adulau/misp-circl-feed
1
0
Fork 0
Code Issues 1 Pull requests Projects 1 Releases Packages Wiki Activity Actions
misp-circl-feed/feeds/circl/misp/5a0ac036-6fbc-4855-83af-422b950d210f.json

1803 lines
77 KiB
JSON
Raw Normal View History

chg: [feed] feed updated
2023-06-14 17:31:25 +00:00
{
"type": "bundle",
"id": "bundle--5a0ac036-6fbc-4855-83af-422b950d210f",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-20T13:25:52.000Z",
"modified": "2017-11-20T13:25:52.000Z",
"name": "CIRCL",
"identity_class": "organization"
},
{
"type": "grouping",
"spec_version": "2.1",
"id": "grouping--5a0ac036-6fbc-4855-83af-422b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-20T13:25:52.000Z",
"modified": "2017-11-20T13:25:52.000Z",
"name": "OSINT - Mitigating and eliminating info-stealing Qakbot and Emotet in corporate networks",
"context": "suspicious-activity",
"object_refs": [
"observed-data--5a0ac04b-331c-457e-9154-4535950d210f",
"url--5a0ac04b-331c-457e-9154-4535950d210f",
"x-misp-attribute--5a0ac07e-7154-4727-9128-4b2b950d210f",
"indicator--5a0ac277-6480-4635-a01f-4b80950d210f",
"indicator--5a0ac277-b4a0-490f-8e6a-4941950d210f",
"indicator--5a0ac405-e138-4948-8fd4-4827950d210f",
"indicator--5a0ac405-1734-4d67-9c55-4422950d210f",
"observed-data--5a0ac48c-b1fc-4778-9481-41b5950d210f",
"windows-registry-key--5a0ac48c-b1fc-4778-9481-41b5950d210f",
"indicator--5a0ac4d2-bfa0-4123-a4c6-46e3950d210f",
"indicator--5a0ac4d2-1274-4dff-b646-43f4950d210f",
"indicator--5a0ac4d2-8568-4190-8a0b-489e950d210f",
"indicator--5a0ac4d2-74d4-41c3-b9aa-4102950d210f",
"indicator--5a0ac4d2-2050-407e-b273-4948950d210f",
"indicator--5a0ac4d2-2ae4-4411-818f-4932950d210f",
"indicator--5a0ac4d2-15f0-4c1f-a22e-4a3a950d210f",
"indicator--5a0ac4d2-9e94-47b9-8d1e-4867950d210f",
"indicator--5a0ac4d2-97a8-4b76-bf49-4e0d950d210f",
"indicator--5a0ac4d2-1908-41f4-ae48-4aa8950d210f",
"indicator--5a0ac4d2-2b14-4a7c-86d9-46cd950d210f",
"indicator--5a0ac4d2-ae4c-4005-bd7b-4548950d210f",
"indicator--5a0ac4d2-b178-4a7e-b14b-4a16950d210f",
"indicator--5a0ac4d2-f5a0-4806-9b9f-4519950d210f",
"indicator--5a0ac4d2-57c8-4d89-916f-486f950d210f",
"indicator--5a0ac4d2-1a24-4ae0-a9fc-4823950d210f",
"indicator--5a0ac4d2-8fb0-49d9-ae66-4eb7950d210f",
"indicator--5a0ac4d2-debc-4839-80be-4b11950d210f",
"indicator--5a0ac4d2-1068-4201-9cc0-4b86950d210f",
"observed-data--5a0ac521-3dfc-422a-b3fa-4d7c950d210f",
"windows-registry-key--5a0ac521-3dfc-422a-b3fa-4d7c950d210f",
"indicator--5a0ac521-ca08-4726-bad0-4466950d210f",
"observed-data--5a0ac521-b370-4446-b84e-4bb2950d210f",
"windows-registry-key--5a0ac521-b370-4446-b84e-4bb2950d210f",
"indicator--5a0ac521-ab0c-4ac5-b31f-4cf5950d210f",
"indicator--5a0ac577-0aec-403a-b697-4d69950d210f",
"indicator--5a0ac577-90f4-482f-b813-4e55950d210f",
"indicator--5a0ac577-9008-42f4-a39c-4dc9950d210f",
"indicator--5a0ed8a4-6294-41ce-ae02-e7e802de0b81",
"indicator--5a0ed8a4-8cbc-4980-a1c7-e7e802de0b81",
"observed-data--5a0ed8a4-1f84-4696-a287-e7e802de0b81",
"url--5a0ed8a4-1f84-4696-a287-e7e802de0b81",
"indicator--5a0ed8a4-1748-4308-a4e3-e7e802de0b81",
"indicator--5a0ed8a4-073c-4f4c-aea8-e7e802de0b81",
"observed-data--5a0ed8a4-a5ec-4828-9615-e7e802de0b81",
"url--5a0ed8a4-a5ec-4828-9615-e7e802de0b81",
"indicator--5a0ed8a4-690c-47b9-8647-e7e802de0b81",
"indicator--5a0ed8a4-0868-42fa-ad0f-e7e802de0b81",
"observed-data--5a0ed8a4-6c28-4f4a-8db3-e7e802de0b81",
"url--5a0ed8a4-6c28-4f4a-8db3-e7e802de0b81",
"indicator--5a0ed8a4-fd94-4d5f-8e45-e7e802de0b81",
"indicator--5a0ed8a4-1e1c-4eca-8532-e7e802de0b81",
"observed-data--5a0ed8a4-2ee8-44be-abd5-e7e802de0b81",
"url--5a0ed8a4-2ee8-44be-abd5-e7e802de0b81",
"indicator--5a0ed8a4-4da0-47ea-9e6d-e7e802de0b81",
"indicator--5a0ed8a5-a0cc-446a-8c32-e7e802de0b81",
"observed-data--5a0ed8a5-2c5c-4318-9715-e7e802de0b81",
"url--5a0ed8a5-2c5c-4318-9715-e7e802de0b81",
"indicator--5a0acc3f-e330-4e19-b44c-4182950d210f",
"indicator--5a0acc5a-879c-469b-b4d6-4e68950d210f",
"indicator--5a0accd4-f164-4638-8503-080d950d210f",
"indicator--5a0acced-4fe4-4b29-9407-4db2950d210f",
"indicator--5a0acd03-9880-4d9b-8816-0c9f950d210f",
"indicator--5a0acdd2-42b0-4178-9599-0ab7950d210f",
"indicator--5a0ace3f-f0f8-481b-b90f-0cdb950d210f",
"indicator--5a0aebe2-710c-459f-94f6-0d11950d210f",
"indicator--5a0aece9-8a7c-4e23-a82e-0d11950d210f",
"indicator--5a0aed28-c8b0-415b-b8f8-0d11950d210f",
"indicator--5a0aed3e-9dc4-4f60-b423-4595950d210f",
"indicator--5a0aed4f-581c-4aec-8ef1-0d11950d210f",
"indicator--5a0aee8a-fb14-4018-9413-4a3f950d210f",
"indicator--5a0aee9b-caf8-4ba4-af30-c1d9950d210f",
"indicator--5a0aeeb0-5b5c-463f-b010-4dcf950d210f",
