2023-04-21 14:44:17 +00:00
{
"type" : "bundle" ,
"id" : "bundle--5bb5d045-acf8-42ac-97ce-45c5950d210f" ,
"objects" : [
{
"type" : "identity" ,
"spec_version" : "2.1" ,
"id" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-10-04T09:01:50.000Z" ,
"modified" : "2018-10-04T09:01:50.000Z" ,
"name" : "CIRCL" ,
"identity_class" : "organization"
} ,
{
"type" : "report" ,
"spec_version" : "2.1" ,
"id" : "report--5bb5d045-acf8-42ac-97ce-45c5950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-10-04T09:01:50.000Z" ,
"modified" : "2018-10-04T09:01:50.000Z" ,
"name" : "OSINT - Indicators of Compromise for Malware used by APT28" ,
"published" : "2018-10-04T09:03:37Z" ,
"object_refs" : [
"observed-data--5bb5d10c-0674-4b1c-bfc8-c4b3950d210f" ,
"url--5bb5d10c-0674-4b1c-bfc8-c4b3950d210f" ,
"indicator--5bb5d166-9890-499a-a671-c4b3950d210f" ,
"indicator--5bb5d167-d8ac-415a-9ca1-c4b3950d210f" ,
"indicator--5bb5d167-81c4-4f97-b256-c4b3950d210f" ,
"indicator--5bb5d169-71cc-4869-ae98-c4b3950d210f" ,
"indicator--5bb5d169-16d8-4961-aa8b-c4b3950d210f" ,
"indicator--5bb5d16a-a108-4237-b8a8-c4b3950d210f" ,
"indicator--5bb5d16a-f3cc-4ca9-80d9-c4b3950d210f" ,
"indicator--5bb5d16a-2780-4012-a411-c4b3950d210f" ,
"indicator--5bb5d16b-b5d0-47fe-824c-c4b3950d210f" ,
"indicator--5bb5d16b-bf50-4cea-b981-c4b3950d210f" ,
"indicator--5bb5d16c-4910-4922-8e60-c4b3950d210f" ,
"indicator--5bb5d16c-d10c-4be3-a955-c4b3950d210f" ,
"indicator--5bb5d16d-cf00-4e63-91b3-c4b3950d210f" ,
"indicator--5bb5d16d-a53c-4321-9eea-c4b3950d210f" ,
"indicator--5bb5d16e-b670-42a3-add0-c4b3950d210f" ,
"indicator--5bb5d1ca-3df4-4822-bd62-c1ce950d210f" ,
"indicator--5bb5d1cb-d934-4924-986f-c1ce950d210f" ,
"indicator--5bb5d1cc-ee40-470d-b092-c1ce950d210f" ,
"indicator--5bb5d1cc-c3f0-472c-b8d5-c1ce950d210f" ,
"indicator--5bb5d1cc-0d70-47be-8c1f-c1ce950d210f" ,
"indicator--5bb5d1cd-6ee0-4029-9050-c1ce950d210f" ,
"indicator--5bb5d1cd-57f8-46ca-a83c-c1ce950d210f" ,
"indicator--5bb5d1ce-df28-4687-b97a-c1ce950d210f" ,
"indicator--5bb5d1ce-ffa0-4a69-a827-c1ce950d210f" ,
"indicator--5bb5d1cf-6d5c-4f9a-90a7-c1ce950d210f" ,
"indicator--5bb5d1cf-9f9c-4d21-bbba-c1ce950d210f" ,
"indicator--5bb5d1d0-5b5c-4074-bf11-c1ce950d210f" ,
"indicator--5bb5d1d2-2464-4f9b-95e5-c1ce950d210f" ,
"indicator--5bb5d1d6-b204-48ce-a655-c1ce950d210f" ,
"indicator--5bb5d1d7-333c-4291-9538-c1ce950d210f" ,
"indicator--5bb5d1d7-0da4-4af0-a0e6-c1ce950d210f" ,
"indicator--5bb5d1d8-73d0-4aaf-a912-c1ce950d210f" ,
"indicator--5bb5d1d8-09c0-4dcc-b662-c1ce950d210f" ,
"indicator--5bb5d1d9-6a78-4e6c-b5a1-c1ce950d210f" ,
"indicator--5bb5d1d9-f01c-43c8-9798-c1ce950d210f" ,
"indicator--5bb5d1da-c230-40cc-9174-c1ce950d210f" ,
"indicator--5bb5d1da-2c88-46f0-9d33-c1ce950d210f" ,
"indicator--5bb5d1db-13ac-464b-93e9-c1ce950d210f" ,
"indicator--5bb5d1db-2e8c-4af8-bcfe-c1ce950d210f" ,
"indicator--5bb5d1db-a804-4da6-8a19-c1ce950d210f" ,
"indicator--5bb5d1dc-b4cc-4d04-8b28-c1ce950d210f" ,
"indicator--5bb5d1dc-3a0c-44a2-95c1-c1ce950d210f" ,
"indicator--5bb5d1dd-0614-4c6f-bf02-c1ce950d210f" ,
"indicator--5bb5d1dd-8474-4dfc-938c-c1ce950d210f" ,
"indicator--5bb5d1de-7174-4cc8-9a17-c1ce950d210f" ,
"indicator--5bb5d1de-54c0-43e9-8dc3-c1ce950d210f" ,
"indicator--5bb5d1df-3b1c-44e7-90b8-c1ce950d210f" ,
"indicator--5bb5d1df-699c-40dc-b6d5-c1ce950d210f" ,
"indicator--5bb5d1e0-9604-4c74-849c-c1ce950d210f" ,
"indicator--5bb5d1e0-2504-4112-88f4-c1ce950d210f" ,
"indicator--5bb5d1e0-29d8-4e71-bec6-c1ce950d210f" ,
"indicator--5bb5d1e1-111c-4871-99e8-c1ce950d210f" ,
"indicator--5bb5d1e4-b89c-4cf8-84d5-c1ce950d210f" ,
"indicator--5bb5d1e6-e000-49f7-a4ee-c1ce950d210f" ,
"indicator--5bb5d1e7-e364-4e33-ba48-c1ce950d210f" ,
"indicator--5bb5d1e8-2464-4d1e-87bd-c1ce950d210f" ,
"indicator--5bb5d1e8-a384-4de3-805c-c1ce950d210f" ,
"indicator--5bb5d1e9-567c-45b7-9103-c1ce950d210f" ,
"indicator--5bb5d244-d7ac-487b-acb8-347d950d210f" ,
"indicator--5bb5d25b-fbc8-4a6b-9fb8-ef06950d210f" ,
"indicator--5bb5d27b-901c-4bdb-90f8-c448950d210f" ,
"indicator--5bb5d2f9-3b6c-4b33-a7ef-c472950d210f" ,
"indicator--5bb5d2fa-72e4-4f7e-b41d-c472950d210f" ,
"indicator--5bb5d2fa-5c08-4396-b9cd-c472950d210f" ,
"indicator--5bb5d2fa-ea80-4f30-99fe-c472950d210f" ,
"indicator--5bb5d329-86c4-44ba-bf2a-c1ce950d210f" ,
"indicator--5bb5d329-b624-414f-b52d-c1ce950d210f" ,
"indicator--5bb5d32c-6704-4d4f-99e8-c1ce950d210f" ,
"indicator--5bb5d32d-6c70-44bf-87af-c1ce950d210f" ,
"indicator--5bb5d32d-ef70-4882-ac34-c1ce950d210f" ,
"indicator--5bb5d32e-2f2c-473d-809a-c1ce950d210f" ,
"indicator--5bb5d330-9880-45a6-af27-c1ce950d210f" ,
"indicator--5bb5d331-46c0-4bcc-9db4-c1ce950d210f" ,
"indicator--5bb5d331-7ce0-4875-aea8-c1ce950d210f" ,
"indicator--5bb5d331-e3e0-4d37-a87b-c1ce950d210f" ,
"indicator--5bb5d332-55a0-47ca-97c0-c1ce950d210f" ,
"indicator--5bb5d332-4c88-48ba-b4da-c1ce950d210f" ,
"indicator--5bb5d333-90b8-42a7-b2dd-c1ce950d210f" ,
"indicator--5bb5d333-2b4c-447e-a336-c1ce950d210f" ,
"indicator--5bb5d334-b85c-4214-a3f9-c1ce950d210f" ,
"indicator--5bb5d334-0ffc-4ccd-8dca-c1ce950d210f" ,
"indicator--5bb5d335-40c0-45df-9473-c1ce950d210f" ,
"indicator--5bb5d335-6358-408b-bbd9-c1ce950d210f" ,
"indicator--5bb5d378-41b4-4b13-a739-c1cf950d210f" ,
"indicator--5bb5d3a6-3140-4a82-88ee-ef05950d210f" ,
"indicator--5bb5d3c9-dfa4-4e25-a4f1-c1bd950d210f" ,
"indicator--5bb5d3cf-c108-4b0b-bcce-c1bd950d210f" ,
"indicator--5bb5d3d1-de18-4c22-b9fa-c1bd950d210f" ,
"indicator--5bb5d3d4-8ef4-4288-8c7a-c1bd950d210f" ,
"indicator--5bb5d3db-3010-4743-9545-c1bd950d210f" ,
"indicator--5bb5d3dd-0bd4-4c9c-8b2e-c1bd950d210f" ,
"indicator--5bb5d43c-dbac-4b0b-8b1d-c1bd950d210f" ,
"indicator--5bb5d43f-ea80-4cac-a371-c1bd950d210f" ,
"indicator--5bb5d47b-2248-4fe5-9cde-c472950d210f" ,
"indicator--5bb5d47e-d378-4536-8004-c472950d210f" ,
"indicator--5bb5d480-a5a8-471d-986f-c472950d210f" ,
"indicator--5bb5d484-8ae8-47e3-b684-c472950d210f" ,
"indicator--5bb5d486-c108-438c-81ac-c472950d210f" ,
"indicator--5bb5d48f-2934-46d2-a216-c472950d210f" ,
"indicator--5bb5d4c5-272c-4e74-9c60-fa9a950d210f" ,
"indicator--5bb5d500-7ee4-45c6-bd0c-c4b1950d210f" ,
"indicator--5bb5d503-ac48-47ee-af45-c4b1950d210f" ,
"indicator--5bb5d518-6338-482f-a79c-c448950d210f" ,
"indicator--caa8d31d-eb67-43f6-8999-5509553133ec" ,
"x-misp-object--674e1271-97d4-41e3-91d0-54c6bbf08991" ,
"indicator--485ae42f-750e-4236-a90f-160868391c0b" ,
"x-misp-object--8bd069b9-50a6-405a-ac7a-2b37c349c988" ,
"indicator--5ae8b212-92e6-41bb-a081-ce4048cd35cd" ,
"x-misp-object--bb0904bb-62d2-4005-bff9-eec2f9714288" ,
"indicator--0bd5f889-77cf-401b-a393-461130ea63de" ,
"x-misp-object--88f4c7c3-4777-4590-8e27-931fe204135c" ,
"indicator--d4c3355f-a6ff-4aad-b733-effa1fa3f446" ,
"x-misp-object--64589ade-c0e3-46cb-8dc9-bd2b8e03958d" ,
"indicator--8a110b38-0dad-4295-b40f-fb60fb395e8f" ,
"x-misp-object--5afd32c5-ee31-48c3-ba20-0a1f10b339e6" ,
"indicator--b063122d-ef2d-47dc-b3d1-7efb48e23569" ,
"x-misp-object--1181b169-e791-49d6-af39-3729a8a9859b" ,
"indicator--37b700a5-e7a6-4b89-b39f-639dc8d788e4" ,
"x-misp-object--05e3f750-290b-4985-ba2e-b639851b0ddf" ,
"indicator--a67002ca-f1b7-4ae5-89b7-92ae322384c4" ,
"x-misp-object--6490158f-6e4a-4b70-8615-db28a126e06f" ,
"indicator--a48848a5-0b95-4b22-a285-de582b5e4213" ,
"x-misp-object--80a96246-61ca-4ad7-92ee-1fec639cc36c" ,
2023-12-14 14:30:15 +00:00
"relationship--a4d24152-f18d-42f3-9404-a09dd6d28863" ,
"relationship--6ca06ca1-33a7-4203-ad8e-1d6b420a0814" ,
"relationship--365e2dd4-dcb2-43a8-8fe8-0feb527035ec" ,
"relationship--bc3def28-50c4-4438-93ac-86f604ef8216" ,
"relationship--b8160e2d-15cd-4a1d-9070-d0d9dd88a716" ,
"relationship--1a798611-1b9c-4648-b68b-20cceac29e24" ,
"relationship--260a1904-f88d-4223-8c0c-87574e07a6c8" ,
"relationship--5c12bdc2-76a2-4a11-9f10-e646a785c5ea" ,
"relationship--7149954c-13e9-477a-a0ac-1d9e8d15a5af" ,
"relationship--b8ab9ecf-f6c9-4bc0-9736-9482afa6c23b"
2023-04-21 14:44:17 +00:00
] ,
"labels" : [
"Threat-Report" ,
"misp:tool=\"MISP-STIX-Converter\"" ,
"osint:source-type=\"blog-post\"" ,
"misp-galaxy:threat-actor=\"Sofacy\"" ,
"misp-galaxy:microsoft-activity-group=\"STRONTIUM\"" ,
"misp-galaxy:tool=\"X-Tunnel\"" ,
"misp-galaxy:tool=\"X-Agent\""
] ,
"object_marking_refs" : [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--5bb5d10c-0674-4b1c-bfc8-c4b3950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-10-04T08:42:57.000Z" ,
"modified" : "2018-10-04T08:42:57.000Z" ,
