2023-04-21 13:25:09 +00:00
{
2023-06-14 17:31:25 +00:00
"type" : "bundle" ,
"id" : "bundle--5a3b6be0-1924-4671-8829-d895950d210f" ,
"objects" : [
{
"type" : "identity" ,
"spec_version" : "2.1" ,
"id" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-12-22T03:01:01.000Z" ,
"modified" : "2017-12-22T03:01:01.000Z" ,
"name" : "CIRCL" ,
"identity_class" : "organization"
} ,
{
"type" : "report" ,
"spec_version" : "2.1" ,
"id" : "report--5a3b6be0-1924-4671-8829-d895950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-12-22T03:01:01.000Z" ,
"modified" : "2017-12-22T03:01:01.000Z" ,
"name" : "OSINT - North Korea Bitten by Bitcoin Bug: Financially motivated campaigns reveal new dimension of the Lazarus Group" ,
"published" : "2017-12-28T13:37:05Z" ,
"object_refs" : [
"observed-data--5a3b6d7d-f078-4a39-a907-d89c950d210f" ,
"url--5a3b6d7d-f078-4a39-a907-d89c950d210f" ,
"observed-data--5a3b6d7d-3ea4-4753-a1d2-d89c950d210f" ,
"url--5a3b6d7d-3ea4-4753-a1d2-d89c950d210f" ,
"indicator--5a3b6e62-ce88-4719-8e60-4768950d210f" ,
"indicator--5a3b6e62-102c-477c-8786-40b8950d210f" ,
"indicator--5a3b6e62-9f68-400a-a279-4c1c950d210f" ,
"indicator--5a3b6e62-c5fc-47b1-ac3a-4939950d210f" ,
"indicator--5a3b6e62-3b0c-4dfb-8a92-4920950d210f" ,
"indicator--5a3b6e62-84f8-45b2-8ce3-4cfa950d210f" ,
"indicator--5a3b6e62-aa2c-45b3-ab64-4852950d210f" ,
"indicator--5a3b6e62-b95c-48de-a86f-40d3950d210f" ,
"indicator--5a3b6e63-c8b0-46af-8b48-435d950d210f" ,
"indicator--5a3b6ef1-1190-4a1f-b820-41e6950d210f" ,
"indicator--5a3b6ef1-38d4-4c1e-aa75-40aa950d210f" ,
"indicator--5a3b6ef1-0614-40e6-b027-44a4950d210f" ,
"indicator--5a3b7017-6038-4a51-aa3d-4155950d210f" ,
"indicator--5a3b7017-0d8c-4ceb-a36d-4e5c950d210f" ,
"indicator--5a3b705d-b038-42db-8077-48d2950d210f" ,
"indicator--5a3b705d-feb0-48aa-8aa9-43b0950d210f" ,
"indicator--5a3b705d-d3dc-4e70-9962-4366950d210f" ,
"indicator--5a3b705d-cba0-44f4-95e7-401f950d210f" ,
"indicator--5a3b705d-536c-4957-b446-49cc950d210f" ,
"indicator--5a3b705d-4ee4-4fc2-be34-4175950d210f" ,
"indicator--5a3b705d-f974-4f08-a635-4a22950d210f" ,
"indicator--5a3b705d-ec48-4de3-916a-4ed7950d210f" ,
"indicator--5a3b705d-1bb0-45e3-9392-44c7950d210f" ,
"indicator--5a3b705d-2674-42df-acfe-44f9950d210f" ,
"indicator--5a3b7225-3578-4cc8-9805-4eaa950d210f" ,
"indicator--5a3b7225-6db0-41a5-980c-452e950d210f" ,
"indicator--5a3b7252-a444-404d-8f58-d89a950d210f" ,
"indicator--5a3b7252-0bd0-4158-a789-d89a950d210f" ,
"indicator--5a3b7252-2954-4669-b2af-d89a950d210f" ,
"indicator--5a3b7252-ed2c-4cd7-9f37-d89a950d210f" ,
"indicator--5a3b743b-55e8-4e64-a5c8-4a82950d210f" ,
"indicator--5a3b743b-cbcc-41e3-9a05-4217950d210f" ,
"indicator--5a3b743b-3c9c-4600-a3e8-4871950d210f" ,
"indicator--5a3b743b-0104-4f3b-a337-4744950d210f" ,
"indicator--5a3b743b-312c-4091-bc28-4408950d210f" ,
"indicator--5a3b743b-0550-4eb6-b378-4b26950d210f" ,
"indicator--5a3b743b-7ea8-444e-b7da-41b0950d210f" ,
"indicator--5a3b74a3-e1f0-4a5d-8e55-47a7950d210f" ,
"indicator--5a3b74a3-fd30-42dc-aaeb-4f6c950d210f" ,
"indicator--5a3b74a3-5ae4-4707-a8d3-4406950d210f" ,
"indicator--5a3b74a3-8634-4291-83b4-4384950d210f" ,
"indicator--5a3b74a3-bc10-4329-8905-4240950d210f" ,
"indicator--5a3b74a3-d248-477e-894a-44fb950d210f" ,
"indicator--5a3b74a3-aeb0-4f70-977c-48fe950d210f" ,
"indicator--5a3b74a3-dd20-4a97-b5b5-4f28950d210f" ,
"indicator--5a3b775a-2584-41ea-a2fe-40ac950d210f" ,
"indicator--5a3b775a-38f4-4a8f-9baf-42d4950d210f" ,
"indicator--5a3b775a-3798-4861-9fdb-4685950d210f" ,
"indicator--5a3b775a-8868-491f-a074-41b4950d210f" ,
"indicator--5a3b77fa-96cc-4e05-939c-4b90950d210f" ,
"indicator--5a3b77fa-ba64-412b-873a-4ef0950d210f" ,
"indicator--5a3b77fa-8e24-4966-ab98-40cf950d210f" ,
"indicator--5a3b7813-ca8c-414b-8d85-4a56950d210f" ,
"indicator--5a3b7813-9918-42db-986a-4523950d210f" ,
"indicator--5a3b7813-814c-4ca4-92d3-4f59950d210f" ,
"indicator--5a3b7813-5540-4536-b2c0-4e56950d210f" ,
"indicator--5a3b7813-9dc0-44ba-8081-4b2b950d210f" ,
"indicator--5a3b7813-6e54-4dc6-ba00-43b3950d210f" ,
"indicator--5a3b7813-6e2c-41c4-9107-4aca950d210f" ,
"indicator--5a3b7813-d160-4a5b-88ae-459f950d210f" ,
"indicator--5a3b7813-7a80-412c-8f49-4188950d210f" ,
"indicator--5a3b7866-992c-4c27-b1bd-4a22950d210f" ,
"indicator--5a3b7866-f09c-405e-9b03-4498950d210f" ,
"indicator--5a3b7866-c288-492e-9fbd-4f30950d210f" ,
"indicator--5a3b7866-05c4-46dc-9a1c-4a00950d210f" ,
"indicator--5a3b7866-1d3c-4c6c-9341-4964950d210f" ,
"indicator--5a3b7866-1b50-4b5c-9cdb-499c950d210f" ,
"indicator--5a3b7866-f014-4528-b170-45bd950d210f" ,
"indicator--5a3b7883-d7f4-489a-9bf1-4586950d210f" ,
"indicator--5a3b7883-7a50-4c6f-9ed8-4fa4950d210f" ,
"indicator--5a3b78c5-cc40-4c48-a9d5-468b950d210f" ,
"indicator--5a3b78c5-8710-4016-bd90-48e6950d210f" ,
"indicator--5a3b78c5-42dc-48ed-bd98-4d49950d210f" ,
"indicator--5a3b78c5-6718-43c8-93b1-44b0950d210f" ,
"indicator--5a3b78c5-5728-45aa-ae7e-49d4950d210f" ,
"indicator--5a3b78c5-3c7c-45c1-96af-4d68950d210f" ,
"indicator--5a3b78c5-1ca0-4ad0-8150-40b4950d210f" ,
"indicator--5a3b78c5-ae1c-44e3-8cda-4e69950d210f" ,
"indicator--5a3b78c5-7494-4a75-b733-4906950d210f" ,
"x-misp-object--5a3b6d4c-b11c-45f6-b5e3-d89b950d210f" ,
"indicator--88c0c9e5-6f55-4434-86f5-57ccf1ab779e" ,
"x-misp-object--551d26ea-0d49-4a3d-8b80-61f1c2d46b4c" ,
"indicator--e831a382-f6bf-43db-b38c-421df1ea3875" ,
"x-misp-object--ef5cfba8-a647-4887-8626-5b716d830d90" ,
"indicator--4b8c3132-e355-4ee4-91c9-e06a69a36da1" ,
"x-misp-object--b1b7f438-e55c-4b57-b42d-503d60b57d4f" ,
"indicator--1f87943e-6f0e-4b12-87b5-3116a0f725c0" ,
"x-misp-object--789535f0-ec61-4de1-9988-165ac6c1ba5c" ,
"indicator--cb269eaa-70e8-4564-b7f8-902352959fe6" ,
"x-misp-object--9296c8a4-2d34-48e4-af42-15e57470eb84" ,
"indicator--1bae070e-81ad-4cfb-a316-00f6dd358a7d" ,
"x-misp-object--4117fdf6-6c7c-4e4c-b695-d2b7214b42f4" ,
"indicator--08352cd7-5beb-4bdf-b9df-3ae69f4f3084" ,
"x-misp-object--7151d2df-fc05-4f72-8afe-b5c9db8e893e" ,
"indicator--fa7170ec-f0f6-4900-922c-fce4d2eef064" ,
"x-misp-object--27d3ea8e-4cae-4f1a-96c8-fcf4a788439f" ,
"indicator--37b63b78-21dd-47c0-9d23-3630e7cf8646" ,
"x-misp-object--e69882c0-3bc4-47cc-a0bb-c0656d6b9d56" ,
"indicator--c126b790-4339-4aae-ae09-8907102e1a25" ,
"x-misp-object--2b6f8da3-f975-46ce-b203-b6a2f7db28ff" ,
"indicator--4abea3bf-4859-444d-9735-ef6c73e34c7f" ,
"x-misp-object--b3041cbd-a853-482a-af11-4b0b34855339" ,
"indicator--1c816f49-c77c-4c10-8f5a-c738b2f91fd2" ,
"x-misp-object--a15c3c61-18d5-4e2c-a4e6-f783b2dbb325" ,
"indicator--179729f6-02e1-4594-b57f-f7db7e366b4b" ,
"x-misp-object--6271f662-ebe5-449b-a28c-21625cb04c44" ,
"indicator--0b7d5bd6-9d5e-45e3-8ae5-ed7a9cf4f4ea" ,
"x-misp-object--75f57830-e3b2-4daf-bd31-5b69941c370d" ,
"indicator--3529ee04-a201-4e52-a164-1e5c4a096897" ,
"x-misp-object--24b51380-5e74-4cc3-9d40-a9bf23181402" ,
"indicator--685f8167-ca1f-4f25-8ba4-cdf2aa6dae57" ,
"x-misp-object--c1983f91-67eb-48b3-a8dc-df000704bef3" ,
"indicator--4d916fb6-5ac9-487a-a45a-b2b5a2a8bd36" ,
"x-misp-object--42454a41-4382-4b9b-bfb4-41c779793cd0" ,
"indicator--a6e3a25b-f46a-4ed8-b0ac-d15d4772c156" ,
"x-misp-object--e26a7bae-50f5-4b9f-a908-c09d124b96d5" ,
"indicator--7d9cca50-8758-408a-8b14-ed4a9a4d430c" ,
"x-misp-object--ab3d3480-cd31-477a-b4ea-86c6b2c6b49e" ,
"indicator--6eb3baa6-0a6b-49d7-bedd-38b80630776a" ,
"x-misp-object--95dea47f-9eef-42d6-96c9-ac3d27d67d27" ,
"indicator--4923113d-bb45-4277-8e0f-4bcfd995292d" ,
"x-misp-object--b9d97deb-ca5d-4825-b6ff-084898e27f88" ,
"indicator--499ec873-7210-418a-ac7a-9c473e7cee8f" ,
"x-misp-object--dbff892b-e51d-4ce6-ba0b-e0bbdc82c787" ,
"indicator--1a66fd87-8b0c-4eae-b17e-c03d830646ea" ,
"x-misp-object--3fc5fed1-7742-4f62-86d7-18a0b15c6b67" ,
"indicator--12376fcf-03df-4dd3-b86d-f205b2cd0333" ,
"x-misp-object--c798e259-325d-43d9-b3c5-080f027612e0" ,
"indicator--05d3637e-62f6-4c54-b66a-3eac1319941a" ,
"x-misp-object--4df96f45-1a2b-4ce4-99c7-4e004dd6e8a8" ,
"indicator--5ea86c44-3d9c-471f-a447-cc02b208592c" ,
"x-misp-object--d098ecd3-4e1e-4602-92b9-45f53956eead" ,
"indicator--95eca2e7-7290-4557-8b1c-72a9e7b68da4" ,
"x-misp-object--a4526f04-cb6e-4349-ab34-5587cf9dbf19" ,
"indicator--b593d6b3-0289-4c29-8448-2bb4d2de9d5e" ,
"x-misp-object--2c9f7b5e-b7c1-45ee-bb59-facc1784a78f" ,
"indicator--5dc053d0-4cc0-4b36-b940-2552b8c9ec30" ,
"x-misp-object--50c5355f-02d7-4b0b-8116-332325c74894" ,
"relationship--ac220843-1c6a-4875-b690-48b24e862e06" ,
"relationship--1f4f8a21-ae75-4571-8b5e-b7a9c5676c51" ,
"relationship--6d64a378-2c0d-4e89-9814-9580cc0e05c6" ,
"relationship--92170480-2d43-4014-b982-de7b3b486f9c" ,
"relationship--9c0ae0b4-fb91-494a-af32-41fdd26fe143" ,
"relationship--736f7057-8557-4333-a2e0-1c3dbb7f9002" ,
"relationship--b1c6ec3a-67ba-45b6-936d-1125e59ad2ee" ,
"relationship--fa3899b9-1c49-41cf-aab1-96fd3bce155c" ,
"relationship--c7569ba5-4b88-45b9-83b0-2a3410acc643" ,
"relationship--3c68f730-8360-4e24-a6ad-00c8ded9343c" ,
"relationship--007403dd-5cf5-4070-a9e6-891ee6f12b73" ,
"relationship--afc06ee3-3b29-473c-b4c4-1eb1a0bbf345" ,
"relationship--f6afe6af-7406-4af4-b205-93d1d55210a0" ,
"relationship--7985a296-4923-4bd2-a027-83c20717822b" ,
"relationship--377b5e7a-e7e3-4ab0-ad4f-83fb2b6c9ce4" ,
"relationship--f490cab1-a7dc-4e6c-8ce3-90065ec3e523" ,
"relationship--4bff4e35-4463-4941-a9d9-64647ac148b7" ,
"relationship--74fdd57b-37db-4d76-a341-c4907b2fab03" ,
"relationship--4ab77b3a-130d-476f-9ede-b0110e38b4fc" ,
"relationship--54669cfa-97ca-4086-9e3a-28c88e444524" ,
"relationship--2dc366ad-335b-4b4f-9299-d3d81b9e9678" ,
"relationship--d5a5546b-40aa-40a3-8592-ac8252c78f75" ,
"relationship--d897b67d-0b66-4291-995a-02b9ad185028" ,
"relationship--f4db4906-d61a-4c10-80af-881084ac1ba5" ,
"relationship--a85af541-a98c-427d-8bab-20c50941c0b8" ,
"relationship--706e8f4c-3b91-47c4-9b3e-66f96b087880" ,
"relationship--c461064c-5a2e-4bb0-8559-70dcf86158e2" ,
"relationship--2faa4f60-965b-4335-b863-b1b25518d223" ,
"relationship--d2ba93be-c8a2-45e2-a5e3-0cb66124d6ec"
] ,
"labels" : [
"Threat-Report" ,
"misp:tool=\"MISP-STIX-Converter\"" ,
"misp-galaxy:rat=\"Gh0st RAT\"" ,
"misp-galaxy:tool=\"Gh0st Rat\"" ,
"misp-galaxy:tool=\"gh0st\"" ,
"misp-galaxy:threat-actor=\"Lazarus Group\"" ,
"osint:source-type=\"blog-post\"" ,
"osint:source-type=\"technical-report\"" ,
"misp-galaxy:tool=\"PowerRatankba\"" ,
"misp-galaxy:tool=\"PowerSpritz\""
] ,
"object_marking_refs" : [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--5a3b6d7d-f078-4a39-a907-d89c950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-12-21T10:31:03.000Z" ,
"modified" : "2017-12-21T10:31:03.000Z" ,
"first_observed" : "2017-12-21T10:31:03Z" ,
"last_observed" : "2017-12-21T10:31:03Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--5a3b6d7d-f078-4a39-a907-d89c950d210f"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\"" ,
"osint:source-type=\"blog-post\""
]
} ,
{
2023-04-21 13:25:09 +00:00
"type" : "url" ,
2023-06-14 17:31:25 +00:00
"spec_version" : "2.1" ,
"id" : "url--5a3b6d7d-f078-4a39-a907-d89c950d210f" ,
2023-04-21 13:25:09 +00:00
"value" : "https://www.proofpoint.com/us/threat-insight/post/north-korea-bitten-bitcoin-bug-financially-motivated-campaigns-reveal-new"
2023-06-14 17:31:25 +00:00
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--5a3b6d7d-3ea4-4753-a1d2-d89c950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-12-21T10:31:03.000Z" ,
"modified" : "2017-12-21T10:31:03.000Z" ,
"first_observed" : "2017-12-21T10:31:03Z" ,
"last_observed" : "2017-12-21T10:31:03Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--5a3b6d7d-3ea4-4753-a1d2-d89c950d210f"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\"" ,
"osint:source-type=\"technical-report\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--5a3b6d7d-3ea4-4753-a1d2-d89c950d210f" ,
"value" : "https://www.proofpoint.com/sites/default/files/pfpt-us-wp-north-korea-bitten-by-bitcoin-bug.pdf"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a3b6e62-ce88-4719-8e60-4768950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-12-21T10:31:03.000Z" ,
"modified" : "2017-12-21T10:31:03.000Z" ,
"description" : "PowerSpritz ITW URL" ,