"indicator--5a0aeefe-4eb4-43ad-9b97-4fec950d210f",
"indicator--5a0aef74-a3f4-4cff-b3ff-c1d9950d210f",
"indicator--5a0aef88-7b34-4633-983a-4a4b950d210f",
"indicator--5a0aef9f-d298-42b6-8fd3-44b6950d210f",
"indicator--5a0af012-82e4-49fa-9ca6-43e0950d210f",
"indicator--5a0af027-e910-4a68-8d5a-0d11950d210f",
"indicator--5a0af038-fa20-4d65-928f-be53950d210f",
"indicator--5a0af04d-9574-4849-9eb7-4e6b950d210f",
"indicator--5a0af05e-299c-445b-88c7-4fc7950d210f"
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"type:OSINT",
"osint:source-type=\"blog-post\"",
"misp-galaxy:tool=\"Emotet\"",
"misp-galaxy:banker=\"Qakbot\""
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5a0ac04b-331c-457e-9154-4535950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-17T12:40:03.000Z",
"modified": "2017-11-17T12:40:03.000Z",
"first_observed": "2017-11-17T12:40:03Z",
"last_observed": "2017-11-17T12:40:03Z",
"number_observed": 1,
"object_refs": [
"url--5a0ac04b-331c-457e-9154-4535950d210f"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\"",
"osint:source-type=\"blog-post\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5a0ac04b-331c-457e-9154-4535950d210f",
"value": "https://blogs.technet.microsoft.com/mmpc/2017/11/06/mitigating-and-eliminating-info-stealing-qakbot-and-emotet-in-corporate-networks/"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--5a0ac07e-7154-4727-9128-4b2b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-17T12:40:03.000Z",
"modified": "2017-11-17T12:40:03.000Z",
"labels": [
"misp:type=\"comment\"",
"misp:category=\"External analysis\""
],
"x_misp_category": "External analysis",
"x_misp_type": "comment",
"x_misp_value": "The threat to information is greater than ever, with data breaches, phishing attacks, and other forms of information theft like point-of-sale malware and ATM hacks becoming all too common in today's threat landscape. Information-stealing trojans are in the same category of threats that deliver a steady stream of risk to data and can lead to significant financial loss.\r\n\r\nQakbot and Emotet are information stealers that have been showing renewed activity in recent months. These malware families are technically different, but they share many similarities in behavior. They both have the ultimate goal of stealing online banking credentials that malware operators can then use to steal money from online banking accounts. They can also steal other sensitive information using techniques like keylogging."
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a0ac277-6480-4635-a01f-4b80950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-17T12:40:03.000Z",
"modified": "2017-11-17T12:40:03.000Z",
"description": "Qakbot malware",
"pattern": "[file:hashes.SHA256 = 'da00823090dae3dae452ddc8a4c2a3c087389b4aacf1f0c12d13c83c9fcaef9c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-11-17T12:40:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a0ac277-b4a0-490f-8e6a-4941950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-17T12:40:03.000Z",
"modified": "2017-11-17T12:40:03.000Z",
"description": "Qakbot malware",
"pattern": "[file:hashes.SHA256 = 'ca2d536b91b15e7fc44ec93bbed1f0f46ae65c723b8a4823253a2a91b8241f9a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-11-17T12:40:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a0ac405-e138-4948-8fd4-4827950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-17T12:40:03.000Z",
"modified": "2017-11-17T12:40:03.000Z",
"pattern": "[file:name = '\\\\%APPDATA\\\\%\\\\Microsoft\\\\Cexpalgxx\\\\Cexpalgxx.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-11-17T12:40:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a0ac405-1734-4d67-9c55-4422950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-17T12:40:03.000Z",
"modified": "2017-11-17T12:40:03.000Z",
"pattern": "[file:name = '\\\\%APPDATA\\\\%\\\\Microsoft\\\\Cexpalgxx\\\\Cexpalgxx32.dll']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-11-17T12:40:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5a0ac48c-b1fc-4778-9481-41b5950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-17T12:40:04.000Z",
"modified": "2017-11-17T12:40:04.000Z",
"first_observed": "2017-11-17T12:40:04Z",
"last_observed": "2017-11-17T12:40:04Z",
"number_observed": 1,
"object_refs": [
"windows-registry-key--5a0ac48c-b1fc-4778-9481-41b5950d210f"
],
"labels": [
"misp:type=\"regkey\"",
"misp:category=\"Persistence mechanism\""
]
},
{
"type": "windows-registry-key",
"spec_version": "2.1",
"id": "windows-registry-key--5a0ac48c-b1fc-4778-9481-41b5950d210f",