"first_observed" : "2018-10-04T08:42:57Z" ,
"last_observed" : "2018-10-04T08:42:57Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--5bb5d10c-0674-4b1c-bfc8-c4b3950d210f"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--5bb5d10c-0674-4b1c-bfc8-c4b3950d210f" ,
"value" : "https://www.ncsc.gov.uk/alerts/indicators-compromise-malware-used-apt28"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5bb5d166-9890-499a-a671-c4b3950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-10-04T08:42:57.000Z" ,
"modified" : "2018-10-04T08:42:57.000Z" ,
"description" : "X-Agent" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '139.5.177.205']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-10-04T08:42:57Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5bb5d167-d8ac-415a-9ca1-c4b3950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-10-04T08:42:57.000Z" ,
"modified" : "2018-10-04T08:42:57.000Z" ,
"description" : "X-Agent" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '80.255.6.15']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-10-04T08:42:57Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5bb5d167-81c4-4f97-b256-c4b3950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-10-04T08:42:57.000Z" ,
"modified" : "2018-10-04T08:42:57.000Z" ,
"description" : "X-Agent" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '89.34.111.107']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-10-04T08:42:57Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5bb5d169-71cc-4869-ae98-c4b3950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-10-04T08:42:57.000Z" ,
"modified" : "2018-10-04T08:42:57.000Z" ,
"description" : "X-Agent" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '86.106.131.229']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-10-04T08:42:57Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5bb5d169-16d8-4961-aa8b-c4b3950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-10-04T08:42:57.000Z" ,
"modified" : "2018-10-04T08:42:57.000Z" ,
"description" : "X-Agent" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '139.5.177.206']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-10-04T08:42:57Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5bb5d16a-a108-4237-b8a8-c4b3950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-10-04T08:42:57.000Z" ,
"modified" : "2018-10-04T08:42:57.000Z" ,
"description" : "X-Agent" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.181.102.203']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-10-04T08:42:57Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5bb5d16a-f3cc-4ca9-80d9-c4b3950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-10-04T08:42:57.000Z" ,
"modified" : "2018-10-04T08:42:57.000Z" ,
"description" : "X-Agent" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.181.102.204']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-10-04T08:42:57Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5bb5d16a-2780-4012-a411-c4b3950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-10-04T08:42:57.000Z" ,
"modified" : "2018-10-04T08:42:57.000Z" ,
"description" : "X-Agent" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '169.239.129.31']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-10-04T08:42:57Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5bb5d16b-b5d0-47fe-824c-c4b3950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-10-04T08:42:57.000Z" ,
"modified" : "2018-10-04T08:42:57.000Z" ,
"description" : "X-Agent" ,
"pattern" : "[domain-name:value = 'malaytravelgroup.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-10-04T08:42:57Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5bb5d16b-bf50-4cea-b981-c4b3950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-10-04T08:42:57.000Z" ,
"modified" : "2018-10-04T08:42:57.000Z" ,
"description" : "X-Agent" ,
"pattern" : "[domain-name:value = 'worldimagebucket.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-10-04T08:42:57Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5bb5d16c-4910-4922-8e60-c4b3950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-10-04T08:42:57.000Z" ,
"modified" : "2018-10-04T08:42:57.000Z" ,
"description" : "X-Agent" ,
"pattern" : "[domain-name:value = 'fundseats.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-10-04T08:42:57Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5bb5d16c-d10c-4be3-a955-c4b3950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-10-04T08:42:57.000Z" ,
"modified" : "2018-10-04T08:42:57.000Z" ,
"description" : "X-Agent" ,
"pattern" : "[domain-name:value = 'globaltechengineers.org']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-10-04T08:42:57Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5bb5d16d-cf00-4e63-91b3-c4b3950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-10-04T08:42:57.000Z" ,
"modified" : "2018-10-04T08:42:57.000Z" ,
"description" : "X-Agent" ,
"pattern" : "[domain-name:value = 'beststreammusic.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-10-04T08:42:57Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5bb5d16d-a53c-4321-9eea-c4b3950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-10-04T08:42:57.000Z" ,
"modified" : "2018-10-04T08:42:57.000Z" ,
"description" : "X-Agent" ,
"pattern" : "[domain-name:value = 'thepiratecinemaclub.org']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-10-04T08:42:57Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5bb5d16e-b670-42a3-add0-c4b3950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-10-04T08:42:57.000Z" ,
"modified" : "2018-10-04T08:42:57.000Z" ,
"description" : "X-Agent" ,
"pattern" : "[domain-name:value = 'coindmarket.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-10-04T08:42:57Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5bb5d1ca-3df4-4822-bd62-c1ce950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-10-04T08:42:57.000Z" ,
"modified" : "2018-10-04T08:42:57.000Z" ,
"description" : "X-Agent" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '213.252.247.112']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-10-04T08:42:57Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5bb5d1cb-d934-4924-986f-c1ce950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-10-04T08:42:57.000Z" ,
"modified" : "2018-10-04T08:42:57.000Z" ,
"description" : "X-Agent" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.86.148.15']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-10-04T08:42:57Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5bb5d1cc-ee40-470d-b092-c1ce950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-10-04T08:42:57.000Z" ,
"modified" : "2018-10-04T08:42:57.000Z" ,
"description" : "X-Agent" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '89.45.67.110']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-10-04T08:42:57Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5bb5d1cc-c3f0-472c-b8d5-c1ce950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-10-04T08:42:57.000Z" ,
"modified" : "2018-10-04T08:42:57.000Z" ,
"description" : "X-Agent" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.86.150.205']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-10-04T08:42:57Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5bb5d1cc-0d70-47be-8c1f-c1ce950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-10-04T08:42:57.000Z" ,
"modified" : "2018-10-04T08:42:57.000Z" ,
"description" : "X-Agent" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '193.37.255.10']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-10-04T08:42:57Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5bb5d1cd-6ee0-4029-9050-c1ce950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-10-04T08:39:41.000Z" ,
"modified" : "2018-10-04T08:39:41.000Z" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '195.12.50.171']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-10-04T08:39:41Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5bb5d1cd-57f8-46ca-a83c-c1ce950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-10-04T08:42:57.000Z" ,
"modified" : "2018-10-04T08:42:57.000Z" ,
"description" : "X-Agent" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '51.38.128.110']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-10-04T08:42:57Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5bb5d1ce-df28-4687-b97a-c1ce950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-10-04T08:42:57.000Z" ,