"pattern" : "[url:value = 'http://skype.2.vu/1']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-12-21T10:31:03Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a3b6e62-102c-477c-8786-40b8950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-12-21T10:31:03.000Z" ,
"modified" : "2017-12-21T10:31:03.000Z" ,
"description" : "PowerSpritz ITW URL" ,
"pattern" : "[url:value = 'http://skype.2.vu/k']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-12-21T10:31:03Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a3b6e62-9f68-400a-a279-4c1c950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-12-21T10:31:03.000Z" ,
"modified" : "2017-12-21T10:31:03.000Z" ,
"description" : "PowerSpritz ITW URL" ,
"pattern" : "[url:value = 'http://skypeupdate.2.vu/1']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-12-21T10:31:03Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a3b6e62-c5fc-47b1-ac3a-4939950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-12-21T10:31:03.000Z" ,
"modified" : "2017-12-21T10:31:03.000Z" ,
"description" : "PowerSpritz ITW URL" ,
"pattern" : "[url:value = 'http://telegramupdate.2.vu/5']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-12-21T10:31:03Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a3b6e62-3b0c-4dfb-8a92-4920950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-12-21T10:31:03.000Z" ,
"modified" : "2017-12-21T10:31:03.000Z" ,
"description" : "PowerSpritz ITW URL" ,
"pattern" : "[url:value = 'https://doc-00-64-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/39cbphg8k5qve4q5rr6nonee1bueiu8o/1499428800000/13030420262846080952/*/0B63J1WTZC49hX1JnZUo4Y1pnRG8?e=download']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-12-21T10:31:03Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a3b6e62-84f8-45b2-8ce3-4cfa950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-12-21T10:31:03.000Z" ,
"modified" : "2017-12-21T10:31:03.000Z" ,
"description" : "PowerSpritz ITW URL" ,
"pattern" : "[url:value = 'https://drive.google.com/uc?export=download&id=0B63J1WTZC49hdDR0clR3cFpITVE']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-12-21T10:31:03Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a3b6e62-aa2c-45b3-ab64-4852950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-12-21T10:31:03.000Z" ,
"modified" : "2017-12-21T10:31:03.000Z" ,
"description" : "PowerSpritz ITW URL" ,
"pattern" : "[url:value = 'http://201.211.183.215:8080/update.php?t=Skype&r=update']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-12-21T10:31:03Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a3b6e62-b95c-48de-a86f-40d3950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-12-21T10:31:03.000Z" ,
"modified" : "2017-12-21T10:31:03.000Z" ,
"description" : "PowerSpritz ITW URL" ,
"pattern" : "[url:value = 'http://122.248.34.23/lndex.php?t=SkypeSetup&r=mail_new']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-12-21T10:31:03Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a3b6e63-c8b0-46af-8b48-435d950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-12-21T10:31:03.000Z" ,
"modified" : "2017-12-21T10:31:03.000Z" ,
"description" : "PowerSpritz ITW URL" ,
"pattern" : "[url:value = 'http://122.248.34.23/lndex.php?t=Telegram&r=1.1.9']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-12-21T10:31:03Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a3b6ef1-1190-4a1f-b820-41e6950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-12-21T08:21:05.000Z" ,
"modified" : "2017-12-21T08:21:05.000Z" ,
"description" : "PowerSpritz" ,
"pattern" : "[file:hashes.SHA256 = 'cbebafb2f4d77967ffb1a74aac09633b5af616046f31dddf899019ba78a55411']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-12-21T08:21:05Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a3b6ef1-38d4-4c1e-aa75-40aa950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-12-21T08:21:05.000Z" ,
"modified" : "2017-12-21T08:21:05.000Z" ,
"description" : "PowerSpritz" ,
"pattern" : "[file:hashes.SHA256 = '9ca3e56dcb2d1b92e88a0d09d8cab2207ee6d1f55bada744ef81e8b8cf155453']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-12-21T08:21:05Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a3b6ef1-0614-40e6-b027-44a4950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-12-21T08:21:05.000Z" ,
"modified" : "2017-12-21T08:21:05.000Z" ,
"description" : "PowerSpritz" ,
"pattern" : "[file:hashes.SHA256 = '5a162898a38601e41d538f067eaf81d6a038268bc52a86cf13c2e43ca2487c07']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-12-21T08:21:05Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a3b7017-6038-4a51-aa3d-4155950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-12-21T10:31:03.000Z" ,
"modified" : "2017-12-21T10:31:03.000Z" ,
"description" : "PowerSpritz C&C" ,
"pattern" : "[url:value = 'http://dogecoin.deaftone.com:8080/mainls.cs']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-12-21T10:31:03Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a3b7017-0d8c-4ceb-a36d-4e5c950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-12-21T10:31:04.000Z" ,
"modified" : "2017-12-21T10:31:04.000Z" ,
"description" : "PowerSpritz C&C" ,
"pattern" : "[url:value = 'http://macintosh.linkpc.net:8080/mainls.cs']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-12-21T10:31:04Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a3b705d-b038-42db-8077-48d2950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-12-21T08:27:09.000Z" ,
"modified" : "2017-12-21T08:27:09.000Z" ,
"description" : "Microsoft Compiled HTML Help (CHM)" ,
"pattern" : "[file:hashes.SHA256 = '81617bd4fa5d6c1a703c40157fbe16c55c11260723b7f63de022fd5dd241bdbf']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-12-21T08:27:09Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a3b705d-feb0-48aa-8aa9-43b0950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-12-21T08:27:09.000Z" ,
"modified" : "2017-12-21T08:27:09.000Z" ,
"description" : "Microsoft Compiled HTML Help (CHM)" ,
"pattern" : "[file:hashes.SHA256 = 'd5f9a81df5061c69be9c0ed55fba7d796e1a8ebab7c609ae437c574bd7b30b48']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-12-21T08:27:09Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a3b705d-d3dc-4e70-9962-4366950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-12-21T08:27:09.000Z" ,
"modified" : "2017-12-21T08:27:09.000Z" ,
"description" : "Microsoft Compiled HTML Help (CHM)" ,
"pattern" : "[file:hashes.SHA256 = '4eb2dd5e90bda6da5efbd213c8472775bdd16e67bcf559f58802a8c371848212']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-12-21T08:27:09Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a3b705d-cba0-44f4-95e7-401f950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-12-21T08:27:09.000Z" ,
"modified" : "2017-12-21T08:27:09.000Z" ,
"description" : "Microsoft Compiled HTML Help (CHM)" ,
"pattern" : "[file:hashes.SHA256 = '01b047e0f3b49f8ab6ebf6795bc72ba7f63d7acbc68f65f1f8f66e34de827e49']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-12-21T08:27:09Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a3b705d-536c-4957-b446-49cc950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-12-21T08:27:09.000Z" ,
"modified" : "2017-12-21T08:27:09.000Z" ,
"description" : "Microsoft Compiled HTML Help (CHM)" ,
"pattern" : "[file:hashes.SHA256 = '9d10911a7bbf26f58b5e39342540761885422b878617f864bfdb16195b7cd0f5']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-12-21T08:27:09Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a3b705d-4ee4-4fc2-be34-4175950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-12-21T08:27:09.000Z" ,
"modified" : "2017-12-21T08:27:09.000Z" ,
"description" : "Microsoft Compiled HTML Help (CHM)" ,
"pattern" : "[file:hashes.SHA256 = '85a263fc34883fc514be48da2d814f1b43525e63049c6b180c73c8ec00920f51']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-12-21T08:27:09Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a3b705d-f974-4f08-a635-4a22950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-12-21T08:27:09.000Z" ,
"modified" : "2017-12-21T08:27:09.000Z" ,
"description" : "Microsoft Compiled HTML Help (CHM)" ,
"pattern" : "[file:hashes.SHA256 = '6cb1e9850dd853880bbaf68ea23243bac9c430df576fa1e679d7f26d56785984']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-12-21T08:27:09Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a3b705d-ec48-4de3-916a-4ed7950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-12-21T08:27:09.000Z" ,
"modified" : "2017-12-21T08:27:09.000Z" ,
"description" : "Microsoft Compiled HTML Help (CHM)" ,
"pattern" : "[file:hashes.SHA256 = '772b9b873100375c9696d87724f8efa2c8c1484853d40b52c6dc6f7759f5db01']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-12-21T08:27:09Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a3b705d-1bb0-45e3-9392-44c7950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-12-21T08:27:09.000Z" ,
"modified" : "2017-12-21T08:27:09.000Z" ,
"description" : "Microsoft Compiled HTML Help (CHM)" ,
"pattern" : "[file:hashes.SHA256 = '6d4415a2cbedc960c7c7055626c61842b3a3ca4718e2ac0e3d2ac0c7ef41b84d']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-12-21T08:27:09Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a3b705d-2674-42df-acfe-44f9950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-12-21T08:27:09.000Z" ,
"modified" : "2017-12-21T08:27:09.000Z" ,
"description" : "Microsoft Compiled HTML Help (CHM)" ,
"pattern" : "[file:hashes.SHA256 = '030b4525558f2c411f972d91b144870b388380b59372e1798926cc2958242863']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-12-21T08:27:09Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a3b7225-3578-4cc8-9805-4eaa950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-12-21T10:31:04.000Z" ,
"modified" : "2017-12-21T10:31:04.000Z" ,
"description" : "Microsoft Compiled HTML Help (CHM) C&C" ,
"pattern" : "[url:value = 'http://92.222.106.229/theme.gif']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-12-21T10:31:04Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a3b7225-6db0-41a5-980c-452e950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-12-21T10:31:04.000Z" ,
"modified" : "2017-12-21T10:31:04.000Z" ,
"description" : "Microsoft Compiled HTML Help (CHM) C&C" ,
"pattern" : "[url:value = 'http://www.businesshop.net/hide.gif']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-12-21T10:31:04Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a3b7252-a444-404d-8f58-d89a950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-12-21T08:35:30.000Z" ,
"modified" : "2017-12-21T08:35:30.000Z" ,
"description" : "MS Shortcut Link (LNK)" ,
"pattern" : "[file:hashes.SHA256 = 'beecb33ef8adec99bbba3b64245c7230986c3c1a7f3246b0d26c641887387bfe']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-12-21T08:35:30Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a3b7252-0bd0-4158-a789-d89a950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-12-21T08:35:30.000Z" ,
"modified" : "2017-12-21T08:35:30.000Z" ,
"description" : "MS Shortcut Link (LNK)" ,
"pattern" : "[file:hashes.SHA256 = '8f0b83d4ff6d8720e134b467b34728c2823c4d75313ef6dce717b06f414bdf5c']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-12-21T08:35:30Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a3b7252-2954-4669-b2af-d89a950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-12-21T10:31:04.000Z" ,
"modified" : "2017-12-21T10:31:04.000Z" ,
"description" : "MS Shortcut Link (LNK) C&C" ,
"pattern" : "[url:value = 'http://tinyurl.com/y9jbk8cg']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-12-21T10:31:04Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a3b7252-ed2c-4cd7-9f37-d89a950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-12-21T10:31:04.000Z" ,
"modified" : "2017-12-21T10:31:04.000Z" ,
"description" : "MS Shortcut Link (LNK) C&C" ,
"pattern" : "[url:value = 'http://201.211.183.215:8080/pdfviewer.php?o=0&t=report&m=0']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-12-21T10:31:04Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a3b743b-55e8-4e64-a5c8-4a82950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-12-21T08:43:39.000Z" ,