"key": "HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Run"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a0ac4d2-bfa0-4123-a4c6-46e3950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-17T12:40:04.000Z",
"modified": "2017-11-17T12:40:04.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '104.236.252.178']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-11-17T12:40:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a0ac4d2-1274-4dff-b646-43f4950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-17T12:40:04.000Z",
"modified": "2017-11-17T12:40:04.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '162.243.159.58']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-11-17T12:40:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a0ac4d2-8568-4190-8a0b-489e950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-17T12:40:04.000Z",
"modified": "2017-11-17T12:40:04.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '45.33.55.157']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-11-17T12:40:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a0ac4d2-74d4-41c3-b9aa-4102950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-17T12:40:04.000Z",
"modified": "2017-11-17T12:40:04.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '77.244.245.37']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-11-17T12:40:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a0ac4d2-2050-407e-b273-4948950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-17T12:40:04.000Z",
"modified": "2017-11-17T12:40:04.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '192.81.212.79']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-11-17T12:40:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a0ac4d2-2ae4-4411-818f-4932950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-17T12:40:04.000Z",
"modified": "2017-11-17T12:40:04.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '173.212.192.45']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-11-17T12:40:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a0ac4d2-15f0-4c1f-a22e-4a3a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-17T12:40:04.000Z",
"modified": "2017-11-17T12:40:04.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '103.16.131.20']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-11-17T12:40:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a0ac4d2-9e94-47b9-8d1e-4867950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-17T12:40:04.000Z",
"modified": "2017-11-17T12:40:04.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '195.78.33.200']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-11-17T12:40:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a0ac4d2-97a8-4b76-bf49-4e0d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-17T12:40:04.000Z",
"modified": "2017-11-17T12:40:04.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '50.116.54.16']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-11-17T12:40:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a0ac4d2-1908-41f4-ae48-4aa8950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-17T12:40:04.000Z",
"modified": "2017-11-17T12:40:04.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '212.83.166.45']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-11-17T12:40:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a0ac4d2-2b14-4a7c-86d9-46cd950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-17T12:40:04.000Z",
"modified": "2017-11-17T12:40:04.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '137.74.254.64']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-11-17T12:40:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a0ac4d2-ae4c-4005-bd7b-4548950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-17T12:40:04.000Z",
"modified": "2017-11-17T12:40:04.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '104.227.137.34']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-11-17T12:40:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a0ac4d2-b178-4a7e-b14b-4a16950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-17T12:40:04.000Z",
"modified": "2017-11-17T12:40:04.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '188.165.220.214']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-11-17T12:40:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a0ac4d2-f5a0-4806-9b9f-4519950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-17T12:40:04.000Z",
"modified": "2017-11-17T12:40:04.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '85.143.221.180']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-11-17T12:40:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a0ac4d2-57c8-4d89-916f-486f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-17T12:40:04.000Z",