"modified" : "2018-10-04T08:42:57.000Z" ,
"description" : "X-Agent" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.144.83.124']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-10-04T08:42:57Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5bb5d1ce-ffa0-4a69-a827-c1ce950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-10-04T08:42:57.000Z" ,
"modified" : "2018-10-04T08:42:57.000Z" ,
"description" : "X-Agent" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.216.35.10']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-10-04T08:42:57Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5bb5d1cf-6d5c-4f9a-90a7-c1ce950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-10-04T08:42:57.000Z" ,
"modified" : "2018-10-04T08:42:57.000Z" ,
"description" : "X-Agent" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.94.192.122']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-10-04T08:42:57Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5bb5d1cf-9f9c-4d21-bbba-c1ce950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-10-04T08:42:57.000Z" ,
"modified" : "2018-10-04T08:42:57.000Z" ,
"description" : "X-Agent" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.216.35.7']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-10-04T08:42:57Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5bb5d1d0-5b5c-4074-bf11-c1ce950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-10-04T08:42:57.000Z" ,
"modified" : "2018-10-04T08:42:57.000Z" ,
"description" : "X-Agent" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '103.253.41.124']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-10-04T08:42:57Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5bb5d1d2-2464-4f9b-95e5-c1ce950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-10-04T08:42:57.000Z" ,
"modified" : "2018-10-04T08:42:57.000Z" ,
"description" : "X-Agent" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.189.112.195']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-10-04T08:42:57Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5bb5d1d6-b204-48ce-a655-c1ce950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-10-04T08:42:57.000Z" ,
"modified" : "2018-10-04T08:42:57.000Z" ,
"description" : "X-Agent" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.230.124.246']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-10-04T08:42:57Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5bb5d1d7-333c-4291-9538-c1ce950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-10-04T08:42:57.000Z" ,
"modified" : "2018-10-04T08:42:57.000Z" ,
"description" : "X-Agent" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '87.120.254.106']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-10-04T08:42:57Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5bb5d1d7-0da4-4af0-a0e6-c1ce950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-10-04T08:39:51.000Z" ,
"modified" : "2018-10-04T08:39:51.000Z" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '77.81.98.122']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-10-04T08:39:51Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5bb5d1d8-73d0-4aaf-a912-c1ce950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-10-04T08:42:57.000Z" ,
"modified" : "2018-10-04T08:42:57.000Z" ,
"description" : "X-Agent" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '89.34.111.132']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-10-04T08:42:57Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5bb5d1d8-09c0-4dcc-b662-c1ce950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-10-04T08:42:57.000Z" ,
"modified" : "2018-10-04T08:42:57.000Z" ,
"description" : "X-Agent" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '46.21.147.55']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-10-04T08:42:57Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5bb5d1d9-6a78-4e6c-b5a1-c1ce950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-10-04T08:42:57.000Z" ,
"modified" : "2018-10-04T08:42:57.000Z" ,
"description" : "X-Agent" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '103.208.86.57']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-10-04T08:42:57Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5bb5d1d9-f01c-43c8-9798-c1ce950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-10-04T08:42:57.000Z" ,
"modified" : "2018-10-04T08:42:57.000Z" ,
"description" : "X-Agent" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.128.24.104']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-10-04T08:42:57Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5bb5d1da-c230-40cc-9174-c1ce950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-10-04T08:42:57.000Z" ,
"modified" : "2018-10-04T08:42:57.000Z" ,
"description" : "X-Agent" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '145.239.67.8']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-10-04T08:42:57Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5bb5d1da-2c88-46f0-9d33-c1ce950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-10-04T08:42:57.000Z" ,
"modified" : "2018-10-04T08:42:57.000Z" ,
"description" : "X-Agent" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.210.219.250']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-10-04T08:42:57Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5bb5d1db-13ac-464b-93e9-c1ce950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-10-04T08:42:57.000Z" ,
"modified" : "2018-10-04T08:42:57.000Z" ,
"description" : "X-Agent" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '86.105.9.174']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-10-04T08:42:57Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5bb5d1db-2e8c-4af8-bcfe-c1ce950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-10-04T08:42:57.000Z" ,
"modified" : "2018-10-04T08:42:57.000Z" ,
"description" : "X-Agent" ,
"pattern" : "[domain-name:value = 'creekcounty.net']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-10-04T08:42:57Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5bb5d1db-a804-4da6-8a19-c1ce950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-10-04T08:42:57.000Z" ,
"modified" : "2018-10-04T08:42:57.000Z" ,
"description" : "X-Agent" ,
"pattern" : "[domain-name:value = 'virtsvc.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-10-04T08:42:57Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5bb5d1dc-b4cc-4d04-8b28-c1ce950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-10-04T08:42:57.000Z" ,
"modified" : "2018-10-04T08:42:57.000Z" ,
"description" : "X-Agent" ,
"pattern" : "[domain-name:value = 'moderntips.org']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-10-04T08:42:57Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5bb5d1dc-3a0c-44a2-95c1-c1ce950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-10-04T08:42:57.000Z" ,
"modified" : "2018-10-04T08:42:57.000Z" ,
"description" : "X-Agent" ,
"pattern" : "[domain-name:value = 'daysheduler.org']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-10-04T08:42:57Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5bb5d1dd-0614-4c6f-bf02-c1ce950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-10-04T08:42:57.000Z" ,
"modified" : "2018-10-04T08:42:57.000Z" ,
"description" : "X-Agent" ,
"pattern" : "[domain-name:value = 'escochart.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-10-04T08:42:57Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5bb5d1dd-8474-4dfc-938c-c1ce950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-10-04T08:42:57.000Z" ,
"modified" : "2018-10-04T08:42:57.000Z" ,
"description" : "X-Agent" ,
"pattern" : "[domain-name:value = 'loungecinemaclub.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-10-04T08:42:57Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5bb5d1de-7174-4cc8-9a17-c1ce950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-10-04T08:42:57.000Z" ,
"modified" : "2018-10-04T08:42:57.000Z" ,
"description" : "X-Agent" ,
"pattern" : "[domain-name:value = 'genericnetworkaddress.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-10-04T08:42:57Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5bb5d1de-54c0-43e9-8dc3-c1ce950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-10-04T08:42:57.000Z" ,
"modified" : "2018-10-04T08:42:57.000Z" ,