"modified" : "2017-12-21T08:43:39.000Z" ,
"description" : "JavaScript" ,
"pattern" : "[file:hashes.SHA256 = 'e7581e1f112edc7e9fbb0383dd5780c4f2dd9923c4acc09b407f718ab6f7753d']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-12-21T08:43:39Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a3b743b-cbcc-41e3-9a05-4217950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-12-21T08:43:39.000Z" ,
"modified" : "2017-12-21T08:43:39.000Z" ,
"description" : "JavaScript" ,
"pattern" : "[file:hashes.SHA256 = '7975c09dd436fededd38acee9769ad367bfe07c769770bd152f33a10ed36529e']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-12-21T08:43:39Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a3b743b-3c9c-4600-a3e8-4871950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-12-21T08:43:39.000Z" ,
"modified" : "2017-12-21T08:43:39.000Z" ,
"description" : "JavaScript" ,
"pattern" : "[file:hashes.SHA256 = '100c6400331fa1919958bed122b88f1599a61b3bb113d98b218a535443ebc3a7']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-12-21T08:43:39Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a3b743b-0104-4f3b-a337-4744950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-12-21T08:43:39.000Z" ,
"modified" : "2017-12-21T08:43:39.000Z" ,
"description" : "JavaScript" ,
"pattern" : "[file:hashes.SHA256 = '8ff100ca86cb62117f1290e71d5f9c0519661d6c955d9fcfb71f0bbdf75b51b3']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-12-21T08:43:39Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a3b743b-312c-4091-bc28-4408950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-12-21T08:43:39.000Z" ,
"modified" : "2017-12-21T08:43:39.000Z" ,
"description" : "JavaScript" ,
"pattern" : "[file:hashes.SHA256 = '97c6c69405ed721a64c158f18ab4386e3ade19841b0dea3dcce6b521faf3a660']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-12-21T08:43:39Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a3b743b-0550-4eb6-b378-4b26950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-12-21T08:43:39.000Z" ,
"modified" : "2017-12-21T08:43:39.000Z" ,
"description" : "JavaScript" ,
"pattern" : "[file:hashes.SHA256 = '41ee2947356b26e4d8aca826ae392be932cd8800476840713e9b6c630972604f']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-12-21T08:43:39Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a3b743b-7ea8-444e-b7da-41b0950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-12-21T08:43:39.000Z" ,
"modified" : "2017-12-21T08:43:39.000Z" ,
"description" : "JavaScript" ,
"pattern" : "[file:hashes.SHA256 = '25f13dca780bafb0001d521ea6e76a3bd4dd74ce137596b948d41794ece59a66']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-12-21T08:43:39Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a3b74a3-e1f0-4a5d-8e55-47a7950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-12-21T10:31:03.000Z" ,
"modified" : "2017-12-21T10:31:03.000Z" ,
"description" : "JavaScript C&C" ,
"pattern" : "[url:value = 'http://51.255.219.82/files/download/falconcoin.zip']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-12-21T10:31:03Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a3b74a3-fd30-42dc-aaeb-4f6c950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-12-21T10:31:03.000Z" ,
"modified" : "2017-12-21T10:31:03.000Z" ,
"description" : "JavaScript C&C" ,
"pattern" : "[url:value = 'http://51.255.219.82/theme.gif']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-12-21T10:31:03Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a3b74a3-5ae4-4707-a8d3-4406950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-12-21T10:31:03.000Z" ,
"modified" : "2017-12-21T10:31:03.000Z" ,
"description" : "JavaScript C&C" ,
"pattern" : "[url:value = 'http://51.255.219.82/files/download/falconcoin.pdf']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-12-21T10:31:03Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a3b74a3-8634-4291-83b4-4384950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-12-21T10:31:03.000Z" ,
"modified" : "2017-12-21T10:31:03.000Z" ,
"description" : "JavaScript C&C" ,
"pattern" : "[url:value = 'http://apps.got-game.org/images/character.gif']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-12-21T10:31:03Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a3b74a3-bc10-4329-8905-4240950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-12-21T10:31:03.000Z" ,
"modified" : "2017-12-21T10:31:03.000Z" ,
"description" : "JavaScript C&C" ,
"pattern" : "[url:value = 'http://apps.got-game.org/files/download/transaction.pdf']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-12-21T10:31:03Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a3b74a3-d248-477e-894a-44fb950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-12-21T10:31:03.000Z" ,
"modified" : "2017-12-21T10:31:03.000Z" ,
"description" : "JavaScript C&C" ,
"pattern" : "[url:value = 'http://www.energydonate.com/files/download/bithumb.zip']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-12-21T10:31:03Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a3b74a3-aeb0-4f70-977c-48fe950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-12-21T10:31:03.000Z" ,
"modified" : "2017-12-21T10:31:03.000Z" ,
"description" : "JavaScript C&C" ,
"pattern" : "[url:value = 'http://www.energydonate.com/images/character.gif']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-12-21T10:31:03Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a3b74a3-dd20-4a97-b5b5-4f28950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-12-21T10:31:03.000Z" ,
"modified" : "2017-12-21T10:31:03.000Z" ,
"description" : "JavaScript C&C" ,
"pattern" : "[url:value = 'http://www.energydonate.com/files/download/bithumb.pdf']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-12-21T10:31:03Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a3b775a-2584-41ea-a2fe-40ac950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-12-21T08:56:58.000Z" ,
"modified" : "2017-12-21T08:56:58.000Z" ,
"description" : "MS Office Docs" ,
"pattern" : "[file:hashes.SHA256 = 'b3235a703026b2077ccfa20b3dabd82d65c6b5645f7f15e7bbad1ce8173c7960']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-12-21T08:56:58Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a3b775a-38f4-4a8f-9baf-42d4950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-12-21T08:56:58.000Z" ,
"modified" : "2017-12-21T08:56:58.000Z" ,
"description" : "MS Office Docs" ,
"pattern" : "[file:hashes.SHA256 = 'b9cf1cba0f626668793b9624e55c76e2dab56893b21239523f2a2a0281844c6d']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-12-21T08:56:58Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a3b775a-3798-4861-9fdb-4685950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-12-21T08:56:58.000Z" ,
"modified" : "2017-12-21T08:56:58.000Z" ,
"description" : "MS Office Docs" ,
"pattern" : "[file:hashes.SHA256 = '972b598d709b66b35900dc21c5225e5f0d474f241fefa890b381089afd7d44ee']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-12-21T08:56:58Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a3b775a-8868-491f-a074-41b4950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-12-21T10:31:04.000Z" ,
"modified" : "2017-12-21T10:31:04.000Z" ,
"description" : "MS Office Docs C&C" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '198.100.157.239']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-12-21T10:31:04Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a3b77fa-96cc-4e05-939c-4b90950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-12-21T08:59:38.000Z" ,
"modified" : "2017-12-21T08:59:38.000Z" ,
"description" : "PyInstaller" ,
"pattern" : "[file:hashes.SHA256 = 'b530de08530d1ba19a94bc075e74e2236c106466dedc92be3abdee9908e8cf7e']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-12-21T08:59:38Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a3b77fa-ba64-412b-873a-4ef0950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-12-21T08:59:38.000Z" ,
"modified" : "2017-12-21T08:59:38.000Z" ,
"description" : "PyInstaller" ,
"pattern" : "[file:hashes.SHA256 = 'eab612e333baaec0709f3f213f73388607e495d8af9a2851f352481e996283f1']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-12-21T08:59:38Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a3b77fa-8e24-4966-ab98-40cf950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-12-21T08:59:38.000Z" ,
"modified" : "2017-12-21T08:59:38.000Z" ,
"description" : "PyInstaller" ,
"pattern" : "[file:hashes.SHA256 = 'eb372423e4dcd4665cc03ffc384ff625ae4afd13f6d0589e4568354be271f86e']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-12-21T08:59:38Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a3b7813-ca8c-414b-8d85-4a56950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-12-21T10:31:04.000Z" ,
"modified" : "2017-12-21T10:31:04.000Z" ,
"description" : "PyInstaller Hosting or Email IDNA" ,
"pattern" : "[domain-name:value = 'xn--bitcin-zxa.org']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-12-21T10:31:04Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a3b7813-9918-42db-986a-4523950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-12-21T10:31:04.000Z" ,
"modified" : "2017-12-21T10:31:04.000Z" ,
"description" : "PyInstaller Hosting or Email IDNA" ,
"pattern" : "[domain-name:value = 'xn--electrm-s2a.org']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-12-21T10:31:04Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a3b7813-814c-4ca4-92d3-4f59950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-12-21T10:31:04.000Z" ,
"modified" : "2017-12-21T10:31:04.000Z" ,
"description" : "PyInstaller Hosting or Email IDNA" ,
"pattern" : "[domain-name:value = 'xn--bitcingold-hcb.org']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-12-21T10:31:04Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a3b7813-5540-4536-b2c0-4e56950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-12-21T10:31:04.000Z" ,
"modified" : "2017-12-21T10:31:04.000Z" ,
"description" : "PyInstaller Hosting or Email IDNA" ,
"pattern" : "[domain-name:value = 'xn--bitcoigold-o1b.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-12-21T10:31:04Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a3b7813-9dc0-44ba-8081-4b2b950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-12-21T10:31:04.000Z" ,
"modified" : "2017-12-21T10:31:04.000Z" ,
"description" : "PyInstaller Hosting or Email IDNA" ,
"pattern" : "[domain-name:value = 'xn--bitcoingld-lcb.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-12-21T10:31:04Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a3b7813-6e54-4dc6-ba00-43b3950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-12-21T10:31:04.000Z" ,
"modified" : "2017-12-21T10:31:04.000Z" ,
"description" : "PyInstaller Hosting or Email IDNA" ,
"pattern" : "[domain-name:value = 'xn--bitcoingld-lcb.org']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-12-21T10:31:04Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a3b7813-6e2c-41c4-9107-4aca950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-12-21T10:31:04.000Z" ,
"modified" : "2017-12-21T10:31:04.000Z" ,
"description" : "PyInstaller Hosting or Email IDNA" ,
"pattern" : "[domain-name:value = 'xn--bitcoingod-8yb.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-12-21T10:31:04Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a3b7813-d160-4a5b-88ae-459f950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-12-21T10:31:04.000Z" ,
"modified" : "2017-12-21T10:31:04.000Z" ,
"description" : "PyInstaller Hosting or Email IDNA" ,
"pattern" : "[domain-name:value = 'xn--btcongold-54ad.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-12-21T10:31:04Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a3b7813-7a80-412c-8f49-4188950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-12-21T10:31:04.000Z" ,
"modified" : "2017-12-21T10:31:04.000Z" ,
"description" : "PyInstaller Hosting or Email IDNA" ,