"modified": "2017-11-17T12:40:04.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '119.82.27.246']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-11-17T12:40:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a0ac4d2-1a24-4ae0-a9fc-4823950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-17T12:40:04.000Z",
"modified": "2017-11-17T12:40:04.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '194.88.246.7']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-11-17T12:40:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a0ac4d2-8fb0-49d9-ae66-4eb7950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-17T12:40:04.000Z",
"modified": "2017-11-17T12:40:04.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '206.214.220.79']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-11-17T12:40:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a0ac4d2-debc-4839-80be-4b11950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-17T12:40:04.000Z",
"modified": "2017-11-17T12:40:04.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '173.230.136.67']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-11-17T12:40:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a0ac4d2-1068-4201-9cc0-4b86950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-17T12:40:04.000Z",
"modified": "2017-11-17T12:40:04.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '173.224.218.25']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-11-17T12:40:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5a0ac521-3dfc-422a-b3fa-4d7c950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-17T12:40:04.000Z",
"modified": "2017-11-17T12:40:04.000Z",
"first_observed": "2017-11-17T12:40:04Z",
"last_observed": "2017-11-17T12:40:04Z",
"number_observed": 1,
"object_refs": [
"windows-registry-key--5a0ac521-3dfc-422a-b3fa-4d7c950d210f"
],
"labels": [
"misp:type=\"regkey\"",
"misp:category=\"Persistence mechanism\""
]
},
{
"type": "windows-registry-key",
"spec_version": "2.1",
"id": "windows-registry-key--5a0ac521-3dfc-422a-b3fa-4d7c950d210f",
"key": "%appdata%\\roaming\\microsoft\\windows\\start menu\\programs\\startup\\[random].lnk"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a0ac521-ca08-4726-bad0-4466950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-17T12:40:04.000Z",
"modified": "2017-11-17T12:40:04.000Z",
"pattern": "[file:name = '\\\\%Appdata\\\\%\\\\local\\\\[random]\\\\[random].exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-11-17T12:40:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5a0ac521-b370-4446-b84e-4bb2950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-17T12:40:04.000Z",
"modified": "2017-11-17T12:40:04.000Z",
"first_observed": "2017-11-17T12:40:04Z",
"last_observed": "2017-11-17T12:40:04Z",
"number_observed": 1,
"object_refs": [
"windows-registry-key--5a0ac521-b370-4446-b84e-4bb2950d210f"
],
"labels": [
"misp:type=\"regkey\"",
"misp:category=\"Persistence mechanism\""
]
},
{
"type": "windows-registry-key",
"spec_version": "2.1",
"id": "windows-registry-key--5a0ac521-b370-4446-b84e-4bb2950d210f",
"key": "%localappdata%\\microsoft\\windows"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a0ac521-ab0c-4ac5-b31f-4cf5950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-17T12:40:04.000Z",
"modified": "2017-11-17T12:40:04.000Z",
"pattern": "[file:name = '\\\\%WINDIR\\\\%\\\\System32\\\\netshedule.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-11-17T12:40:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a0ac577-0aec-403a-b697-4d69950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-17T12:40:04.000Z",
"modified": "2017-11-17T12:40:04.000Z",
"description": "Emotet downloader",
"pattern": "[file:hashes.SHA256 = '4ce5366c7eef1fff1260d5d7a0aec72c1246621838bf8df07f4a6ab3e5369d96']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-11-17T12:40:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a0ac577-90f4-482f-b813-4e55950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-17T12:40:04.000Z",
"modified": "2017-11-17T12:40:04.000Z",
"description": "Emotet malware",
"pattern": "[file:hashes.SHA256 = 'ffcb204da3ff72d268c8ac065c2e7cce5c65fafc2f549d92d0c280c6099bd440']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-11-17T12:40:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a0ac577-9008-42f4-a39c-4dc9950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-17T12:40:04.000Z",
"modified": "2017-11-17T12:40:04.000Z",
"description": "Emotet malware",