"description" : "X-Agent" ,
"pattern" : "[domain-name:value = 'bulgariatripholidays.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-10-04T08:42:57Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5bb5d1df-3b1c-44e7-90b8-c1ce950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-10-04T08:42:57.000Z" ,
"modified" : "2018-10-04T08:42:57.000Z" ,
"description" : "X-Agent" ,
"pattern" : "[domain-name:value = 'georgia-travel.org']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-10-04T08:42:57Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5bb5d1df-699c-40dc-b6d5-c1ce950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-10-04T08:42:57.000Z" ,
"modified" : "2018-10-04T08:42:57.000Z" ,
"description" : "X-Agent" ,
"pattern" : "[domain-name:value = 'bbcweather.org']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-10-04T08:42:57Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5bb5d1e0-9604-4c74-849c-c1ce950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-10-04T08:42:57.000Z" ,
"modified" : "2018-10-04T08:42:57.000Z" ,
"description" : "X-Agent" ,
"pattern" : "[domain-name:value = 'politicweekend.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-10-04T08:42:57Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5bb5d1e0-2504-4112-88f4-c1ce950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-10-04T08:42:57.000Z" ,
"modified" : "2018-10-04T08:42:57.000Z" ,
"description" : "X-Agent" ,
"pattern" : "[domain-name:value = 'truefashionnews.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-10-04T08:42:57Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5bb5d1e0-29d8-4e71-bec6-c1ce950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-10-04T08:42:57.000Z" ,
"modified" : "2018-10-04T08:42:57.000Z" ,
"description" : "X-Agent" ,
"pattern" : "[domain-name:value = 'protonhardstorage.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-10-04T08:42:57Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5bb5d1e1-111c-4871-99e8-c1ce950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-10-04T08:42:57.000Z" ,
"modified" : "2018-10-04T08:42:57.000Z" ,
"description" : "X-Agent" ,
"pattern" : "[domain-name:value = 'moldtravelgroup.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-10-04T08:42:57Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5bb5d1e4-b89c-4cf8-84d5-c1ce950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-10-04T08:42:57.000Z" ,
"modified" : "2018-10-04T08:42:57.000Z" ,
"description" : "X-Agent" ,
"pattern" : "[domain-name:value = 'iboxmit.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-10-04T08:42:57Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5bb5d1e6-e000-49f7-a4ee-c1ce950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-10-04T08:42:57.000Z" ,
"modified" : "2018-10-04T08:42:57.000Z" ,
"description" : "X-Agent" ,
"pattern" : "[domain-name:value = 'brownvelocity.org']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-10-04T08:42:57Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5bb5d1e7-e364-4e33-ba48-c1ce950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-10-04T08:42:57.000Z" ,
"modified" : "2018-10-04T08:42:57.000Z" ,
"description" : "X-Agent" ,
"pattern" : "[domain-name:value = 'pointtk.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-10-04T08:42:57Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5bb5d1e8-2464-4d1e-87bd-c1ce950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-10-04T08:42:57.000Z" ,
"modified" : "2018-10-04T08:42:57.000Z" ,
"description" : "X-Agent" ,
"pattern" : "[domain-name:value = 'narrowpass.net']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-10-04T08:42:57Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5bb5d1e8-a384-4de3-805c-c1ce950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-10-04T08:42:57.000Z" ,
"modified" : "2018-10-04T08:42:57.000Z" ,
"description" : "X-Agent" ,
"pattern" : "[domain-name:value = 'powernoderesources.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-10-04T08:42:57Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5bb5d1e9-567c-45b7-9103-c1ce950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-10-04T08:42:57.000Z" ,
"modified" : "2018-10-04T08:42:57.000Z" ,
"description" : "X-Agent" ,
"pattern" : "[domain-name:value = 'topcinemaclub.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-10-04T08:42:57Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5bb5d244-d7ac-487b-acb8-347d950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-10-04T08:42:57.000Z" ,
"modified" : "2018-10-04T08:42:57.000Z" ,
"description" : "X-Agent" ,
"pattern" : "[alert tcp $HOME_NET any -> $EXTERNAL_NET any (flow:established,from_client; msg: \"XAgent Beacon\"; content:\"HTTP/1.1|0d 0a|Accept|3a|text/html,application/xhtml+xml,application/xml|3b|q=0.9,*\";!\"Host|3a| yandex.ru\";; pcre: \"/^(?:GET|POST)\\ /(?:watch|search|find|results|open|search|close)\\/\\?(?:text=|from=|aq=|ai=|ags=|oe=|btnG=|oprnd=|utm=|channel=|itwm=)/\";)]" ,
"pattern_type" : "snort" ,
2023-12-14 14:30:15 +00:00
"pattern_version" : "2.1" ,
2023-04-21 14:44:17 +00:00
"valid_from" : "2018-10-04T08:42:57Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"snort\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5bb5d25b-fbc8-4a6b-9fb8-ef06950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-10-04T08:42:57.000Z" ,
"modified" : "2018-10-04T08:42:57.000Z" ,
"description" : "X-Agent" ,
"pattern" : "[alert tcp $HOME_NET any -> $EXTERNAL_NET any (flow:established,from_client; msg:: \"XAgent itwm beacon v1\"; content:\"/?itwm\"; fast_pattern; pcre: \"/itwm=[A-Za-z0-9\\-\\_]{29,35}/\";)]" ,
"pattern_type" : "snort" ,
2023-12-14 14:30:15 +00:00
"pattern_version" : "2.1" ,
2023-04-21 14:44:17 +00:00
"valid_from" : "2018-10-04T08:42:57Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"snort\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5bb5d27b-901c-4bdb-90f8-c448950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-10-04T08:42:57.000Z" ,
"modified" : "2018-10-04T08:42:57.000Z" ,
"description" : "X-Agent" ,
"pattern" : "[alert tcp $HOME_NET any -> $EXTERNAL_NET any (flow:established,from_client; msg:: \"XAgent itwm beacon v2\"; content:\"&itwm\"; fast_pattern; pcre: \"/&itwm=[A-Za-z0-9\\-\\_]{29,35}/\";)]" ,
"pattern_type" : "snort" ,
2023-12-14 14:30:15 +00:00
"pattern_version" : "2.1" ,
2023-04-21 14:44:17 +00:00
"valid_from" : "2018-10-04T08:42:57Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"snort\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5bb5d2f9-3b6c-4b33-a7ef-c472950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-10-04T08:44:41.000Z" ,
"modified" : "2018-10-04T08:44:41.000Z" ,
"description" : "X-Agent - chost.exe" ,
"pattern" : "[file:hashes.SHA1 = '46e2957e699fae6de1a212dd98ba4e2bb969497d']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-10-04T08:44:41Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5bb5d2fa-72e4-4f7e-b41d-c472950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-10-04T08:44:42.000Z" ,
"modified" : "2018-10-04T08:44:42.000Z" ,
"description" : "X-Agent - msoutlook.dll" ,
"pattern" : "[file:hashes.SHA1 = 'c53930772beb2779d932655d6c3de5548810af3d']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-10-04T08:44:42Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5bb5d2fa-5c08-4396-b9cd-c472950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-10-04T08:44:42.000Z" ,
"modified" : "2018-10-04T08:44:42.000Z" ,
"description" : "X-Agent - Samp_(16).file" ,
"pattern" : "[file:hashes.SHA1 = 'fa695e88c87843ca0ba9fc04b176899ff90e9ac5']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-10-04T08:44:42Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5bb5d2fa-ea80-4f30-99fe-c472950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-10-04T08:44:42.000Z" ,
"modified" : "2018-10-04T08:44:42.000Z" ,
"description" : "X-Agent - outlook.dll" ,
"pattern" : "[file:hashes.SHA1 = '046a8adc2ef0f68107e96babc59f41b6f0a57803']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-10-04T08:44:42Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5bb5d329-86c4-44ba-bf2a-c1ce950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-10-04T08:45:29.000Z" ,
"modified" : "2018-10-04T08:45:29.000Z" ,