"pattern" : "[domain-name:value = 'xn--btcongold-g5ad.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-12-21T10:31:04Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a3b7866-992c-4c27-b1bd-4a22950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-12-21T10:31:04.000Z" ,
"modified" : "2017-12-21T10:31:04.000Z" ,
"description" : "Likely Related IDNA" ,
"pattern" : "[domain-name:value = 'xn--6fgp.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-12-21T10:31:04Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a3b7866-f09c-405e-9b03-4498950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-12-21T10:31:04.000Z" ,
"modified" : "2017-12-21T10:31:04.000Z" ,
"description" : "Likely Related IDNA" ,
"pattern" : "[domain-name:value = 'xn--bitcingold-jbb.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-12-21T10:31:04Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a3b7866-c288-492e-9fbd-4f30950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-12-21T10:31:04.000Z" ,
"modified" : "2017-12-21T10:31:04.000Z" ,
"description" : "Likely Related IDNA" ,
"pattern" : "[domain-name:value = 'xn--bitcingold-t3b.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-12-21T10:31:04Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a3b7866-05c4-46dc-9a1c-4a00950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-12-21T10:31:04.000Z" ,
"modified" : "2017-12-21T10:31:04.000Z" ,
"description" : "Likely Related IDNA" ,
"pattern" : "[domain-name:value = 'xn--bitcoingol-4kb.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-12-21T10:31:04Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a3b7866-1d3c-4c6c-9341-4964950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-12-21T10:31:04.000Z" ,
"modified" : "2017-12-21T10:31:04.000Z" ,
"description" : "Likely Related IDNA" ,
"pattern" : "[domain-name:value = 'xn--bitoingold-1ib.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-12-21T10:31:04Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a3b7866-1b50-4b5c-9cdb-499c950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-12-21T10:31:04.000Z" ,
"modified" : "2017-12-21T10:31:04.000Z" ,
"description" : "Likely Related IDNA" ,
"pattern" : "[domain-name:value = 'xn--btcoingold-v8a.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-12-21T10:31:04Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a3b7866-f014-4528-b170-45bd950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-12-21T10:31:04.000Z" ,
"modified" : "2017-12-21T10:31:04.000Z" ,
"description" : "Likely Related IDNA" ,
"pattern" : "[domain-name:value = 'xn--bitcoingldwallet-twb.org']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-12-21T10:31:04Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a3b7883-d7f4-489a-9bf1-4586950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-12-21T10:31:04.000Z" ,
"modified" : "2017-12-21T10:31:04.000Z" ,
"description" : "PyInstaller C&C" ,
"pattern" : "[url:value = 'http://www.btc-gold.us/images/top_bar.gif']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-12-21T10:31:04Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a3b7883-7a50-4c6f-9ed8-4fa4950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-12-21T10:31:04.000Z" ,
"modified" : "2017-12-21T10:31:04.000Z" ,
"description" : "PyInstaller C&C" ,
"pattern" : "[url:value = 'http://trade.publicvm.com/images/top_bar.gif']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-12-21T10:31:04Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a3b78c5-cc40-4c48-a9d5-468b950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-12-21T09:03:01.000Z" ,
"modified" : "2017-12-21T09:03:01.000Z" ,
"description" : "PowerRatankba" ,
"pattern" : "[file:hashes.SHA256 = '41f155f039448edb42c3a566e7b8e150829b97d83109c0c394d199cdcfd20f9b']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-12-21T09:03:01Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a3b78c5-8710-4016-bd90-48e6950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-12-21T09:03:01.000Z" ,
"modified" : "2017-12-21T09:03:01.000Z" ,
"description" : "PowerRatankba" ,
"pattern" : "[file:hashes.SHA256 = '20f7e342a5f3224cab8f0439e2ba02bb051cd3e1afcd603142a60ac8af9699ba']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-12-21T09:03:01Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a3b78c5-42dc-48ed-bd98-4d49950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-12-21T09:03:01.000Z" ,
"modified" : "2017-12-21T09:03:01.000Z" ,
"description" : "PowerRatankba" ,
"pattern" : "[file:hashes.SHA256 = 'db8163d054a35522d0dec35743cfd2c9872e0eb446467b573a79f84d61761471']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-12-21T09:03:01Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a3b78c5-6718-43c8-93b1-44b0950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-12-21T09:03:01.000Z" ,
"modified" : "2017-12-21T09:03:01.000Z" ,
"description" : "PowerRatankba" ,
"pattern" : "[file:hashes.SHA256 = '3cd0689b2bae5109caedeb2cf9dd4b3a975ab277fadbbb26065e489565470a5c']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-12-21T09:03:01Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a3b78c5-5728-45aa-ae7e-49d4950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-12-21T09:03:01.000Z" ,
"modified" : "2017-12-21T09:03:01.000Z" ,
"description" : "PowerRatankba" ,
"pattern" : "[file:hashes.SHA256 = 'b265a5d984c4654ac0b25ddcf8048d0aabc28e36d3e2439d1c08468842857f46']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-12-21T09:03:01Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a3b78c5-3c7c-45c1-96af-4d68950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-12-21T09:03:01.000Z" ,
"modified" : "2017-12-21T09:03:01.000Z" ,
"description" : "PowerRatankba" ,
"pattern" : "[file:hashes.SHA256 = '1768f2e9cea5f8c97007c6f822531c1c9043c151187c54ebfb289980ff63d666']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-12-21T09:03:01Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a3b78c5-1ca0-4ad0-8150-40b4950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-12-21T09:03:01.000Z" ,
"modified" : "2017-12-21T09:03:01.000Z" ,
"description" : "PowerRatankba" ,
"pattern" : "[file:hashes.SHA256 = '99ad06cca4910c62e8d6b68801c6122137cf8458083bb58cbc767eebc220180d']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-12-21T09:03:01Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a3b78c5-ae1c-44e3-8cda-4e69950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-12-21T09:03:01.000Z" ,
"modified" : "2017-12-21T09:03:01.000Z" ,
"description" : "PowerRatankba" ,
"pattern" : "[file:hashes.SHA256 = 'f7f2dd674532056c0d67ef1fb7c8ae8dd0484768604b551ee9b6c4405008fe6b']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-12-21T09:03:01Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a3b78c5-7494-4a75-b733-4906950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-12-21T09:03:01.000Z" ,
"modified" : "2017-12-21T09:03:01.000Z" ,
"description" : "PowerRatankba" ,
"pattern" : "[file:hashes.SHA256 = 'd844777dcafcde8622b9472b6cd442c50c3747579868a53a505ef2f5a4f0e26a']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-12-21T09:03:01Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--5a3b6d4c-b11c-45f6-b5e3-d89b950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-12-21T08:14:20.000Z" ,
"modified" : "2017-12-21T08:14:20.000Z" ,
"labels" : [
"misp:name=\"microblog\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "text" ,
"object_relation" : "post" ,
"value" : "Just published my paper on largely undocumented #LazarusGroup/#DPRK campaigns targeting cryptocurrency individuals/orgs (both big and small). The research covers new implants/tactics not currently covered in the media regarding 'fake jobs' campaigns. (link: https://www.proofpoint.com/us/threat-insight/post/north-korea-bitten-bitcoin-bug-financially-motivated-campaigns-reveal-new) proofpoint.com/us/threat-insi\u00e2\u20ac\u00a6" ,
"category" : "Other" ,
"uuid" : "5a3b6d4c-ce18-4291-b614-d89b950d210f"
} ,
{
"type" : "text" ,
"object_relation" : "type" ,
"value" : "Twitter" ,
"category" : "Other" ,
"uuid" : "5a3b6d4d-90c4-489c-9302-d89b950d210f"
} ,
{
"type" : "url" ,
"object_relation" : "url" ,
"value" : "https://mobile.twitter.com/darienhuss/status/943300245554958337" ,
"category" : "External analysis" ,
"to_ids" : true ,
"uuid" : "5a3b6d4d-9cb0-4312-9b63-d89b950d210f"
} ,
{
"type" : "url" ,
"object_relation" : "link" ,
"value" : "https://www.proofpoint.com/us/threat-insight/post/north-korea-bitten-bitcoin-bug-financially-motivated-campaigns-reveal-new" ,
"category" : "External analysis" ,
"to_ids" : true ,
"uuid" : "5a3b6d4d-488c-4acd-9e92-d89b950d210f"
} ,
{
"type" : "text" ,
"object_relation" : "username" ,
"value" : "@darienhuss" ,
"category" : "Other" ,
"uuid" : "5a3b6d4d-c010-43e6-af1e-d89b950d210f"
} ,
{
"type" : "datetime" ,
"object_relation" : "creation-date" ,
"value" : "2017-12-20T03:01:00" ,
"category" : "Other" ,
"uuid" : "5a3b6d5c-9334-4586-bbf3-d898950d210f"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "microblog"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--88c0c9e5-6f55-4434-86f5-57ccf1ab779e" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-12-21T10:31:07.000Z" ,
"modified" : "2017-12-21T10:31:07.000Z" ,
"pattern" : "[file:hashes.MD5 = 'd2a565e6c31ee18380c410e8cc4abbb0' AND file:hashes.SHA1 = '2ef42ad9c43fc58c48de409414568c27b904fd79' AND file:hashes.SHA256 = '8f0b83d4ff6d8720e134b467b34728c2823c4d75313ef6dce717b06f414bdf5c']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-12-21T10:31:07Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--551d26ea-0d49-4a3d-8b80-61f1c2d46b4c" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-12-21T10:31:05.000Z" ,
"modified" : "2017-12-21T10:31:05.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/8f0b83d4ff6d8720e134b467b34728c2823c4d75313ef6dce717b06f414bdf5c/analysis/1513817274/" ,
"category" : "External analysis" ,
"comment" : "MS Shortcut Link (LNK)" ,
"uuid" : "5a3b8d69-51a4-489c-89d2-45bc02de0b81"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "26/58" ,
"category" : "Other" ,
"comment" : "MS Shortcut Link (LNK)" ,
"uuid" : "5a3b8d69-db68-412e-a182-49dd02de0b81"
} ,
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2017-12-21T00:47:54" ,
"category" : "Other" ,
"comment" : "MS Shortcut Link (LNK)" ,
"uuid" : "5a3b8d69-43cc-44f0-adfe-47f802de0b81"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--e831a382-f6bf-43db-b38c-421df1ea3875" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-12-21T10:31:08.000Z" ,
"modified" : "2017-12-21T10:31:08.000Z" ,
"pattern" : "[file:hashes.MD5 = 'a3487b13cbda458bf91c7e802a1ea4f5' AND file:hashes.SHA1 = 'de201a51f96af1405f58ec02b7802088ecae6a2d' AND file:hashes.SHA256 = '030b4525558f2c411f972d91b144870b388380b59372e1798926cc2958242863']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-12-21T10:31:08Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--ef5cfba8-a647-4887-8626-5b716d830d90" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-12-21T10:31:05.000Z" ,
"modified" : "2017-12-21T10:31:05.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/030b4525558f2c411f972d91b144870b388380b59372e1798926cc2958242863/analysis/1513799414/" ,
"category" : "External analysis" ,
"comment" : "Microsoft Compiled HTML Help (CHM)" ,
"uuid" : "5a3b8d6a-d570-4c24-a644-4ea302de0b81"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "7/60" ,
"category" : "Other" ,
"comment" : "Microsoft Compiled HTML Help (CHM)" ,
"uuid" : "5a3b8d6a-d444-4801-a69e-407802de0b81"
} ,
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2017-12-20T19:50:14" ,
"category" : "Other" ,
"comment" : "Microsoft Compiled HTML Help (CHM)" ,
"uuid" : "5a3b8d6a-ec4c-4cd8-8150-4d9302de0b81"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--4b8c3132-e355-4ee4-91c9-e06a69a36da1" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-12-21T10:31:09.000Z" ,
"modified" : "2017-12-21T10:31:09.000Z" ,