"pattern": "[file:hashes.SHA256 = '59639027a7fd487295bad10db896528ea223684e6595cae4ce9a0bec8d809087']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-11-17T12:40:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a0ed8a4-6294-41ce-ae02-e7e802de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-17T12:40:04.000Z",
"modified": "2017-11-17T12:40:04.000Z",
"description": "Emotet malware - Xchecked via VT: 59639027a7fd487295bad10db896528ea223684e6595cae4ce9a0bec8d809087",
"pattern": "[file:hashes.SHA1 = '9214359938285f26785f7eaf25a74dddea678065']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-11-17T12:40:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a0ed8a4-8cbc-4980-a1c7-e7e802de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-17T12:40:04.000Z",
"modified": "2017-11-17T12:40:04.000Z",
"description": "Emotet malware - Xchecked via VT: 59639027a7fd487295bad10db896528ea223684e6595cae4ce9a0bec8d809087",
"pattern": "[file:hashes.MD5 = '5aa9fa89cee3ffc4c3009e34db830de0']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-11-17T12:40:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5a0ed8a4-1f84-4696-a287-e7e802de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-17T12:40:04.000Z",
"modified": "2017-11-17T12:40:04.000Z",
"first_observed": "2017-11-17T12:40:04Z",
"last_observed": "2017-11-17T12:40:04Z",
"number_observed": 1,
"object_refs": [
"url--5a0ed8a4-1f84-4696-a287-e7e802de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5a0ed8a4-1f84-4696-a287-e7e802de0b81",
"value": "https://www.virustotal.com/file/59639027a7fd487295bad10db896528ea223684e6595cae4ce9a0bec8d809087/analysis/1506215055/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a0ed8a4-1748-4308-a4e3-e7e802de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-17T12:40:04.000Z",
"modified": "2017-11-17T12:40:04.000Z",
"description": "Emotet malware - Xchecked via VT: ffcb204da3ff72d268c8ac065c2e7cce5c65fafc2f549d92d0c280c6099bd440",
"pattern": "[file:hashes.SHA1 = 'a33763608d07880c5ca31fd68e30355c04201c92']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-11-17T12:40:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a0ed8a4-073c-4f4c-aea8-e7e802de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-17T12:40:04.000Z",
"modified": "2017-11-17T12:40:04.000Z",
"description": "Emotet malware - Xchecked via VT: ffcb204da3ff72d268c8ac065c2e7cce5c65fafc2f549d92d0c280c6099bd440",
"pattern": "[file:hashes.MD5 = '03b933fb1b471d7710d82d8b3f6c62b1']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-11-17T12:40:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5a0ed8a4-a5ec-4828-9615-e7e802de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-17T12:40:04.000Z",
"modified": "2017-11-17T12:40:04.000Z",
"first_observed": "2017-11-17T12:40:04Z",
"last_observed": "2017-11-17T12:40:04Z",
"number_observed": 1,
"object_refs": [
"url--5a0ed8a4-a5ec-4828-9615-e7e802de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5a0ed8a4-a5ec-4828-9615-e7e802de0b81",
"value": "https://www.virustotal.com/file/ffcb204da3ff72d268c8ac065c2e7cce5c65fafc2f549d92d0c280c6099bd440/analysis/1510558151/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a0ed8a4-690c-47b9-8647-e7e802de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-17T12:40:04.000Z",
"modified": "2017-11-17T12:40:04.000Z",
"description": "Emotet downloader - Xchecked via VT: 4ce5366c7eef1fff1260d5d7a0aec72c1246621838bf8df07f4a6ab3e5369d96",
"pattern": "[file:hashes.SHA1 = '82519982e32708e94c54ffce3c652714049a04f6']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-11-17T12:40:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a0ed8a4-0868-42fa-ad0f-e7e802de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-17T12:40:04.000Z",
"modified": "2017-11-17T12:40:04.000Z",
"description": "Emotet downloader - Xchecked via VT: 4ce5366c7eef1fff1260d5d7a0aec72c1246621838bf8df07f4a6ab3e5369d96",
"pattern": "[file:hashes.MD5 = '517d9598ac8aa0ef0cb7145ffd64805e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-11-17T12:40:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5a0ed8a4-6c28-4f4a-8db3-e7e802de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-17T12:40:04.000Z",
"modified": "2017-11-17T12:40:04.000Z",
"first_observed": "2017-11-17T12:40:04Z",
"last_observed": "2017-11-17T12:40:04Z",
"number_observed": 1,
"object_refs": [
"url--5a0ed8a4-6c28-4f4a-8db3-e7e802de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5a0ed8a4-6c28-4f4a-8db3-e7e802de0b81",
"value": "https://www.virustotal.com/file/4ce5366c7eef1fff1260d5d7a0aec72c1246621838bf8df07f4a6ab3e5369d96/analysis/1510180240/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a0ed8a4-fd94-4d5f-8e45-e7e802de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-17T12:40:04.000Z",