"description" : "IP addresses have been used as Command and Control (C2) servers for APT28 LoJack communication" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.86.151.2']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-10-04T08:45:29Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5bb5d329-b624-414f-b52d-c1ce950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-10-04T08:45:29.000Z" ,
"modified" : "2018-10-04T08:45:29.000Z" ,
"description" : "IP addresses have been used as Command and Control (C2) servers for APT28 LoJack communication" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '46.21.147.76']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-10-04T08:45:29Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5bb5d32c-6704-4d4f-99e8-c1ce950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-10-04T08:45:32.000Z" ,
"modified" : "2018-10-04T08:45:32.000Z" ,
"description" : "IP addresses have been used as Command and Control (C2) servers for APT28 LoJack communication" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '46.21.147.71']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-10-04T08:45:32Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5bb5d32d-6c70-44bf-87af-c1ce950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-10-04T08:45:33.000Z" ,
"modified" : "2018-10-04T08:45:33.000Z" ,
"description" : "IP addresses have been used as Command and Control (C2) servers for APT28 LoJack communication" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '162.208.10.66']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-10-04T08:45:33Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5bb5d32d-ef70-4882-ac34-c1ce950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-10-04T08:45:33.000Z" ,
"modified" : "2018-10-04T08:45:33.000Z" ,
"description" : "IP addresses have been used as Command and Control (C2) servers for APT28 LoJack communication" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.86.151.104']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-10-04T08:45:33Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5bb5d32e-2f2c-473d-809a-c1ce950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-10-04T08:45:34.000Z" ,
"modified" : "2018-10-04T08:45:34.000Z" ,
"description" : "IP addresses have been used as Command and Control (C2) servers for APT28 LoJack communication" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.86.149.116']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-10-04T08:45:34Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5bb5d330-9880-45a6-af27-c1ce950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-10-04T08:45:36.000Z" ,
"modified" : "2018-10-04T08:45:36.000Z" ,
"description" : "IP addresses have been used as Command and Control (C2) servers for APT28 LoJack communication" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '86.106.131.54']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-10-04T08:45:36Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5bb5d331-46c0-4bcc-9db4-c1ce950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-10-04T08:45:37.000Z" ,
"modified" : "2018-10-04T08:45:37.000Z" ,
"description" : "IP addresses have been used as Command and Control (C2) servers for APT28 LoJack communication" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.181.102.201']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-10-04T08:45:37Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5bb5d331-7ce0-4875-aea8-c1ce950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-10-04T08:45:37.000Z" ,
"modified" : "2018-10-04T08:45:37.000Z" ,
"description" : "IP addresses have been used as Command and Control (C2) servers for APT28 LoJack communication" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '179.43.158.20']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-10-04T08:45:37Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5bb5d331-e3e0-4d37-a87b-c1ce950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-10-04T08:45:37.000Z" ,
"modified" : "2018-10-04T08:45:37.000Z" ,
"description" : "IP addresses have been used as Command and Control (C2) servers for APT28 LoJack communication" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '85.204.124.77']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-10-04T08:45:37Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5bb5d332-55a0-47ca-97c0-c1ce950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-10-04T08:45:38.000Z" ,
"modified" : "2018-10-04T08:45:38.000Z" ,
"description" : "IP addresses have been used as Command and Control (C2) servers for APT28 LoJack communication" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.86.148.184']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-10-04T08:45:38Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5bb5d332-4c88-48ba-b4da-c1ce950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-10-04T08:45:38.000Z" ,
"modified" : "2018-10-04T08:45:38.000Z" ,
"description" : "IP addresses have been used as Command and Control (C2) servers for APT28 LoJack communication" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.183.107.40']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-10-04T08:45:38Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5bb5d333-90b8-42a7-b2dd-c1ce950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-10-04T08:45:39.000Z" ,
"modified" : "2018-10-04T08:45:39.000Z" ,
"description" : "IP addresses have been used as Command and Control (C2) servers for APT28 LoJack communication" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.94.191.65']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-10-04T08:45:39Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5bb5d333-2b4c-447e-a336-c1ce950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-10-04T08:45:39.000Z" ,
"modified" : "2018-10-04T08:45:39.000Z" ,
"description" : "IP addresses have been used as Command and Control (C2) servers for APT28 LoJack communication" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '94.177.12.150']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-10-04T08:45:39Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5bb5d334-b85c-4214-a3f9-c1ce950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-10-04T08:45:40.000Z" ,
"modified" : "2018-10-04T08:45:40.000Z" ,
"description" : "IP addresses have been used as Command and Control (C2) servers for APT28 LoJack communication" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '54.37.104.106']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-10-04T08:45:40Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5bb5d334-0ffc-4ccd-8dca-c1ce950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-10-04T08:45:40.000Z" ,
"modified" : "2018-10-04T08:45:40.000Z" ,
"description" : "IP addresses have been used as Command and Control (C2) servers for APT28 LoJack communication" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '93.113.131.103']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-10-04T08:45:40Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5bb5d335-40c0-45df-9473-c1ce950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-10-04T08:45:41.000Z" ,
"modified" : "2018-10-04T08:45:41.000Z" ,
"description" : "IP addresses have been used as Command and Control (C2) servers for APT28 LoJack communication" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '169.239.129.121']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-10-04T08:45:41Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5bb5d335-6358-408b-bbd9-c1ce950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-10-04T08:45:41.000Z" ,
"modified" : "2018-10-04T08:45:41.000Z" ,
"description" : "IP addresses have been used as Command and Control (C2) servers for APT28 LoJack communication" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '169.239.128.133']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-10-04T08:45:41Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5bb5d378-41b4-4b13-a739-c1cf950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-10-04T08:46:48.000Z" ,
"modified" : "2018-10-04T08:46:48.000Z" ,
"description" : "The Snort rule provided may detect false positives due to CompuTrace/Lojack being legitimate software. The NCSC highly recommend 4 of 8network administrators assess their environment for the presence of CompuTrace/Lojack and adjust the signatures accordingly to exclude the legitimate use of CompuTrace." ,