"pattern" : "[file:hashes.MD5 = '6431f46fd8353cb30cd573fc887d8aa8' AND file:hashes.SHA1 = '5d796909d5da1f6f86cfe37962cc9c69d76836c5' AND file:hashes.SHA256 = 'beecb33ef8adec99bbba3b64245c7230986c3c1a7f3246b0d26c641887387bfe']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-12-21T10:31:09Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--b1b7f438-e55c-4b57-b42d-503d60b57d4f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-12-21T10:31:06.000Z" ,
"modified" : "2017-12-21T10:31:06.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/beecb33ef8adec99bbba3b64245c7230986c3c1a7f3246b0d26c641887387bfe/analysis/1513838639/" ,
"category" : "External analysis" ,
"comment" : "MS Shortcut Link (LNK)" ,
"uuid" : "5a3b8d6a-21a8-4ce7-a915-433f02de0b81"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "21/60" ,
"category" : "Other" ,
"comment" : "MS Shortcut Link (LNK)" ,
"uuid" : "5a3b8d6a-54d4-46b0-aa20-4ed702de0b81"
} ,
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2017-12-21T06:43:59" ,
"category" : "Other" ,
"comment" : "MS Shortcut Link (LNK)" ,
"uuid" : "5a3b8d6a-c26c-4bf2-999f-48f502de0b81"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--1f87943e-6f0e-4b12-87b5-3116a0f725c0" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-12-21T10:31:09.000Z" ,
"modified" : "2017-12-21T10:31:09.000Z" ,
"pattern" : "[file:hashes.MD5 = '7a27da13bbdfc34118a30ecd83a75614' AND file:hashes.SHA1 = '53b079072c81f7c879ea1f808c18dcd6134afc5c' AND file:hashes.SHA256 = '01b047e0f3b49f8ab6ebf6795bc72ba7f63d7acbc68f65f1f8f66e34de827e49']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-12-21T10:31:09Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--789535f0-ec61-4de1-9988-165ac6c1ba5c" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-12-21T10:31:06.000Z" ,
"modified" : "2017-12-21T10:31:06.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/01b047e0f3b49f8ab6ebf6795bc72ba7f63d7acbc68f65f1f8f66e34de827e49/analysis/1513817106/" ,
"category" : "External analysis" ,
"comment" : "Microsoft Compiled HTML Help (CHM)" ,
"uuid" : "5a3b8d6b-1590-40bb-a85d-44f502de0b81"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "1/58" ,
"category" : "Other" ,
"comment" : "Microsoft Compiled HTML Help (CHM)" ,
"uuid" : "5a3b8d6b-7afc-4547-8c18-44a402de0b81"
} ,
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2017-12-21T00:45:06" ,
"category" : "Other" ,
"comment" : "Microsoft Compiled HTML Help (CHM)" ,
"uuid" : "5a3b8d6b-b87c-462f-b376-488002de0b81"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--cb269eaa-70e8-4564-b7f8-902352959fe6" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-12-21T10:31:10.000Z" ,
"modified" : "2017-12-21T10:31:10.000Z" ,
"pattern" : "[file:hashes.MD5 = '4ed7389843781268f9dbf8d222be52ba' AND file:hashes.SHA1 = '8fe0adbc9024c6fa8872bfe30d71e780ca2e21a4' AND file:hashes.SHA256 = '85a263fc34883fc514be48da2d814f1b43525e63049c6b180c73c8ec00920f51']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-12-21T10:31:10Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--9296c8a4-2d34-48e4-af42-15e57470eb84" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-12-21T10:31:07.000Z" ,
"modified" : "2017-12-21T10:31:07.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/85a263fc34883fc514be48da2d814f1b43525e63049c6b180c73c8ec00920f51/analysis/1513817183/" ,
"category" : "External analysis" ,
"comment" : "Microsoft Compiled HTML Help (CHM)" ,
"uuid" : "5a3b8d6b-7040-4974-82f5-4cdc02de0b81"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "0/59" ,
"category" : "Other" ,
"comment" : "Microsoft Compiled HTML Help (CHM)" ,
"uuid" : "5a3b8d6b-a9d0-47fe-ba6e-4e2e02de0b81"
} ,
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2017-12-21T00:46:23" ,
"category" : "Other" ,
"comment" : "Microsoft Compiled HTML Help (CHM)" ,
"uuid" : "5a3b8d6b-4520-4710-a59e-47ec02de0b81"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--1bae070e-81ad-4cfb-a316-00f6dd358a7d" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-12-21T10:31:10.000Z" ,
"modified" : "2017-12-21T10:31:10.000Z" ,
"pattern" : "[file:hashes.MD5 = '980272269926a187ec4fe17ec9505a5f' AND file:hashes.SHA1 = '2abfd795397a343596c9f95ecb721250f80eda61' AND file:hashes.SHA256 = '25f13dca780bafb0001d521ea6e76a3bd4dd74ce137596b948d41794ece59a66']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-12-21T10:31:10Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--4117fdf6-6c7c-4e4c-b695-d2b7214b42f4" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-12-21T10:31:08.000Z" ,
"modified" : "2017-12-21T10:31:08.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/25f13dca780bafb0001d521ea6e76a3bd4dd74ce137596b948d41794ece59a66/analysis/1513799416/" ,
"category" : "External analysis" ,
"comment" : "JavaScript" ,
"uuid" : "5a3b8d6c-6a0c-4316-b58f-4c5302de0b81"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "11/60" ,
"category" : "Other" ,
"comment" : "JavaScript" ,
"uuid" : "5a3b8d6c-2d54-4a48-8945-4fa402de0b81"
} ,
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2017-12-20T19:50:16" ,
"category" : "Other" ,
"comment" : "JavaScript" ,
"uuid" : "5a3b8d6c-2790-4efd-ae32-4ef502de0b81"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--08352cd7-5beb-4bdf-b9df-3ae69f4f3084" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-12-21T10:31:11.000Z" ,
"modified" : "2017-12-21T10:31:11.000Z" ,
"pattern" : "[file:hashes.MD5 = 'd253d65adf4285fa5004cd96e647a11f' AND file:hashes.SHA1 = '1983b60d923b01fcb14ba813532b2f41f2d6c2fe' AND file:hashes.SHA256 = '972b598d709b66b35900dc21c5225e5f0d474f241fefa890b381089afd7d44ee']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-12-21T10:31:11Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--7151d2df-fc05-4f72-8afe-b5c9db8e893e" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-12-21T10:31:08.000Z" ,
"modified" : "2017-12-21T10:31:08.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/972b598d709b66b35900dc21c5225e5f0d474f241fefa890b381089afd7d44ee/analysis/1513818403/" ,
"category" : "External analysis" ,
"comment" : "MS Office Docs" ,
"uuid" : "5a3b8d6d-ed08-4dcb-a63f-427302de0b81"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "32/59" ,
"category" : "Other" ,
"comment" : "MS Office Docs" ,
"uuid" : "5a3b8d6d-9964-40b2-ad0f-49c402de0b81"
} ,
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2017-12-21T01:06:43" ,
"category" : "Other" ,
"comment" : "MS Office Docs" ,
"uuid" : "5a3b8d6d-8bd0-44b1-801c-4cb402de0b81"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--fa7170ec-f0f6-4900-922c-fce4d2eef064" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-12-21T10:31:12.000Z" ,
"modified" : "2017-12-21T10:31:12.000Z" ,
"pattern" : "[file:hashes.MD5 = 'ddabaa2740f590ac964996fd4b691880' AND file:hashes.SHA1 = 'be2e900c64cd985cde9e8515fb4e5b5d70c853f0' AND file:hashes.SHA256 = '6d4415a2cbedc960c7c7055626c61842b3a3ca4718e2ac0e3d2ac0c7ef41b84d']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-12-21T10:31:12Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--27d3ea8e-4cae-4f1a-96c8-fcf4a788439f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-12-21T10:31:09.000Z" ,
"modified" : "2017-12-21T10:31:09.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/6d4415a2cbedc960c7c7055626c61842b3a3ca4718e2ac0e3d2ac0c7ef41b84d/analysis/1513838568/" ,
"category" : "External analysis" ,
"comment" : "Microsoft Compiled HTML Help (CHM)" ,
"uuid" : "5a3b8d6e-b944-42a1-a2dc-421402de0b81"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "5/58" ,
"category" : "Other" ,
"comment" : "Microsoft Compiled HTML Help (CHM)" ,
"uuid" : "5a3b8d6e-9c08-402b-a774-492d02de0b81"
} ,
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2017-12-21T06:42:48" ,
"category" : "Other" ,
"comment" : "Microsoft Compiled HTML Help (CHM)" ,
"uuid" : "5a3b8d6e-51ac-4ac0-a07c-4eb602de0b81"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--37b63b78-21dd-47c0-9d23-3630e7cf8646" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-12-21T10:31:13.000Z" ,
"modified" : "2017-12-21T10:31:13.000Z" ,
"pattern" : "[file:hashes.MD5 = '2dfebcb60dfa706e2a9c6e73709ebff5' AND file:hashes.SHA1 = 'd9476b3018be277da1aa2b03543166a1a8d1ff03' AND file:hashes.SHA256 = 'eab612e333baaec0709f3f213f73388607e495d8af9a2851f352481e996283f1']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-12-21T10:31:13Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--e69882c0-3bc4-47cc-a0bb-c0656d6b9d56" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-12-21T10:31:10.000Z" ,
"modified" : "2017-12-21T10:31:10.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/eab612e333baaec0709f3f213f73388607e495d8af9a2851f352481e996283f1/analysis/1513817527/" ,
"category" : "External analysis" ,
"comment" : "PyInstaller" ,
"uuid" : "5a3b8d6e-6c80-4b21-b06d-4fea02de0b81"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "5/67" ,
"category" : "Other" ,
"comment" : "PyInstaller" ,
"uuid" : "5a3b8d6e-f208-4343-8b16-4e0e02de0b81"
} ,
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2017-12-21T00:52:07" ,
"category" : "Other" ,
"comment" : "PyInstaller" ,
"uuid" : "5a3b8d6e-b7ec-4657-9534-422a02de0b81"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--c126b790-4339-4aae-ae09-8907102e1a25" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-12-21T10:31:13.000Z" ,
"modified" : "2017-12-21T10:31:13.000Z" ,
"pattern" : "[file:hashes.MD5 = '239aaff9c0c7b0317df0d0c409780d11' AND file:hashes.SHA1 = '2e344cb889843233ff54e95dd0c5956489d07b7d' AND file:hashes.SHA256 = 'e7581e1f112edc7e9fbb0383dd5780c4f2dd9923c4acc09b407f718ab6f7753d']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-12-21T10:31:13Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--2b6f8da3-f975-46ce-b203-b6a2f7db28ff" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-12-21T10:31:10.000Z" ,
"modified" : "2017-12-21T10:31:10.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/e7581e1f112edc7e9fbb0383dd5780c4f2dd9923c4acc09b407f718ab6f7753d/analysis/1513838712/" ,
"category" : "External analysis" ,
"comment" : "JavaScript" ,
"uuid" : "5a3b8d6e-4490-4dc7-aba8-4b3f02de0b81"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "13/60" ,
"category" : "Other" ,
"comment" : "JavaScript" ,
"uuid" : "5a3b8d6e-45e8-4092-81fb-47ec02de0b81"
} ,
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2017-12-21T06:45:12" ,
"category" : "Other" ,
"comment" : "JavaScript" ,
"uuid" : "5a3b8d6e-7044-4462-82ac-4c3b02de0b81"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--4abea3bf-4859-444d-9735-ef6c73e34c7f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-12-21T10:31:13.000Z" ,
"modified" : "2017-12-21T10:31:13.000Z" ,
"pattern" : "[file:hashes.MD5 = 'e3fc2fbc512b90c54d81989cf42bb885' AND file:hashes.SHA1 = '46a1d019c1069a8da16224ba6e964d929f42f204' AND file:hashes.SHA256 = '6cb1e9850dd853880bbaf68ea23243bac9c430df576fa1e679d7f26d56785984']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-12-21T10:31:13Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--b3041cbd-a853-482a-af11-4b0b34855339" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-12-21T10:31:10.000Z" ,
"modified" : "2017-12-21T10:31:10.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/6cb1e9850dd853880bbaf68ea23243bac9c430df576fa1e679d7f26d56785984/analysis/1513799413/" ,
"category" : "External analysis" ,
"comment" : "Microsoft Compiled HTML Help (CHM)" ,
"uuid" : "5a3b8d6e-5b08-4536-9383-406602de0b81"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "1/60" ,
"category" : "Other" ,
"comment" : "Microsoft Compiled HTML Help (CHM)" ,
"uuid" : "5a3b8d6e-06dc-40b3-a095-430002de0b81"
} ,
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2017-12-20T19:50:13" ,
"category" : "Other" ,
"comment" : "Microsoft Compiled HTML Help (CHM)" ,
"uuid" : "5a3b8d6e-b828-4f2b-967d-406902de0b81"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--1c816f49-c77c-4c10-8f5a-c738b2f91fd2" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-12-21T10:31:13.000Z" ,
"modified" : "2017-12-21T10:31:13.000Z" ,