"modified": "2017-11-17T12:40:04.000Z",
"description": "Qakbot malware - Xchecked via VT: ca2d536b91b15e7fc44ec93bbed1f0f46ae65c723b8a4823253a2a91b8241f9a",
"pattern": "[file:hashes.SHA1 = '74153fa3ca1a97b68fdd31fa02c3e16daa03ac59']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-11-17T12:40:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a0ed8a4-1e1c-4eca-8532-e7e802de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-17T12:40:04.000Z",
"modified": "2017-11-17T12:40:04.000Z",
"description": "Qakbot malware - Xchecked via VT: ca2d536b91b15e7fc44ec93bbed1f0f46ae65c723b8a4823253a2a91b8241f9a",
"pattern": "[file:hashes.MD5 = '54240940b30c9f21e006d87371f490e6']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-11-17T12:40:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5a0ed8a4-2ee8-44be-abd5-e7e802de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-17T12:40:04.000Z",
"modified": "2017-11-17T12:40:04.000Z",
"first_observed": "2017-11-17T12:40:04Z",
"last_observed": "2017-11-17T12:40:04Z",
"number_observed": 1,
"object_refs": [
"url--5a0ed8a4-2ee8-44be-abd5-e7e802de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5a0ed8a4-2ee8-44be-abd5-e7e802de0b81",
"value": "https://www.virustotal.com/file/ca2d536b91b15e7fc44ec93bbed1f0f46ae65c723b8a4823253a2a91b8241f9a/analysis/1510257822/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a0ed8a4-4da0-47ea-9e6d-e7e802de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-17T12:40:04.000Z",
"modified": "2017-11-17T12:40:04.000Z",
"description": "Qakbot malware - Xchecked via VT: da00823090dae3dae452ddc8a4c2a3c087389b4aacf1f0c12d13c83c9fcaef9c",
"pattern": "[file:hashes.SHA1 = '4c04c92cf88dc1a0cc4829229786ac50c1a51aa5']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-11-17T12:40:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a0ed8a5-a0cc-446a-8c32-e7e802de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-17T12:40:04.000Z",
"modified": "2017-11-17T12:40:04.000Z",
"description": "Qakbot malware - Xchecked via VT: da00823090dae3dae452ddc8a4c2a3c087389b4aacf1f0c12d13c83c9fcaef9c",
"pattern": "[file:hashes.MD5 = '692802635dbd973b7944ebc8dbc22e2a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-11-17T12:40:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5a0ed8a5-2c5c-4318-9715-e7e802de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-17T12:40:05.000Z",
"modified": "2017-11-17T12:40:05.000Z",
"first_observed": "2017-11-17T12:40:05Z",
"last_observed": "2017-11-17T12:40:05Z",
"number_observed": 1,
"object_refs": [
"url--5a0ed8a5-2c5c-4318-9715-e7e802de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5a0ed8a5-2c5c-4318-9715-e7e802de0b81",
"value": "https://www.virustotal.com/file/da00823090dae3dae452ddc8a4c2a3c087389b4aacf1f0c12d13c83c9fcaef9c/analysis/1510111314/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a0acc3f-e330-4e19-b44c-4182950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-14T10:58:07.000Z",
"modified": "2017-11-14T10:58:07.000Z",
"pattern": "[(network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '64.183.173.170') AND network-traffic:dst_port = '995']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-11-14T10:58:07Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"ip-port\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a0acc5a-879c-469b-b4d6-4e68950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-14T10:58:34.000Z",
"modified": "2017-11-14T10:58:34.000Z",
"pattern": "[(network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '67.213.243.228') AND network-traffic:dst_port = '993']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-11-14T10:58:34Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"ip-port\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a0accd4-f164-4638-8503-080d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-14T11:00:36.000Z",
"modified": "2017-11-14T11:00:36.000Z",
"pattern": "[(network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '96.67.244.225') AND network-traffic:dst_port = '443']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-11-14T11:00:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"ip-port\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a0acced-4fe4-4b29-9407-4db2950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-14T11:01:01.000Z",
"modified": "2017-11-14T11:01:01.000Z",