"pattern" : "[alert tcp any any <> any any (flow: established; msg: \"APT28 -CompuTrace_Beacon_UserAgent\"; content: \"|0d0a|TagId|3a| \";fast_pattern; content: \"POST / \"; content:!\"namequery.com\";content:!\"Host: 209.53.113.\"; content:!\"dnssearch.org\";content:!\"Cookie:\"; content:!\"fnbcorporate.co.za\";content:!\"207.6.98.\"; pcre: \"/Mozilla\\/[0-9]{1,2}.[0-9]{1,2}\\(compatible\\; MSIE [0-9]{1,2}.[0-9]{1,2}\\;\\)\\x0d\\x0a/\";)]" ,
"pattern_type" : "snort" ,
2023-12-14 14:30:15 +00:00
"pattern_version" : "2.1" ,
2023-04-21 14:44:17 +00:00
"valid_from" : "2018-10-04T08:46:48Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"snort\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5bb5d3a6-3140-4a82-88ee-ef05950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-10-04T08:47:34.000Z" ,
"modified" : "2018-10-04T08:47:34.000Z" ,
"description" : "SHA-1 hash of a CompuTrace file used by APT28 - filename dcbfd12321fa7c4fa9a72486ced578fdc00dcee79e6d95aa481791f044a55dll" ,
"pattern" : "[file:hashes.SHA1 = 'd70db6a6d660aae58ccfc688a2890391fd873bfb']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-10-04T08:47:34Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5bb5d3c9-dfa4-4e25-a4f1-c1bd950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-10-04T08:48:59.000Z" ,
"modified" : "2018-10-04T08:48:59.000Z" ,
"description" : "XTUNNEL - picturecrawling.com" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '23.163.0.59']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-10-04T08:48:59Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5bb5d3cf-c108-4b0b-bcce-c1bd950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-10-04T08:48:15.000Z" ,
"modified" : "2018-10-04T08:48:15.000Z" ,
"description" : "XTUNNEL" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '86.105.1.123']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-10-04T08:48:15Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5bb5d3d1-de18-4c22-b9fa-c1bd950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-10-04T08:48:17.000Z" ,
"modified" : "2018-10-04T08:48:17.000Z" ,
"description" : "XTUNNEL" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.86.149.218']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-10-04T08:48:17Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5bb5d3d4-8ef4-4288-8c7a-c1bd950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-10-04T08:48:20.000Z" ,
"modified" : "2018-10-04T08:48:20.000Z" ,
"description" : "XTUNNEL" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.145.128.80']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-10-04T08:48:20Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5bb5d3db-3010-4743-9545-c1bd950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-10-04T08:48:27.000Z" ,
"modified" : "2018-10-04T08:48:27.000Z" ,
"description" : "XTUNNEL" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '89.37.226.106']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-10-04T08:48:27Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5bb5d3dd-0bd4-4c9c-8b2e-c1bd950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-10-04T08:48:29.000Z" ,
"modified" : "2018-10-04T08:48:29.000Z" ,
"description" : "XTUNNEL" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '94.177.12.238']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-10-04T08:48:29Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5bb5d43c-dbac-4b0b-8b1d-c1bd950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-10-04T08:50:04.000Z" ,
"modified" : "2018-10-04T08:50:04.000Z" ,
"description" : "gpu.dll - XTUNNEL" ,
"pattern" : "[file:hashes.MD5 = '8dbe37dfb0d498f96fb7f1e09e9e5c8f']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-10-04T08:50:04Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5bb5d43f-ea80-4cac-a371-c1bd950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-10-04T08:50:07.000Z" ,
"modified" : "2018-10-04T08:50:07.000Z" ,
"description" : "lncstnt.exe - XTUNNEL" ,
"pattern" : "[file:hashes.MD5 = '5086989639aed17227b8d6b041ef3163']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-10-04T08:50:07Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5bb5d47b-2248-4fe5-9cde-c472950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-10-04T08:51:07.000Z" ,
"modified" : "2018-10-04T08:51:07.000Z" ,
"description" : "following IP addresses have been used for ZEBROCY victim communications" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '176.223.111.243']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-10-04T08:51:07Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5bb5d47e-d378-4536-8004-c472950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-10-04T08:51:10.000Z" ,
"modified" : "2018-10-04T08:51:10.000Z" ,
"description" : "following IP addresses have been used for ZEBROCY victim communications" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '172.104.21.26']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-10-04T08:51:10Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5bb5d480-a5a8-471d-986f-c472950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-10-04T08:51:12.000Z" ,
"modified" : "2018-10-04T08:51:12.000Z" ,
"description" : "following IP addresses have been used for ZEBROCY victim communications" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '188.241.68.118']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-10-04T08:51:12Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5bb5d484-8ae8-47e3-b684-c472950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-10-04T08:51:16.000Z" ,
"modified" : "2018-10-04T08:51:16.000Z" ,
"description" : "following IP addresses have been used for ZEBROCY victim communications" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '89.45.67.153']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-10-04T08:51:16Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5bb5d486-c108-438c-81ac-c472950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-10-04T08:51:18.000Z" ,
"modified" : "2018-10-04T08:51:18.000Z" ,
"description" : "following IP addresses have been used for ZEBROCY victim communications" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.25.50.93']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-10-04T08:51:18Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5bb5d48f-2934-46d2-a216-c472950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-10-04T08:51:27.000Z" ,
"modified" : "2018-10-04T08:51:27.000Z" ,
"description" : "following IP addresses have been used for ZEBROCY victim communications" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '45.124.132.127']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-10-04T08:51:27Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5bb5d4c5-272c-4e74-9c60-fa9a950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-10-04T08:52:21.000Z" ,
"modified" : "2018-10-04T08:52:21.000Z" ,
"description" : "ZEBROCY victim communication" ,
"pattern" : "[alert tcp $HOME_NET any -> $EXTERNAL_NET any (flow:established,from_client; msg: \"APT28 - Web/request -FILE- content-type\"; content: \"-FILE-\"; pcre: \"/[A-Z0-9\\-]{16}-FILE-[^\\r\\n]+.tmp/\"]" ,
"pattern_type" : "snort" ,
2023-12-14 14:30:15 +00:00
"pattern_version" : "2.1" ,
2023-04-21 14:44:17 +00:00
"valid_from" : "2018-10-04T08:52:21Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"snort\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5bb5d500-7ee4-45c6-bd0c-c4b1950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-10-04T08:53:20.000Z" ,
"modified" : "2018-10-04T08:53:20.000Z" ,
"description" : "ZEBROCY file" ,
"pattern" : "[file:hashes.SHA1 = '913ac13ff245baeff843a99dc2cbc1ff5f8c025c']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-10-04T08:53:20Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5bb5d503-ac48-47ee-af45-c4b1950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-10-04T08:53:23.000Z" ,
"modified" : "2018-10-04T08:53:23.000Z" ,
"description" : "ZEBROCY file" ,
"pattern" : "[file:hashes.SHA1 = 'b758c7775d9bcdc0473fc2e738b32f05b464b175']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-10-04T08:53:23Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5bb5d518-6338-482f-a79c-c448950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-10-04T08:53:44.000Z" ,
"modified" : "2018-10-04T08:53:44.000Z" ,
"description" : "UpnP Error Handler" ,