"pattern" : "[file:hashes.MD5 = '9e36b094d9769025699804f10c9a6523' AND file:hashes.SHA1 = '88554b0b8066cb059f9fc06d2620d84737251a29' AND file:hashes.SHA256 = 'd5f9a81df5061c69be9c0ed55fba7d796e1a8ebab7c609ae437c574bd7b30b48']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-12-21T10:31:13Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--a15c3c61-18d5-4e2c-a4e6-f783b2dbb325" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-12-21T10:31:10.000Z" ,
"modified" : "2017-12-21T10:31:10.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/d5f9a81df5061c69be9c0ed55fba7d796e1a8ebab7c609ae437c574bd7b30b48/analysis/1513838389/" ,
"category" : "External analysis" ,
"comment" : "Microsoft Compiled HTML Help (CHM)" ,
"uuid" : "5a3b8d6e-ea9c-4bfb-b455-4ce102de0b81"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "2/58" ,
"category" : "Other" ,
"comment" : "Microsoft Compiled HTML Help (CHM)" ,
"uuid" : "5a3b8d6e-51d4-49fd-90c6-4f9102de0b81"
} ,
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2017-12-21T06:39:49" ,
"category" : "Other" ,
"comment" : "Microsoft Compiled HTML Help (CHM)" ,
"uuid" : "5a3b8d6e-5724-489a-b982-418e02de0b81"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--179729f6-02e1-4594-b57f-f7db7e366b4b" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-12-21T10:31:13.000Z" ,
"modified" : "2017-12-21T10:31:13.000Z" ,
"pattern" : "[file:hashes.MD5 = 'b82f3e54bb97d4f92dc7c777f2e765ab' AND file:hashes.SHA1 = 'cc90c650a08de597b12620627dd89cc83741a889' AND file:hashes.SHA256 = '5a162898a38601e41d538f067eaf81d6a038268bc52a86cf13c2e43ca2487c07']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-12-21T10:31:13Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--6271f662-ebe5-449b-a28c-21625cb04c44" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-12-21T10:31:11.000Z" ,
"modified" : "2017-12-21T10:31:11.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/5a162898a38601e41d538f067eaf81d6a038268bc52a86cf13c2e43ca2487c07/analysis/1513817159/" ,
"category" : "External analysis" ,
"comment" : "PowerSpritz" ,
"uuid" : "5a3b8d6f-7efc-47e1-be51-4cbc02de0b81"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "20/67" ,
"category" : "Other" ,
"comment" : "PowerSpritz" ,
"uuid" : "5a3b8d6f-2e30-4086-a21b-4f7f02de0b81"
} ,
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2017-12-21T00:45:59" ,
"category" : "Other" ,
"comment" : "PowerSpritz" ,
"uuid" : "5a3b8d6f-5c18-4049-adc0-4f3502de0b81"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--0b7d5bd6-9d5e-45e3-8ae5-ed7a9cf4f4ea" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-12-21T10:31:14.000Z" ,
"modified" : "2017-12-21T10:31:14.000Z" ,
"pattern" : "[file:hashes.MD5 = 'dc688e6ddd3a1298dd372ec7d0ccb1fb' AND file:hashes.SHA1 = '8fd089df71a5f48098dc41886631ea6604f108e9' AND file:hashes.SHA256 = '9d10911a7bbf26f58b5e39342540761885422b878617f864bfdb16195b7cd0f5']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-12-21T10:31:14Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--75f57830-e3b2-4daf-bd31-5b69941c370d" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-12-21T10:31:11.000Z" ,
"modified" : "2017-12-21T10:31:11.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/9d10911a7bbf26f58b5e39342540761885422b878617f864bfdb16195b7cd0f5/analysis/1513817043/" ,
"category" : "External analysis" ,
"comment" : "Microsoft Compiled HTML Help (CHM)" ,
"uuid" : "5a3b8d6f-0184-44c0-826a-4d4202de0b81"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "1/59" ,
"category" : "Other" ,
"comment" : "Microsoft Compiled HTML Help (CHM)" ,
"uuid" : "5a3b8d6f-3270-4051-bd93-4f5702de0b81"
} ,
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2017-12-21T00:44:03" ,
"category" : "Other" ,
"comment" : "Microsoft Compiled HTML Help (CHM)" ,
"uuid" : "5a3b8d6f-07d0-4732-bb27-404d02de0b81"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--3529ee04-a201-4e52-a164-1e5c4a096897" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-12-21T10:31:14.000Z" ,
"modified" : "2017-12-21T10:31:14.000Z" ,
"pattern" : "[file:hashes.MD5 = '6c360e9a6f933bf172591a81881ca79b' AND file:hashes.SHA1 = 'd851ff7b371d15bf03a670e45ec5df327406ab45' AND file:hashes.SHA256 = 'f7f2dd674532056c0d67ef1fb7c8ae8dd0484768604b551ee9b6c4405008fe6b']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-12-21T10:31:14Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--24b51380-5e74-4cc3-9d40-a9bf23181402" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-12-21T10:31:11.000Z" ,
"modified" : "2017-12-21T10:31:11.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/f7f2dd674532056c0d67ef1fb7c8ae8dd0484768604b551ee9b6c4405008fe6b/analysis/1513799419/" ,
"category" : "External analysis" ,
"comment" : "PowerRatankba" ,
"uuid" : "5a3b8d6f-6bb4-4ed4-b0db-447202de0b81"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "1/60" ,
"category" : "Other" ,
"comment" : "PowerRatankba" ,
"uuid" : "5a3b8d6f-4e5c-4ba9-a6bc-41e902de0b81"
} ,
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2017-12-20T19:50:19" ,
"category" : "Other" ,
"comment" : "PowerRatankba" ,
"uuid" : "5a3b8d6f-22f4-49de-b3a4-4fa202de0b81"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--685f8167-ca1f-4f25-8ba4-cdf2aa6dae57" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-12-21T10:31:14.000Z" ,
"modified" : "2017-12-21T10:31:14.000Z" ,
"pattern" : "[file:hashes.MD5 = 'ed2cace34381b6bbeb98af31e73e7904' AND file:hashes.SHA1 = '9cc396887f57d1d266644cbefed48f33880fb218' AND file:hashes.SHA256 = 'db8163d054a35522d0dec35743cfd2c9872e0eb446467b573a79f84d61761471']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-12-21T10:31:14Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--c1983f91-67eb-48b3-a8dc-df000704bef3" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-12-21T10:31:11.000Z" ,
"modified" : "2017-12-21T10:31:11.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/db8163d054a35522d0dec35743cfd2c9872e0eb446467b573a79f84d61761471/analysis/1513799418/" ,
"category" : "External analysis" ,
"comment" : "PowerRatankba" ,
"uuid" : "5a3b8d6f-4c64-4ff9-8527-482d02de0b81"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "2/60" ,
"category" : "Other" ,
"comment" : "PowerRatankba" ,
"uuid" : "5a3b8d6f-f958-4988-a7fb-449202de0b81"
} ,
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2017-12-20T19:50:18" ,
"category" : "Other" ,
"comment" : "PowerRatankba" ,
"uuid" : "5a3b8d6f-86e4-4884-96da-434202de0b81"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--4d916fb6-5ac9-487a-a45a-b2b5a2a8bd36" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-12-21T10:31:14.000Z" ,
"modified" : "2017-12-21T10:31:14.000Z" ,
"pattern" : "[file:hashes.MD5 = '5d06ff8f43f631cd2a71a565dd10b7a5' AND file:hashes.SHA1 = '97936a1225622bf61f916c629882aab19ff1f1a6' AND file:hashes.SHA256 = 'd844777dcafcde8622b9472b6cd442c50c3747579868a53a505ef2f5a4f0e26a']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-12-21T10:31:14Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--42454a41-4382-4b9b-bfb4-41c779793cd0" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-12-21T10:31:11.000Z" ,
"modified" : "2017-12-21T10:31:11.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/d844777dcafcde8622b9472b6cd442c50c3747579868a53a505ef2f5a4f0e26a/analysis/1513799419/" ,
"category" : "External analysis" ,
"comment" : "PowerRatankba" ,
"uuid" : "5a3b8d6f-1174-4c32-aa95-45ba02de0b81"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "1/60" ,
"category" : "Other" ,
"comment" : "PowerRatankba" ,
"uuid" : "5a3b8d6f-ce28-432d-8ddf-4cda02de0b81"
} ,
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2017-12-20T19:50:19" ,
"category" : "Other" ,
"comment" : "PowerRatankba" ,
"uuid" : "5a3b8d6f-cdcc-4677-83af-44bc02de0b81"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--a6e3a25b-f46a-4ed8-b0ac-d15d4772c156" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-12-21T10:31:14.000Z" ,
"modified" : "2017-12-21T10:31:14.000Z" ,
"pattern" : "[file:hashes.MD5 = 'cba175498af45dca6970aeee83a6d9f4' AND file:hashes.SHA1 = '3d34eb23728f443e930885e89485cfc78cc34e07' AND file:hashes.SHA256 = '41f155f039448edb42c3a566e7b8e150829b97d83109c0c394d199cdcfd20f9b']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-12-21T10:31:14Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--e26a7bae-50f5-4b9f-a908-c09d124b96d5" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-12-21T10:31:12.000Z" ,
"modified" : "2017-12-21T10:31:12.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/41f155f039448edb42c3a566e7b8e150829b97d83109c0c394d199cdcfd20f9b/analysis/1513817542/" ,
"category" : "External analysis" ,
"comment" : "PowerRatankba" ,
"uuid" : "5a3b8d70-0120-4008-a176-46a002de0b81"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "0/59" ,
"category" : "Other" ,
"comment" : "PowerRatankba" ,
"uuid" : "5a3b8d70-8ce4-4780-a75e-487102de0b81"
} ,
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2017-12-21T00:52:22" ,
"category" : "Other" ,
"comment" : "PowerRatankba" ,
"uuid" : "5a3b8d70-ec8c-4775-8013-4ea402de0b81"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--7d9cca50-8758-408a-8b14-ed4a9a4d430c" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-12-21T10:31:15.000Z" ,
"modified" : "2017-12-21T10:31:15.000Z" ,
"pattern" : "[file:hashes.MD5 = 'f3dd79ffb45d226dd029da7c61192e26' AND file:hashes.SHA1 = '537cf4311fb66b3740c0a1dc9ba073132d9e0d04' AND file:hashes.SHA256 = 'b530de08530d1ba19a94bc075e74e2236c106466dedc92be3abdee9908e8cf7e']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-12-21T10:31:15Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--ab3d3480-cd31-477a-b4ea-86c6b2c6b49e" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-12-21T10:31:12.000Z" ,
"modified" : "2017-12-21T10:31:12.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/b530de08530d1ba19a94bc075e74e2236c106466dedc92be3abdee9908e8cf7e/analysis/1513817428/" ,
"category" : "External analysis" ,
"comment" : "PyInstaller" ,
"uuid" : "5a3b8d70-ce14-4855-b70d-4cf502de0b81"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "9/66" ,
"category" : "Other" ,
"comment" : "PyInstaller" ,
"uuid" : "5a3b8d70-fb58-45a6-9234-456702de0b81"
} ,
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2017-12-21T00:50:28" ,
"category" : "Other" ,
"comment" : "PyInstaller" ,
"uuid" : "5a3b8d70-1858-4553-a6f7-468802de0b81"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--6eb3baa6-0a6b-49d7-bedd-38b80630776a" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-12-21T10:31:15.000Z" ,
"modified" : "2017-12-21T10:31:15.000Z" ,
"pattern" : "[file:hashes.MD5 = '985d627f638bbd89ba48676625ec9073' AND file:hashes.SHA1 = 'e57713866a28487098d6b735a55468a1570d00a1' AND file:hashes.SHA256 = '4eb2dd5e90bda6da5efbd213c8472775bdd16e67bcf559f58802a8c371848212']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-12-21T10:31:15Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--95dea47f-9eef-42d6-96c9-ac3d27d67d27" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-12-21T10:31:12.000Z" ,
"modified" : "2017-12-21T10:31:12.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/4eb2dd5e90bda6da5efbd213c8472775bdd16e67bcf559f58802a8c371848212/analysis/1513838441/" ,
"category" : "External analysis" ,
"comment" : "Microsoft Compiled HTML Help (CHM)" ,
"uuid" : "5a3b8d70-e83c-4834-9b37-4cf302de0b81"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "2/59" ,
"category" : "Other" ,
"comment" : "Microsoft Compiled HTML Help (CHM)" ,
"uuid" : "5a3b8d70-ce40-435e-a877-433e02de0b81"
} ,
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2017-12-21T06:40:41" ,
"category" : "Other" ,
"comment" : "Microsoft Compiled HTML Help (CHM)" ,
"uuid" : "5a3b8d70-ebf0-4628-a2e6-4cef02de0b81"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--4923113d-bb45-4277-8e0f-4bcfd995292d" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-12-21T10:31:15.000Z" ,
"modified" : "2017-12-21T10:31:15.000Z" ,
"pattern" : "[file:hashes.MD5 = 'ad99fd5711dbec2520f62385a595ee3b' AND file:hashes.SHA1 = '0d64b1157efb689f75a0c92d475e960ecd139304' AND file:hashes.SHA256 = 'cbebafb2f4d77967ffb1a74aac09633b5af616046f31dddf899019ba78a55411']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-12-21T10:31:15Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--b9d97deb-ca5d-4825-b6ff-084898e27f88" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-12-21T10:31:12.000Z" ,