"pattern": "[(network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '173.25.234.18') AND network-traffic:dst_port = '443']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-11-14T11:01:01Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"ip-port\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a0acd03-9880-4d9b-8816-0c9f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-14T11:01:23.000Z",
"modified": "2017-11-14T11:01:23.000Z",
"pattern": "[(network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '24.123.151.58') AND network-traffic:dst_port = '443']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-11-14T11:01:23Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"ip-port\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a0acdd2-42b0-4178-9599-0ab7950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-14T11:04:50.000Z",
"modified": "2017-11-14T11:04:50.000Z",
"pattern": "[(network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '76.164.161.46') AND network-traffic:dst_port = '995']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-11-14T11:04:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"ip-port\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a0ace3f-f0f8-481b-b90f-0cdb950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-14T11:06:39.000Z",
"modified": "2017-11-14T11:06:39.000Z",
"pattern": "[(network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '68.115.254.146') AND network-traffic:dst_port = '443']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-11-14T11:06:39Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"ip-port\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a0aebe2-710c-459f-94f6-0d11950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-14T13:13:06.000Z",
"modified": "2017-11-14T13:13:06.000Z",
"pattern": "[(network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '198.57.88.73') AND network-traffic:dst_port = '443']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-11-14T13:13:06Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"ip-port\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a0aece9-8a7c-4e23-a82e-0d11950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-14T13:17:29.000Z",
"modified": "2017-11-14T13:17:29.000Z",
"pattern": "[(network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '47.21.79.34') AND network-traffic:dst_port = '443']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-11-14T13:17:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"ip-port\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a0aed28-c8b0-415b-b8f8-0d11950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-14T13:18:32.000Z",
"modified": "2017-11-14T13:18:32.000Z",
"pattern": "[(network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '174.51.185.121') AND network-traffic:dst_port = '465']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-11-14T13:18:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"ip-port\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a0aed3e-9dc4-4f60-b423-4595950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-14T13:18:54.000Z",
"modified": "2017-11-14T13:18:54.000Z",
"pattern": "[(network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '71.3.55.80') AND network-traffic:dst_port = '993']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-11-14T13:18:54Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"ip-port\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a0aed4f-581c-4aec-8ef1-0d11950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-14T13:19:11.000Z",
"modified": "2017-11-14T13:19:11.000Z",
"pattern": "[(network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '88.244.177.127') AND network-traffic:dst_port = '443']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-11-14T13:19:11Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"ip-port\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a0aee8a-fb14-4018-9413-4a3f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-14T13:24:26.000Z",
"modified": "2017-11-14T13:24:26.000Z",
"pattern": "[(network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '180.93.148.41') AND network-traffic:dst_port = '443']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-11-14T13:24:26Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"ip-port\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a0aee9b-caf8-4ba4-af30-c1d9950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-14T13:24:43.000Z",
"modified": "2017-11-14T13:24:43.000Z",
"pattern": "[(network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '101.51.40.175') AND network-traffic:dst_port = '443']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-11-14T13:24:43Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"ip-port\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a0aeeb0-5b5c-463f-b010-4dcf950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-14T13:25:04.000Z",