"pattern" : "[file:hashes.SHA1 = '3e7dfe9a8d5955a825cb51cb6eec0cd07c569b41']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-10-04T08:53:44Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--caa8d31d-eb67-43f6-8999-5509553133ec" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-10-04T08:55:27.000Z" ,
"modified" : "2018-10-04T08:55:27.000Z" ,
"pattern" : "[file:hashes.MD5 = '5086989639aed17227b8d6b041ef3163' AND file:hashes.SHA1 = '5fa9f62b9616849e1f23ae3582f7d72eff030768' AND file:hashes.SHA256 = 'c5f8236e578a2b877fe538b2ef6f4aeceeb1b9cb73bba4d02fd368a5eb85cfab']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-10-04T08:55:27Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--674e1271-97d4-41e3-91d0-54c6bbf08991" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-10-04T08:55:35.000Z" ,
"modified" : "2018-10-04T08:55:35.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2018-09-21T16:46:48" ,
"category" : "Other" ,
"uuid" : "6223a185-c824-4867-a415-02ecf1749930"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/c5f8236e578a2b877fe538b2ef6f4aeceeb1b9cb73bba4d02fd368a5eb85cfab/analysis/1537548408/" ,
"category" : "External analysis" ,
"uuid" : "b8dfbb91-e70f-4d1d-b69f-068f90e5409e"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "39/64" ,
"category" : "Other" ,
"uuid" : "f4b84a8a-267d-4055-83ed-6bb5df945245"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--485ae42f-750e-4236-a90f-160868391c0b" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-10-04T08:55:47.000Z" ,
"modified" : "2018-10-04T08:55:47.000Z" ,
"pattern" : "[file:hashes.MD5 = '8dbe37dfb0d498f96fb7f1e09e9e5c8f' AND file:hashes.SHA1 = '4c1f39ae7ac7cafc3554790b0d3cdc0136dc43d2' AND file:hashes.SHA256 = 'fc224a6cca956a59812a13e53ba08a279996ea2ee194fe20fb10170ca5c2db6a']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-10-04T08:55:47Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--8bd069b9-50a6-405a-ac7a-2b37c349c988" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-10-04T08:55:56.000Z" ,
"modified" : "2018-10-04T08:55:56.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2018-09-24T12:43:53" ,
"category" : "Other" ,
"uuid" : "e05a496d-23ad-431f-9c3c-c7ad8b72c262"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/fc224a6cca956a59812a13e53ba08a279996ea2ee194fe20fb10170ca5c2db6a/analysis/1537793033/" ,
"category" : "External analysis" ,
"uuid" : "3681b6d3-8233-42cb-b947-5ec748df0093"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "43/66" ,
"category" : "Other" ,
"uuid" : "4a94b98c-18f3-43d2-87d2-5c0c83bd195b"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5ae8b212-92e6-41bb-a081-ce4048cd35cd" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-10-04T08:56:09.000Z" ,
"modified" : "2018-10-04T08:56:09.000Z" ,
"pattern" : "[file:hashes.MD5 = '10036063be45f92a9a743425fbf5abc7' AND file:hashes.SHA1 = 'd70db6a6d660aae58ccfc688a2890391fd873bfb' AND file:hashes.SHA256 = '3f48dbbf86f29e01809550f4272a894ff4b09bd48b0637bd6745db84d2cec2b6']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-10-04T08:56:09Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--bb0904bb-62d2-4005-bff9-eec2f9714288" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-10-04T08:56:18.000Z" ,
"modified" : "2018-10-04T08:56:18.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2018-10-04T03:26:52" ,
"category" : "Other" ,
"uuid" : "1d1dcb0e-2b06-4bc5-a54f-71b6903a983a"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/3f48dbbf86f29e01809550f4272a894ff4b09bd48b0637bd6745db84d2cec2b6/analysis/1538623612/" ,
"category" : "External analysis" ,
"uuid" : "b98a15e8-cce7-4837-ac91-ad987e0c4628"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "41/67" ,
"category" : "Other" ,
"uuid" : "cef987d3-50f2-441d-9432-25bd46fe2aa9"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--0bd5f889-77cf-401b-a393-461130ea63de" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-10-04T08:56:29.000Z" ,
"modified" : "2018-10-04T08:56:29.000Z" ,
"pattern" : "[file:hashes.MD5 = 'd29899195c604f0615885bc6c2fdf7a8' AND file:hashes.SHA1 = 'fa695e88c87843ca0ba9fc04b176899ff90e9ac5' AND file:hashes.SHA256 = '86a588672837afdc1900ad9e78c7d0ae7a842bdd972dbdc5bdff2574a37f5acc']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-10-04T08:56:29Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--88f4c7c3-4777-4590-8e27-931fe204135c" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-10-04T08:56:34.000Z" ,
"modified" : "2018-10-04T08:56:34.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2018-07-27T00:32:44" ,
"category" : "Other" ,
"uuid" : "49596d84-c139-4047-b2ef-cce2037c1751"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/86a588672837afdc1900ad9e78c7d0ae7a842bdd972dbdc5bdff2574a37f5acc/analysis/1532651564/" ,
"category" : "External analysis" ,
"uuid" : "af68e965-cc52-439f-a26b-e179ad304d05"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "35/61" ,
"category" : "Other" ,
"uuid" : "0441ed29-7eb2-4777-a467-ca297b1c6789"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--d4c3355f-a6ff-4aad-b733-effa1fa3f446" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-10-04T08:56:46.000Z" ,
"modified" : "2018-10-04T08:56:46.000Z" ,
"pattern" : "[file:hashes.MD5 = 'fc0cb1dbab4bc6504e644f311d9bb4a1' AND file:hashes.SHA1 = 'c53930772beb2779d932655d6c3de5548810af3d' AND file:hashes.SHA256 = 'a1c73ce193ffa5323aaef73fbabbc2a984e10900f09cf9fcb0cb11606a23c402']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-10-04T08:56:46Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--64589ade-c0e3-46cb-8dc9-bd2b8e03958d" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-10-04T08:56:54.000Z" ,
"modified" : "2018-10-04T08:56:54.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2018-07-03T09:59:52" ,
"category" : "Other" ,
"uuid" : "c1ff0d67-f8df-497f-95b6-2ffd6bf7176e"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/a1c73ce193ffa5323aaef73fbabbc2a984e10900f09cf9fcb0cb11606a23c402/analysis/1530611992/" ,
"category" : "External analysis" ,
"uuid" : "02324d5a-0a2a-4a8f-b65e-cf774956dddd"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "41/65" ,
"category" : "Other" ,
"uuid" : "5e788972-1d3d-4b9a-95f7-3fb76db9715d"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--8a110b38-0dad-4295-b40f-fb60fb395e8f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-10-04T08:57:04.000Z" ,
"modified" : "2018-10-04T08:57:04.000Z" ,
"pattern" : "[file:hashes.MD5 = 'b50640a28a1d4f2acdce93adf2ea326c' AND file:hashes.SHA1 = 'b758c7775d9bcdc0473fc2e738b32f05b464b175' AND file:hashes.SHA256 = '2b19497db8cb05cd3d22996efe5af8eac0f2ea51e80f606b7b8a79dfaa2f58e2']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-10-04T08:57:04Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--5afd32c5-ee31-48c3-ba20-0a1f10b339e6" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-10-04T08:57:10.000Z" ,
"modified" : "2018-10-04T08:57:10.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2018-09-11T00:23:21" ,
"category" : "Other" ,
"uuid" : "37ca8cc3-2a4e-4acc-8f95-3411382dc8b0"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/2b19497db8cb05cd3d22996efe5af8eac0f2ea51e80f606b7b8a79dfaa2f58e2/analysis/1536625401/" ,
"category" : "External analysis" ,
"uuid" : "81ac484b-e234-4312-bb47-ded2265b8b8e"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "44/68" ,
"category" : "Other" ,
"uuid" : "f29b012f-ca21-41b2-9b40-6697832b2a12"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--b063122d-ef2d-47dc-b3d1-7efb48e23569" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-10-04T08:57:25.000Z" ,
"modified" : "2018-10-04T08:57:25.000Z" ,
"pattern" : "[file:hashes.MD5 = '4fa6cd01571905b9c7c8fc9a359b655e' AND file:hashes.SHA1 = '46e2957e699fae6de1a212dd98ba4e2bb969497d' AND file:hashes.SHA256 = 'b814fdbb7cfe6e5192fe1126835b903354d75bfb15a6c262ccc2caf13a8ce4b6']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-10-04T08:57:25Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--1181b169-e791-49d6-af39-3729a8a9859b" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-10-04T08:57:32.000Z" ,
"modified" : "2018-10-04T08:57:32.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2018-09-04T10:08:34" ,
"category" : "Other" ,
"uuid" : "cdaedd02-5290-470f-b143-be59989f1464"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/b814fdbb7cfe6e5192fe1126835b903354d75bfb15a6c262ccc2caf13a8ce4b6/analysis/1536055714/" ,