"modified" : "2017-12-21T10:31:12.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/cbebafb2f4d77967ffb1a74aac09633b5af616046f31dddf899019ba78a55411/analysis/1513838218/" ,
"category" : "External analysis" ,
"comment" : "PowerSpritz" ,
"uuid" : "5a3b8d70-a6a0-4633-a1cd-46cf02de0b81"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "11/67" ,
"category" : "Other" ,
"comment" : "PowerSpritz" ,
"uuid" : "5a3b8d70-7d90-40d0-8f35-4c0902de0b81"
} ,
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2017-12-21T06:36:58" ,
"category" : "Other" ,
"comment" : "PowerSpritz" ,
"uuid" : "5a3b8d70-b308-4584-8dee-436302de0b81"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--499ec873-7210-418a-ac7a-9c473e7cee8f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-12-21T10:31:15.000Z" ,
"modified" : "2017-12-21T10:31:15.000Z" ,
"pattern" : "[file:hashes.MD5 = 'ec264b9c938355f1a7d1dc97c73fa9a6' AND file:hashes.SHA1 = '234600a43a957672b8145ea6566f9613a1906899' AND file:hashes.SHA256 = '1768f2e9cea5f8c97007c6f822531c1c9043c151187c54ebfb289980ff63d666']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-12-21T10:31:15Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--dbff892b-e51d-4ce6-ba0b-e0bbdc82c787" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-12-21T10:31:12.000Z" ,
"modified" : "2017-12-21T10:31:12.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/1768f2e9cea5f8c97007c6f822531c1c9043c151187c54ebfb289980ff63d666/analysis/1513799418/" ,
"category" : "External analysis" ,
"comment" : "PowerRatankba" ,
"uuid" : "5a3b8d70-2010-4867-bece-42a102de0b81"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "1/60" ,
"category" : "Other" ,
"comment" : "PowerRatankba" ,
"uuid" : "5a3b8d70-8248-4966-9e4c-462302de0b81"
} ,
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2017-12-20T19:50:18" ,
"category" : "Other" ,
"comment" : "PowerRatankba" ,
"uuid" : "5a3b8d70-f2e0-425c-8ee3-477402de0b81"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--1a66fd87-8b0c-4eae-b17e-c03d830646ea" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-12-21T10:31:15.000Z" ,
"modified" : "2017-12-21T10:31:15.000Z" ,
"pattern" : "[file:hashes.MD5 = '43f7512685e72de1e8c0201ee4e189a7' AND file:hashes.SHA1 = '6ab10bd838f9b060f2380caafdea5ff09080f536' AND file:hashes.SHA256 = '81617bd4fa5d6c1a703c40157fbe16c55c11260723b7f63de022fd5dd241bdbf']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-12-21T10:31:15Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--3fc5fed1-7742-4f62-86d7-18a0b15c6b67" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-12-21T10:31:12.000Z" ,
"modified" : "2017-12-21T10:31:12.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/81617bd4fa5d6c1a703c40157fbe16c55c11260723b7f63de022fd5dd241bdbf/analysis/1513838347/" ,
"category" : "External analysis" ,
"comment" : "Microsoft Compiled HTML Help (CHM)" ,
"uuid" : "5a3b8d71-e804-44c4-b574-417302de0b81"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "2/60" ,
"category" : "Other" ,
"comment" : "Microsoft Compiled HTML Help (CHM)" ,
"uuid" : "5a3b8d71-dd6c-416c-aef4-43ee02de0b81"
} ,
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2017-12-21T06:39:07" ,
"category" : "Other" ,
"comment" : "Microsoft Compiled HTML Help (CHM)" ,
"uuid" : "5a3b8d71-d52c-4c0c-b61c-46e202de0b81"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--12376fcf-03df-4dd3-b86d-f205b2cd0333" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-12-21T10:31:16.000Z" ,
"modified" : "2017-12-21T10:31:16.000Z" ,
"pattern" : "[file:hashes.MD5 = '0518ca7a8bd6d93bbafc6022669d5459' AND file:hashes.SHA1 = '4a084d8245706683d4e4cd5797a2a9f35fa89749' AND file:hashes.SHA256 = '9ca3e56dcb2d1b92e88a0d09d8cab2207ee6d1f55bada744ef81e8b8cf155453']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-12-21T10:31:16Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--c798e259-325d-43d9-b3c5-080f027612e0" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-12-21T10:31:13.000Z" ,
"modified" : "2017-12-21T10:31:13.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/9ca3e56dcb2d1b92e88a0d09d8cab2207ee6d1f55bada744ef81e8b8cf155453/analysis/1513838282/" ,
"category" : "External analysis" ,
"comment" : "PowerSpritz" ,
"uuid" : "5a3b8d71-f348-471f-8ceb-4c0602de0b81"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "12/67" ,
"category" : "Other" ,
"comment" : "PowerSpritz" ,
"uuid" : "5a3b8d71-3090-496d-bf48-452402de0b81"
} ,
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2017-12-21T06:38:02" ,
"category" : "Other" ,
"comment" : "PowerSpritz" ,
"uuid" : "5a3b8d71-9ccc-4e71-8385-47d602de0b81"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--05d3637e-62f6-4c54-b66a-3eac1319941a" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-12-21T10:31:16.000Z" ,
"modified" : "2017-12-21T10:31:16.000Z" ,
"pattern" : "[file:hashes.MD5 = '23cbc415d94b1841a8a737295dc651ce' AND file:hashes.SHA1 = '50420970d17af649affaee6be801968aa4c01e46' AND file:hashes.SHA256 = '8ff100ca86cb62117f1290e71d5f9c0519661d6c955d9fcfb71f0bbdf75b51b3']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-12-21T10:31:16Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--4df96f45-1a2b-4ce4-99c7-4e004dd6e8a8" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-12-21T10:31:13.000Z" ,
"modified" : "2017-12-21T10:31:13.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/8ff100ca86cb62117f1290e71d5f9c0519661d6c955d9fcfb71f0bbdf75b51b3/analysis/1513776239/" ,
"category" : "External analysis" ,
"comment" : "JavaScript" ,
"uuid" : "5a3b8d71-7164-42ea-a052-437502de0b81"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "12/59" ,
"category" : "Other" ,
"comment" : "JavaScript" ,
"uuid" : "5a3b8d71-d878-4b50-92d5-426202de0b81"
} ,
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2017-12-20T13:23:59" ,
"category" : "Other" ,
"comment" : "JavaScript" ,
"uuid" : "5a3b8d71-1c64-41fb-8817-43d702de0b81"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5ea86c44-3d9c-471f-a447-cc02b208592c" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-12-21T10:31:16.000Z" ,
"modified" : "2017-12-21T10:31:16.000Z" ,
"pattern" : "[file:hashes.MD5 = '01118e4cd8adec69c84e0311ec677971' AND file:hashes.SHA1 = 'a07dc261645c7b3ff5f37f5ae7ee0b629ab8f109' AND file:hashes.SHA256 = '7975c09dd436fededd38acee9769ad367bfe07c769770bd152f33a10ed36529e']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-12-21T10:31:16Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--d098ecd3-4e1e-4602-92b9-45f53956eead" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-12-21T10:31:13.000Z" ,
"modified" : "2017-12-21T10:31:13.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/7975c09dd436fededd38acee9769ad367bfe07c769770bd152f33a10ed36529e/analysis/1513838753/" ,
"category" : "External analysis" ,
"comment" : "JavaScript" ,
"uuid" : "5a3b8d71-4590-4fa4-a7d2-489902de0b81"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "10/58" ,
"category" : "Other" ,
"comment" : "JavaScript" ,
"uuid" : "5a3b8d71-69b0-41dd-9a3a-4d9f02de0b81"
} ,
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2017-12-21T06:45:53" ,
"category" : "Other" ,
"comment" : "JavaScript" ,
"uuid" : "5a3b8d71-78fc-465c-9dba-473302de0b81"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--95eca2e7-7290-4557-8b1c-72a9e7b68da4" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-12-21T10:31:16.000Z" ,
"modified" : "2017-12-21T10:31:16.000Z" ,
"pattern" : "[file:hashes.MD5 = '9ed66ef9fba9984fe7788eb1ec09d4ba' AND file:hashes.SHA1 = '688183a9b36993c6dcc93d7be7a3e96a364447c9' AND file:hashes.SHA256 = '100c6400331fa1919958bed122b88f1599a61b3bb113d98b218a535443ebc3a7']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-12-21T10:31:16Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--a4526f04-cb6e-4349-ab34-5587cf9dbf19" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-12-21T10:31:13.000Z" ,
"modified" : "2017-12-21T10:31:13.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/100c6400331fa1919958bed122b88f1599a61b3bb113d98b218a535443ebc3a7/analysis/1513838920/" ,
"category" : "External analysis" ,
"comment" : "JavaScript" ,
"uuid" : "5a3b8d71-55e8-418d-8a37-446202de0b81"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "14/60" ,
"category" : "Other" ,
"comment" : "JavaScript" ,
"uuid" : "5a3b8d71-81fc-48ff-b858-477402de0b81"
} ,
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2017-12-21T06:48:40" ,
"category" : "Other" ,
"comment" : "JavaScript" ,
"uuid" : "5a3b8d71-09bc-4555-ad45-441502de0b81"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--b593d6b3-0289-4c29-8448-2bb4d2de9d5e" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-12-21T10:31:16.000Z" ,
"modified" : "2017-12-21T10:31:16.000Z" ,
"pattern" : "[file:hashes.MD5 = '878ececefc811b91361b69ff25290a6e' AND file:hashes.SHA1 = 'fb17a710aa690d939d74a6687ae04787fb6324ca' AND file:hashes.SHA256 = '772b9b873100375c9696d87724f8efa2c8c1484853d40b52c6dc6f7759f5db01']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-12-21T10:31:16Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--2c9f7b5e-b7c1-45ee-bb59-facc1784a78f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-12-21T10:31:14.000Z" ,
"modified" : "2017-12-21T10:31:14.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/772b9b873100375c9696d87724f8efa2c8c1484853d40b52c6dc6f7759f5db01/analysis/1513799414/" ,
"category" : "External analysis" ,
"comment" : "Microsoft Compiled HTML Help (CHM)" ,
"uuid" : "5a3b8d72-8988-43a0-b1c4-488302de0b81"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "1/60" ,
"category" : "Other" ,
"comment" : "Microsoft Compiled HTML Help (CHM)" ,
"uuid" : "5a3b8d72-cea0-44c3-929e-461602de0b81"
} ,
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2017-12-20T19:50:14" ,
"category" : "Other" ,
"comment" : "Microsoft Compiled HTML Help (CHM)" ,
"uuid" : "5a3b8d72-a658-47d9-996e-443602de0b81"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5dc053d0-4cc0-4b36-b940-2552b8c9ec30" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-12-21T10:31:17.000Z" ,
"modified" : "2017-12-21T10:31:17.000Z" ,
"pattern" : "[file:hashes.MD5 = '157074713fc886e3632acc6f040982dd' AND file:hashes.SHA1 = 'ef263466563037c4f358e6467157194eb0752bdf' AND file:hashes.SHA256 = 'b9cf1cba0f626668793b9624e55c76e2dab56893b21239523f2a2a0281844c6d']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-12-21T10:31:17Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--50c5355f-02d7-4b0b-8116-332325c74894" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-12-21T10:31:14.000Z" ,
"modified" : "2017-12-21T10:31:14.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/b9cf1cba0f626668793b9624e55c76e2dab56893b21239523f2a2a0281844c6d/analysis/1513839053/" ,
"category" : "External analysis" ,
"comment" : "MS Office Docs" ,
"uuid" : "5a3b8d72-f83c-4200-8813-47e402de0b81"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "26/61" ,
"category" : "Other" ,
"comment" : "MS Office Docs" ,
"uuid" : "5a3b8d72-1408-4805-b520-48d002de0b81"
} ,
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2017-12-21T06:50:53" ,
"category" : "Other" ,
"comment" : "MS Office Docs" ,
"uuid" : "5a3b8d72-e134-4dbc-894e-419202de0b81"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
"id" : "relationship--ac220843-1c6a-4875-b690-48b24e862e06" ,
"created" : "2017-12-28T13:37:02.000Z" ,
"modified" : "2017-12-28T13:37:02.000Z" ,
2023-04-21 13:25:09 +00:00
"relationship_type" : "analysed-with" ,
2023-06-14 17:31:25 +00:00
"source_ref" : "indicator--88c0c9e5-6f55-4434-86f5-57ccf1ab779e" ,
"target_ref" : "x-misp-object--551d26ea-0d49-4a3d-8b80-61f1c2d46b4c"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
"id" : "relationship--1f4f8a21-ae75-4571-8b5e-b7a9c5676c51" ,
"created" : "2017-12-28T13:37:02.000Z" ,
"modified" : "2017-12-28T13:37:02.000Z" ,
2023-04-21 13:25:09 +00:00
"relationship_type" : "analysed-with" ,