"modified": "2017-11-14T13:25:04.000Z",
"pattern": "[(network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '73.166.94.110') AND network-traffic:dst_port = '443']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-11-14T13:25:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"ip-port\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a0aeefe-4eb4-43ad-9b97-4fec950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-14T13:26:22.000Z",
"modified": "2017-11-14T13:26:22.000Z",
"pattern": "[(network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '71.88.202.122') AND network-traffic:dst_port = '443']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-11-14T13:26:22Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"ip-port\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a0aef74-a3f4-4cff-b3ff-c1d9950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-14T13:28:20.000Z",
"modified": "2017-11-14T13:28:20.000Z",
"pattern": "[(network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '74.5.136.50') AND network-traffic:dst_port = '990']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-11-14T13:28:20Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"ip-port\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a0aef88-7b34-4633-983a-4a4b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-14T13:28:40.000Z",
"modified": "2017-11-14T13:28:40.000Z",
"pattern": "[(network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '89.43.179.209') AND network-traffic:dst_port = '443']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-11-14T13:28:40Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"ip-port\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a0aef9f-d298-42b6-8fd3-44b6950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-14T13:29:03.000Z",
"modified": "2017-11-14T13:29:03.000Z",
"pattern": "[(network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '211.27.18.233') AND network-traffic:dst_port = '995']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-11-14T13:29:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"ip-port\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a0af012-82e4-49fa-9ca6-43e0950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-14T13:30:58.000Z",
"modified": "2017-11-14T13:30:58.000Z",
"pattern": "[(network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '96.82.91.67') AND network-traffic:dst_port = '443']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-11-14T13:30:58Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"ip-port\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a0af027-e910-4a68-8d5a-0d11950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-14T13:31:19.000Z",
"modified": "2017-11-14T13:31:19.000Z",
"pattern": "[(network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '98.194.132.179') AND network-traffic:dst_port = '443']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-11-14T13:31:19Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"ip-port\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a0af038-fa20-4d65-928f-be53950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-14T13:31:36.000Z",
"modified": "2017-11-14T13:31:36.000Z",
"pattern": "[(network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '98.113.137.220') AND network-traffic:dst_port = '443']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-11-14T13:31:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"ip-port\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a0af04d-9574-4849-9eb7-4e6b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-14T13:31:57.000Z",
"modified": "2017-11-14T13:31:57.000Z",
"pattern": "[(network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '24.184.200.177') AND network-traffic:dst_port = '2222']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-11-14T13:31:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"ip-port\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a0af05e-299c-445b-88c7-4fc7950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-14T13:32:14.000Z",
"modified": "2017-11-14T13:32:14.000Z",
"pattern": "[(network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '105.224.247.34') AND network-traffic:dst_port = '443']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-11-14T13:32:14Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"ip-port\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
]
}
Reference in a new issue Copy permalink