"category" : "External analysis" ,
"uuid" : "34363d3f-d54e-41ed-9dfe-4ba2b8b9214b"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "21/65" ,
"category" : "Other" ,
"uuid" : "212837d3-8b9c-4da8-b2ba-0cee22d2760a"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--37b700a5-e7a6-4b89-b39f-639dc8d788e4" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-10-04T08:57:48.000Z" ,
"modified" : "2018-10-04T08:57:48.000Z" ,
"pattern" : "[file:hashes.MD5 = '961e79a33f432ea96d2c8bf9eb010006' AND file:hashes.SHA1 = '913ac13ff245baeff843a99dc2cbc1ff5f8c025c' AND file:hashes.SHA256 = 'a15a4e21fe3b06870d52f7383ef45e4ac0dde727b02b3d340f0ba6346b43add1']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-10-04T08:57:48Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--05e3f750-290b-4985-ba2e-b639851b0ddf" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-10-04T08:57:57.000Z" ,
"modified" : "2018-10-04T08:57:57.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2018-10-03T17:22:50" ,
"category" : "Other" ,
"uuid" : "4c862a8c-164a-4e20-beac-21a28e57f450"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/a15a4e21fe3b06870d52f7383ef45e4ac0dde727b02b3d340f0ba6346b43add1/analysis/1538587370/" ,
"category" : "External analysis" ,
"uuid" : "3c5c3a4d-27ce-40af-8115-b07e34311568"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "40/68" ,
"category" : "Other" ,
"uuid" : "44a8fce4-4591-47c1-a599-0ff5195b2167"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--a67002ca-f1b7-4ae5-89b7-92ae322384c4" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-10-04T08:58:11.000Z" ,
"modified" : "2018-10-04T08:58:11.000Z" ,
"pattern" : "[file:hashes.MD5 = '809cbf6cfded8d571d20fe27d6cf91f9' AND file:hashes.SHA1 = '046a8adc2ef0f68107e96babc59f41b6f0a57803' AND file:hashes.SHA256 = '001d65185910ae8cd9e7e2472745e593be62b98eae3f5f2266a29c37e56daa1d']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-10-04T08:58:11Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--6490158f-6e4a-4b70-8615-db28a126e06f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-10-04T08:58:17.000Z" ,
"modified" : "2018-10-04T08:58:17.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2018-06-21T12:27:14" ,
"category" : "Other" ,
"uuid" : "ecf40020-4547-44fb-8bd8-b0294caa709a"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/001d65185910ae8cd9e7e2472745e593be62b98eae3f5f2266a29c37e56daa1d/analysis/1529584034/" ,
"category" : "External analysis" ,
"uuid" : "388a0d75-ae89-475d-af6f-2d1e1c741581"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "38/66" ,
"category" : "Other" ,
"uuid" : "e1c92c53-6e9a-41c2-9b7d-c0b75c75ed20"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--a48848a5-0b95-4b22-a285-de582b5e4213" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-10-04T08:58:31.000Z" ,
"modified" : "2018-10-04T08:58:31.000Z" ,
"pattern" : "[file:hashes.MD5 = 'be6f600e05d6d958a9f614fc415ecba1' AND file:hashes.SHA1 = '3e7dfe9a8d5955a825cb51cb6eec0cd07c569b41' AND file:hashes.SHA256 = 'a6576282d17cca390e35306a423dcb5ac9276c28eaba63f74001757edc3688df']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-10-04T08:58:31Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--80a96246-61ca-4ad7-92ee-1fec639cc36c" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-10-04T08:58:43.000Z" ,
"modified" : "2018-10-04T08:58:43.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2018-08-24T15:03:55" ,
"category" : "Other" ,
"uuid" : "6afd14d5-aaa2-4e91-8b35-67b241367c28"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/a6576282d17cca390e35306a423dcb5ac9276c28eaba63f74001757edc3688df/analysis/1535123035/" ,
"category" : "External analysis" ,
"uuid" : "fc3ea1a9-30c5-4b9b-9521-779263a44955"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "37/67" ,
"category" : "Other" ,
"uuid" : "5f106e2c-460a-4bf1-ac69-cd1ab771761b"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2023-12-14 14:30:15 +00:00
"id" : "relationship--a4d24152-f18d-42f3-9404-a09dd6d28863" ,
2023-04-21 14:44:17 +00:00
"created" : "2018-10-04T08:58:58.000Z" ,
"modified" : "2018-10-04T08:58:58.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "indicator--caa8d31d-eb67-43f6-8999-5509553133ec" ,
"target_ref" : "x-misp-object--674e1271-97d4-41e3-91d0-54c6bbf08991"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2023-12-14 14:30:15 +00:00
"id" : "relationship--6ca06ca1-33a7-4203-ad8e-1d6b420a0814" ,
2023-04-21 14:44:17 +00:00
"created" : "2018-10-04T08:58:58.000Z" ,
"modified" : "2018-10-04T08:58:58.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "indicator--485ae42f-750e-4236-a90f-160868391c0b" ,
"target_ref" : "x-misp-object--8bd069b9-50a6-405a-ac7a-2b37c349c988"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2023-12-14 14:30:15 +00:00
"id" : "relationship--365e2dd4-dcb2-43a8-8fe8-0feb527035ec" ,
2023-04-21 14:44:17 +00:00
"created" : "2018-10-04T08:58:58.000Z" ,
"modified" : "2018-10-04T08:58:58.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "indicator--5ae8b212-92e6-41bb-a081-ce4048cd35cd" ,
"target_ref" : "x-misp-object--bb0904bb-62d2-4005-bff9-eec2f9714288"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2023-12-14 14:30:15 +00:00
"id" : "relationship--bc3def28-50c4-4438-93ac-86f604ef8216" ,
2023-04-21 14:44:17 +00:00
"created" : "2018-10-04T08:58:58.000Z" ,
"modified" : "2018-10-04T08:58:58.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "indicator--0bd5f889-77cf-401b-a393-461130ea63de" ,
"target_ref" : "x-misp-object--88f4c7c3-4777-4590-8e27-931fe204135c"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2023-12-14 14:30:15 +00:00
"id" : "relationship--b8160e2d-15cd-4a1d-9070-d0d9dd88a716" ,
2023-04-21 14:44:17 +00:00
"created" : "2018-10-04T08:58:58.000Z" ,
"modified" : "2018-10-04T08:58:58.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "indicator--d4c3355f-a6ff-4aad-b733-effa1fa3f446" ,
"target_ref" : "x-misp-object--64589ade-c0e3-46cb-8dc9-bd2b8e03958d"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2023-12-14 14:30:15 +00:00
"id" : "relationship--1a798611-1b9c-4648-b68b-20cceac29e24" ,
2023-04-21 14:44:17 +00:00
"created" : "2018-10-04T08:58:58.000Z" ,
"modified" : "2018-10-04T08:58:58.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "indicator--8a110b38-0dad-4295-b40f-fb60fb395e8f" ,
"target_ref" : "x-misp-object--5afd32c5-ee31-48c3-ba20-0a1f10b339e6"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2023-12-14 14:30:15 +00:00
"id" : "relationship--260a1904-f88d-4223-8c0c-87574e07a6c8" ,
2023-04-21 14:44:17 +00:00
"created" : "2018-10-04T08:58:58.000Z" ,
"modified" : "2018-10-04T08:58:58.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "indicator--b063122d-ef2d-47dc-b3d1-7efb48e23569" ,
"target_ref" : "x-misp-object--1181b169-e791-49d6-af39-3729a8a9859b"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2023-12-14 14:30:15 +00:00
"id" : "relationship--5c12bdc2-76a2-4a11-9f10-e646a785c5ea" ,
2023-04-21 14:44:17 +00:00
"created" : "2018-10-04T08:58:58.000Z" ,
"modified" : "2018-10-04T08:58:58.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "indicator--37b700a5-e7a6-4b89-b39f-639dc8d788e4" ,
"target_ref" : "x-misp-object--05e3f750-290b-4985-ba2e-b639851b0ddf"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2023-12-14 14:30:15 +00:00
"id" : "relationship--7149954c-13e9-477a-a0ac-1d9e8d15a5af" ,
2023-04-21 14:44:17 +00:00
"created" : "2018-10-04T08:58:59.000Z" ,
"modified" : "2018-10-04T08:58:59.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "indicator--a67002ca-f1b7-4ae5-89b7-92ae322384c4" ,
"target_ref" : "x-misp-object--6490158f-6e4a-4b70-8615-db28a126e06f"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2023-12-14 14:30:15 +00:00
"id" : "relationship--b8ab9ecf-f6c9-4bc0-9736-9482afa6c23b" ,
2023-04-21 14:44:17 +00:00
"created" : "2018-10-04T08:58:59.000Z" ,
"modified" : "2018-10-04T08:58:59.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "indicator--a48848a5-0b95-4b22-a285-de582b5e4213" ,
"target_ref" : "x-misp-object--80a96246-61ca-4ad7-92ee-1fec639cc36c"
} ,
{
"type" : "marking-definition" ,
"spec_version" : "2.1" ,
"id" : "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ,
"created" : "2017-01-20T00:00:00.000Z" ,
"definition_type" : "tlp" ,
"name" : "TLP:WHITE" ,
"definition" : {
"tlp" : "white"
}
}
]
}