2023-06-14 17:31:25 +00:00
"source_ref" : "indicator--e831a382-f6bf-43db-b38c-421df1ea3875" ,
"target_ref" : "x-misp-object--ef5cfba8-a647-4887-8626-5b716d830d90"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
"id" : "relationship--6d64a378-2c0d-4e89-9814-9580cc0e05c6" ,
"created" : "2017-12-28T13:37:02.000Z" ,
"modified" : "2017-12-28T13:37:02.000Z" ,
2023-04-21 13:25:09 +00:00
"relationship_type" : "analysed-with" ,
2023-06-14 17:31:25 +00:00
"source_ref" : "indicator--4b8c3132-e355-4ee4-91c9-e06a69a36da1" ,
"target_ref" : "x-misp-object--b1b7f438-e55c-4b57-b42d-503d60b57d4f"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
"id" : "relationship--92170480-2d43-4014-b982-de7b3b486f9c" ,
"created" : "2017-12-28T13:37:03.000Z" ,
"modified" : "2017-12-28T13:37:03.000Z" ,
2023-04-21 13:25:09 +00:00
"relationship_type" : "analysed-with" ,
2023-06-14 17:31:25 +00:00
"source_ref" : "indicator--1f87943e-6f0e-4b12-87b5-3116a0f725c0" ,
"target_ref" : "x-misp-object--789535f0-ec61-4de1-9988-165ac6c1ba5c"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
"id" : "relationship--9c0ae0b4-fb91-494a-af32-41fdd26fe143" ,
"created" : "2017-12-28T13:37:03.000Z" ,
"modified" : "2017-12-28T13:37:03.000Z" ,
2023-04-21 13:25:09 +00:00
"relationship_type" : "analysed-with" ,
2023-06-14 17:31:25 +00:00
"source_ref" : "indicator--cb269eaa-70e8-4564-b7f8-902352959fe6" ,
"target_ref" : "x-misp-object--9296c8a4-2d34-48e4-af42-15e57470eb84"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
"id" : "relationship--736f7057-8557-4333-a2e0-1c3dbb7f9002" ,
"created" : "2017-12-28T13:37:03.000Z" ,
"modified" : "2017-12-28T13:37:03.000Z" ,
2023-04-21 13:25:09 +00:00
"relationship_type" : "analysed-with" ,
2023-06-14 17:31:25 +00:00
"source_ref" : "indicator--1bae070e-81ad-4cfb-a316-00f6dd358a7d" ,
"target_ref" : "x-misp-object--4117fdf6-6c7c-4e4c-b695-d2b7214b42f4"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
"id" : "relationship--b1c6ec3a-67ba-45b6-936d-1125e59ad2ee" ,
"created" : "2017-12-28T13:37:03.000Z" ,
"modified" : "2017-12-28T13:37:03.000Z" ,
2023-04-21 13:25:09 +00:00
"relationship_type" : "analysed-with" ,
2023-06-14 17:31:25 +00:00
"source_ref" : "indicator--08352cd7-5beb-4bdf-b9df-3ae69f4f3084" ,
"target_ref" : "x-misp-object--7151d2df-fc05-4f72-8afe-b5c9db8e893e"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
"id" : "relationship--fa3899b9-1c49-41cf-aab1-96fd3bce155c" ,
"created" : "2017-12-28T13:37:03.000Z" ,
"modified" : "2017-12-28T13:37:03.000Z" ,
2023-04-21 13:25:09 +00:00
"relationship_type" : "analysed-with" ,
2023-06-14 17:31:25 +00:00
"source_ref" : "indicator--fa7170ec-f0f6-4900-922c-fce4d2eef064" ,
"target_ref" : "x-misp-object--27d3ea8e-4cae-4f1a-96c8-fcf4a788439f"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
"id" : "relationship--c7569ba5-4b88-45b9-83b0-2a3410acc643" ,
"created" : "2017-12-28T13:37:03.000Z" ,
"modified" : "2017-12-28T13:37:03.000Z" ,
2023-04-21 13:25:09 +00:00
"relationship_type" : "analysed-with" ,
2023-06-14 17:31:25 +00:00
"source_ref" : "indicator--37b63b78-21dd-47c0-9d23-3630e7cf8646" ,
"target_ref" : "x-misp-object--e69882c0-3bc4-47cc-a0bb-c0656d6b9d56"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
"id" : "relationship--3c68f730-8360-4e24-a6ad-00c8ded9343c" ,
"created" : "2017-12-28T13:37:03.000Z" ,
"modified" : "2017-12-28T13:37:03.000Z" ,
2023-04-21 13:25:09 +00:00
"relationship_type" : "analysed-with" ,
2023-06-14 17:31:25 +00:00
"source_ref" : "indicator--c126b790-4339-4aae-ae09-8907102e1a25" ,
"target_ref" : "x-misp-object--2b6f8da3-f975-46ce-b203-b6a2f7db28ff"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
"id" : "relationship--007403dd-5cf5-4070-a9e6-891ee6f12b73" ,
"created" : "2017-12-28T13:37:03.000Z" ,
"modified" : "2017-12-28T13:37:03.000Z" ,
2023-04-21 13:25:09 +00:00
"relationship_type" : "analysed-with" ,
2023-06-14 17:31:25 +00:00
"source_ref" : "indicator--4abea3bf-4859-444d-9735-ef6c73e34c7f" ,
"target_ref" : "x-misp-object--b3041cbd-a853-482a-af11-4b0b34855339"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
"id" : "relationship--afc06ee3-3b29-473c-b4c4-1eb1a0bbf345" ,
"created" : "2017-12-28T13:37:03.000Z" ,
"modified" : "2017-12-28T13:37:03.000Z" ,
2023-04-21 13:25:09 +00:00
"relationship_type" : "analysed-with" ,
2023-06-14 17:31:25 +00:00
"source_ref" : "indicator--1c816f49-c77c-4c10-8f5a-c738b2f91fd2" ,
"target_ref" : "x-misp-object--a15c3c61-18d5-4e2c-a4e6-f783b2dbb325"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
"id" : "relationship--f6afe6af-7406-4af4-b205-93d1d55210a0" ,
"created" : "2017-12-28T13:37:03.000Z" ,
"modified" : "2017-12-28T13:37:03.000Z" ,
2023-04-21 13:25:09 +00:00
"relationship_type" : "analysed-with" ,
2023-06-14 17:31:25 +00:00
"source_ref" : "indicator--179729f6-02e1-4594-b57f-f7db7e366b4b" ,
"target_ref" : "x-misp-object--6271f662-ebe5-449b-a28c-21625cb04c44"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
"id" : "relationship--7985a296-4923-4bd2-a027-83c20717822b" ,
"created" : "2017-12-28T13:37:03.000Z" ,
"modified" : "2017-12-28T13:37:03.000Z" ,
2023-04-21 13:25:09 +00:00
"relationship_type" : "analysed-with" ,
2023-06-14 17:31:25 +00:00
"source_ref" : "indicator--0b7d5bd6-9d5e-45e3-8ae5-ed7a9cf4f4ea" ,
"target_ref" : "x-misp-object--75f57830-e3b2-4daf-bd31-5b69941c370d"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
"id" : "relationship--377b5e7a-e7e3-4ab0-ad4f-83fb2b6c9ce4" ,
"created" : "2017-12-28T13:37:03.000Z" ,
"modified" : "2017-12-28T13:37:03.000Z" ,
2023-04-21 13:25:09 +00:00
"relationship_type" : "analysed-with" ,
2023-06-14 17:31:25 +00:00
"source_ref" : "indicator--3529ee04-a201-4e52-a164-1e5c4a096897" ,
"target_ref" : "x-misp-object--24b51380-5e74-4cc3-9d40-a9bf23181402"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
"id" : "relationship--f490cab1-a7dc-4e6c-8ce3-90065ec3e523" ,
"created" : "2017-12-28T13:37:03.000Z" ,
"modified" : "2017-12-28T13:37:03.000Z" ,
2023-04-21 13:25:09 +00:00
"relationship_type" : "analysed-with" ,
2023-06-14 17:31:25 +00:00
"source_ref" : "indicator--685f8167-ca1f-4f25-8ba4-cdf2aa6dae57" ,
"target_ref" : "x-misp-object--c1983f91-67eb-48b3-a8dc-df000704bef3"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
"id" : "relationship--4bff4e35-4463-4941-a9d9-64647ac148b7" ,
"created" : "2017-12-28T13:37:04.000Z" ,
"modified" : "2017-12-28T13:37:04.000Z" ,
2023-04-21 13:25:09 +00:00
"relationship_type" : "analysed-with" ,
2023-06-14 17:31:25 +00:00
"source_ref" : "indicator--4d916fb6-5ac9-487a-a45a-b2b5a2a8bd36" ,
"target_ref" : "x-misp-object--42454a41-4382-4b9b-bfb4-41c779793cd0"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
"id" : "relationship--74fdd57b-37db-4d76-a341-c4907b2fab03" ,
"created" : "2017-12-28T13:37:04.000Z" ,
"modified" : "2017-12-28T13:37:04.000Z" ,
2023-04-21 13:25:09 +00:00
"relationship_type" : "analysed-with" ,
2023-06-14 17:31:25 +00:00
"source_ref" : "indicator--a6e3a25b-f46a-4ed8-b0ac-d15d4772c156" ,
"target_ref" : "x-misp-object--e26a7bae-50f5-4b9f-a908-c09d124b96d5"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
"id" : "relationship--4ab77b3a-130d-476f-9ede-b0110e38b4fc" ,
"created" : "2017-12-28T13:37:04.000Z" ,
"modified" : "2017-12-28T13:37:04.000Z" ,
2023-04-21 13:25:09 +00:00
"relationship_type" : "analysed-with" ,
2023-06-14 17:31:25 +00:00
"source_ref" : "indicator--7d9cca50-8758-408a-8b14-ed4a9a4d430c" ,
"target_ref" : "x-misp-object--ab3d3480-cd31-477a-b4ea-86c6b2c6b49e"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
"id" : "relationship--54669cfa-97ca-4086-9e3a-28c88e444524" ,
"created" : "2017-12-28T13:37:04.000Z" ,
"modified" : "2017-12-28T13:37:04.000Z" ,
2023-04-21 13:25:09 +00:00
"relationship_type" : "analysed-with" ,
2023-06-14 17:31:25 +00:00
"source_ref" : "indicator--6eb3baa6-0a6b-49d7-bedd-38b80630776a" ,
"target_ref" : "x-misp-object--95dea47f-9eef-42d6-96c9-ac3d27d67d27"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
"id" : "relationship--2dc366ad-335b-4b4f-9299-d3d81b9e9678" ,
"created" : "2017-12-28T13:37:04.000Z" ,
"modified" : "2017-12-28T13:37:04.000Z" ,
2023-04-21 13:25:09 +00:00
"relationship_type" : "analysed-with" ,
2023-06-14 17:31:25 +00:00
"source_ref" : "indicator--4923113d-bb45-4277-8e0f-4bcfd995292d" ,
"target_ref" : "x-misp-object--b9d97deb-ca5d-4825-b6ff-084898e27f88"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
"id" : "relationship--d5a5546b-40aa-40a3-8592-ac8252c78f75" ,
"created" : "2017-12-28T13:37:04.000Z" ,
"modified" : "2017-12-28T13:37:04.000Z" ,
2023-04-21 13:25:09 +00:00
"relationship_type" : "analysed-with" ,
2023-06-14 17:31:25 +00:00
"source_ref" : "indicator--499ec873-7210-418a-ac7a-9c473e7cee8f" ,
"target_ref" : "x-misp-object--dbff892b-e51d-4ce6-ba0b-e0bbdc82c787"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
"id" : "relationship--d897b67d-0b66-4291-995a-02b9ad185028" ,
"created" : "2017-12-28T13:37:04.000Z" ,
"modified" : "2017-12-28T13:37:04.000Z" ,
2023-04-21 13:25:09 +00:00
"relationship_type" : "analysed-with" ,
2023-06-14 17:31:25 +00:00
"source_ref" : "indicator--1a66fd87-8b0c-4eae-b17e-c03d830646ea" ,
"target_ref" : "x-misp-object--3fc5fed1-7742-4f62-86d7-18a0b15c6b67"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
"id" : "relationship--f4db4906-d61a-4c10-80af-881084ac1ba5" ,
"created" : "2017-12-28T13:37:04.000Z" ,
"modified" : "2017-12-28T13:37:04.000Z" ,
2023-04-21 13:25:09 +00:00
"relationship_type" : "analysed-with" ,
2023-06-14 17:31:25 +00:00
"source_ref" : "indicator--12376fcf-03df-4dd3-b86d-f205b2cd0333" ,
"target_ref" : "x-misp-object--c798e259-325d-43d9-b3c5-080f027612e0"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
"id" : "relationship--a85af541-a98c-427d-8bab-20c50941c0b8" ,
"created" : "2017-12-28T13:37:04.000Z" ,
"modified" : "2017-12-28T13:37:04.000Z" ,
2023-04-21 13:25:09 +00:00
"relationship_type" : "analysed-with" ,
2023-06-14 17:31:25 +00:00
"source_ref" : "indicator--05d3637e-62f6-4c54-b66a-3eac1319941a" ,
"target_ref" : "x-misp-object--4df96f45-1a2b-4ce4-99c7-4e004dd6e8a8"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
"id" : "relationship--706e8f4c-3b91-47c4-9b3e-66f96b087880" ,
"created" : "2017-12-28T13:37:04.000Z" ,
"modified" : "2017-12-28T13:37:04.000Z" ,
2023-04-21 13:25:09 +00:00
"relationship_type" : "analysed-with" ,
2023-06-14 17:31:25 +00:00
"source_ref" : "indicator--5ea86c44-3d9c-471f-a447-cc02b208592c" ,
"target_ref" : "x-misp-object--d098ecd3-4e1e-4602-92b9-45f53956eead"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
"id" : "relationship--c461064c-5a2e-4bb0-8559-70dcf86158e2" ,
"created" : "2017-12-28T13:37:04.000Z" ,
"modified" : "2017-12-28T13:37:04.000Z" ,
2023-04-21 13:25:09 +00:00
"relationship_type" : "analysed-with" ,
2023-06-14 17:31:25 +00:00
"source_ref" : "indicator--95eca2e7-7290-4557-8b1c-72a9e7b68da4" ,
"target_ref" : "x-misp-object--a4526f04-cb6e-4349-ab34-5587cf9dbf19"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
"id" : "relationship--2faa4f60-965b-4335-b863-b1b25518d223" ,
"created" : "2017-12-28T13:37:04.000Z" ,
"modified" : "2017-12-28T13:37:04.000Z" ,
2023-04-21 13:25:09 +00:00
"relationship_type" : "analysed-with" ,
2023-06-14 17:31:25 +00:00
"source_ref" : "indicator--b593d6b3-0289-4c29-8448-2bb4d2de9d5e" ,
"target_ref" : "x-misp-object--2c9f7b5e-b7c1-45ee-bb59-facc1784a78f"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
"id" : "relationship--d2ba93be-c8a2-45e2-a5e3-0cb66124d6ec" ,
"created" : "2017-12-28T13:37:04.000Z" ,
"modified" : "2017-12-28T13:37:04.000Z" ,
2023-04-21 13:25:09 +00:00
"relationship_type" : "analysed-with" ,
2023-06-14 17:31:25 +00:00
"source_ref" : "indicator--5dc053d0-4cc0-4b36-b940-2552b8c9ec30" ,
"target_ref" : "x-misp-object--50c5355f-02d7-4b0b-8116-332325c74894"
} ,
{
"type" : "marking-definition" ,
"spec_version" : "2.1" ,
"id" : "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ,
"created" : "2017-01-20T00:00:00.000Z" ,
"definition_type" : "tlp" ,
"name" : "TLP:WHITE" ,
"definition" : {
"tlp" : "white"
}
}
2023-04-21 13:25:09 +00:00
]
}