff8a7-8e00-4b54-a4bf-1fcdd7bf387f",
"target_ref": "x-misp-object--2e6a29ad-5626-4495-bbfd-35acdee329e0"
},
{
"type": "relationship",
"spec_version": "2.1",
2023-12-14 14:30:15 +00:00
"id": "relationship--c656a06d-c850-476c-b8fa-58537f923f13",
2023-04-21 14:44:17 +00:00
"created": "2018-06-27T13:18:43.000Z",
"modified": "2018-06-27T13:18:43.000Z",
"relationship_type": "analysed-with",
"source_ref": "x-misp-object--5a837ade-bafe-45f2-816f-03095c0e0135",
"target_ref": "x-misp-object--34f23e73-32cb-434e-837b-f4d22a714360"
},
{
"type": "relationship",
"spec_version": "2.1",
2023-12-14 14:30:15 +00:00
"id": "relationship--58692890-1f9f-47a7-9788-54acc91c4ec5",
2023-04-21 14:44:17 +00:00
"created": "2018-07-03T09:12:23.000Z",
"modified": "2018-07-03T09:12:23.000Z",
"relationship_type": "analysed-with",
"source_ref": "x-misp-object--019a94d0-c591-4b83-94aa-daff7409c321",
"target_ref": "x-misp-object--db6b617b-49c8-43b4-8908-afe5af51cee7"
},
{
"type": "relationship",
"spec_version": "2.1",
2023-12-14 14:30:15 +00:00
"id": "relationship--16e3ee75-2f5f-4d74-ae8b-a587c58ab0f5",
2023-04-21 14:44:17 +00:00
"created": "2018-07-03T09:12:23.000Z",
"modified": "2018-07-03T09:12:23.000Z",
"relationship_type": "analysed-with",
"source_ref": "x-misp-object--d828cbe9-16af-4937-ada0-720c7367914b",
"target_ref": "x-misp-object--c92cf1ba-27fb-41a2-8ca0-cce941a58606"
},
{
"type": "relationship",
"spec_version": "2.1",
2023-12-14 14:30:15 +00:00
"id": "relationship--2eacbfff-105c-41d1-8455-bd212a625209",
2023-04-21 14:44:17 +00:00
"created": "2018-07-03T09:12:23.000Z",
"modified": "2018-07-03T09:12:23.000Z",
"relationship_type": "analysed-with",
"source_ref": "x-misp-object--ea16e710-32df-4c89-b829-35a82d88c511",
"target_ref": "x-misp-object--c0504c9d-3f68-4187-b5ab-c27a322a30e9"
},
{
"type": "relationship",
"spec_version": "2.1",
2023-12-14 14:30:15 +00:00
"id": "relationship--899272ff-522a-4f82-9866-0bb966638c9f",
2023-04-21 14:44:17 +00:00
"created": "2018-07-03T09:12:23.000Z",
"modified": "2018-07-03T09:12:23.000Z",
"relationship_type": "analysed-with",
"source_ref": "x-misp-object--095c3d91-1477-4199-89d0-a8eae5dc7c40",
"target_ref": "x-misp-object--4968cfb4-ca59-44f4-bdbf-694750b99d4c"
},
{
"type": "relationship",
"spec_version": "2.1",
2023-12-14 14:30:15 +00:00
"id": "relationship--497d01ce-4984-4168-9bea-a8b4678e5ed6",
2023-04-21 14:44:17 +00:00
"created": "2018-07-03T09:12:23.000Z",
"modified": "2018-07-03T09:12:23.000Z",
"relationship_type": "analysed-with",
"source_ref": "x-misp-object--de4c3619-8744-47c3-b8cd-6fda495bd942",
"target_ref": "x-misp-object--df29dca7-7156-4cfe-a8ba-3ccd39c0cec5"
},
{
"type": "relationship",
"spec_version": "2.1",
2023-12-14 14:30:15 +00:00
"id": "relationship--3c65cfc2-b00d-4180-a9c6-00b526f9c237",
2023-04-21 14:44:17 +00:00
"created": "2018-07-03T09:12:23.000Z",
"modified": "2018-07-03T09:12:23.000Z",
"relationship_type": "analysed-with",
"source_ref": "x-misp-object--7b66e013-aa3e-47f4-8332-2b066e66a6e6",
"target_ref": "x-misp-object--a1cacbf6-59f6-415f-baff-edff18badf81"
},
{
"type": "relationship",
"spec_version": "2.1",
2023-12-14 14:30:15 +00:00
"id": "relationship--3c639674-6c85-4238-8cb6-cf7ea70b5551",
2023-04-21 14:44:17 +00:00
"created": "2018-07-03T09:12:24.000Z",
"modified": "2018-07-03T09:12:24.000Z",
"relationship_type": "analysed-with",
"source_ref": "x-misp-object--0f4fd687-aa8e-457d-84fd-42c38b4c82a3",
"target_ref": "x-misp-object--303af87f-901c-403e-9f6d-1d3d82fdaa16"
},
{
"type": "relationship",
"spec_version": "2.1",
2023-12-14 14:30:15 +00:00
"id": "relationship--2455e4ba-3770-4b50-bf5f-9a20198733e7",
2023-04-21 14:44:17 +00:00
"created": "2018-07-03T09:12:24.000Z",
"modified": "2018-07-03T09:12:24.000Z",
"relationship_type": "analysed-with",
"source_ref": "x-misp-object--90d4404c-2895-4d88-ab4e-d996ba26c724",
"target_ref": "x-misp-object--6ec49067-5762-48e9-9fbd-28092708d5ba"
},
{
"type": "relationship",
"spec_version": "2.1",
2023-12-14 14:30:15 +00:00
"id": "relationship--01f4c19e-5d11-47c4-a07b-22f53e2018be",
2023-04-21 14:44:17 +00:00
"created": "2018-07-03T09:12:24.000Z",
"modified": "2018-07-03T09:12:24.000Z",
"relationship_type": "analysed-with",
"source_ref": "x-misp-object--1e424c4b-7b22-435e-bbee-376e02c27c01",
"target_ref": "x-misp-object--20ddb2fc-05bf-41a5-840f-987eb82ed0c4"
},
{
"type": "relationship",
"spec_version": "2.1",
2023-12-14 14:30:15 +00:00
"id": "relationship--8577fc18-488a-48b7-8c75-803b170e7577",
2023-04-21 14:44:17 +00:00
"created": "2018-07-03T09:12:24.000Z",
"modified": "2018-07-03T09:12:24.000Z",
"relationship_type": "analysed-with",
"source_ref": "x-misp-object--a6f4384b-c7bb-466b-bd50-905a7c5ae4c8",
"target_ref": "x-misp-object--e281f0e7-57ca-4348-ae1c-79b7de45d17f"
},
{
"type": "relationship",
"spec_version": "2.1",
2023-12-14 14:30:15 +00:00
"id": "relationship--bb07e7ae-fb5c-401c-8967-a0ff64a4876c",
2023-04-21 14:44:17 +00:00
"created": "2018-07-03T09:12:24.000Z",
"modified": "2018-07-03T09:12:24.000Z",
"relationship_type": "analysed-with",
"source_ref": "x-misp-object--9942331c-fb6a-48ca-8a9d-8c088b87eceb",
"target_ref": "x-misp-object--91446d13-bed9-4a80-9b2f-b2fed41ef4c8"
},
{
"type": "relationship",
"spec_version": "2.1",
2023-12-14 14:30:15 +00:00
"id": "relationship--9907fa29-4f6d-4df4-9014-3637b656781d",
2023-04-21 14:44:17 +00:00
"created": "2018-07-03T09:12:24.000Z",
"modified": "2018-07-03T09:12:24.000Z",
"relationship_type": "analysed-with",
"source_ref": "x-misp-object--442da37d-2272-45e1-b75c-ef0ca6c63019",
"target_ref": "x-misp-object--a833bc24-8211-4579-86d9-4f756414083c"
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
]
}