2023-04-21 13:25:09 +00:00
{
2023-06-14 17:31:25 +00:00
"type" : "bundle" ,
"id" : "bundle--5a3bcbe0-3d70-427d-8744-4bdb950d210f" ,
"objects" : [
{
"type" : "identity" ,
"spec_version" : "2.1" ,
"id" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-02-10T03:01:13.000Z" ,
"modified" : "2018-02-10T03:01:13.000Z" ,
"name" : "CIRCL" ,
"identity_class" : "organization"
} ,
{
"type" : "report" ,
"spec_version" : "2.1" ,
"id" : "report--5a3bcbe0-3d70-427d-8744-4bdb950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-02-10T03:01:13.000Z" ,
"modified" : "2018-02-10T03:01:13.000Z" ,
"name" : "OSINT - DownAndExec: Banking malware utilizes CDNs in Brazil" ,
"published" : "2018-02-16T08:57:17Z" ,
"object_refs" : [
"observed-data--5a3cc4fd-5fd0-4c16-a65a-4c62950d210f" ,
"url--5a3cc4fd-5fd0-4c16-a65a-4c62950d210f" ,
"x-misp-attribute--5a5c6f2a-afc8-41e1-8a1f-43b9950d210f" ,
"indicator--5a5c771a-0068-47dc-8e20-47ad950d210f" ,
"indicator--5a5c771b-1804-42f0-9701-4e5d950d210f" ,
"indicator--5a5c771b-5054-4f25-914e-4aee950d210f" ,
"indicator--5a5c771b-6a2c-45ff-8d55-47b0950d210f" ,
"indicator--5a5c771c-9a58-45ea-a3c7-4555950d210f" ,
"indicator--5a5c7a0d-71d4-465e-b761-ae5c950d210f" ,
"indicator--5a5c7a0e-4c48-42d5-acbc-ae5c950d210f" ,
"indicator--5a5c7109-1514-4b03-aca8-c84f950d210f" ,
"indicator--5a5c712c-c8f0-4033-a3c6-ae5c950d210f" ,
"indicator--5a5c7153-7a80-4f92-a162-af7f950d210f" ,
"indicator--5a5c7165-f8fc-41f9-84f1-4c94950d210f" ,
"indicator--5a5c717d-7e58-4fbf-8c33-c84f950d210f" ,
"indicator--5a5c7192-cb54-4a77-8f2f-ae1e950d210f" ,
"indicator--352791b2-86bb-41ad-9481-10549ebea11f" ,
"x-misp-object--db289675-d7e8-42b0-a80d-1d0f73eac08b" ,
"indicator--323bf06e-4c08-4825-9e3d-490b985d27f1" ,
"x-misp-object--3c950c89-f255-4ce4-bdf5-b3cb9a34eada" ,
"indicator--989dca8a-94e7-414f-9bb9-299b6407cfe4" ,
"x-misp-object--b8d9d264-06d8-465a-81c9-a4cd48c9deaa" ,
"indicator--ec87a3b7-5f72-4b59-8d53-6e2767f4328f" ,
"x-misp-object--8c9d5426-4f3b-4bfd-b166-40f4e69c8998" ,
"indicator--5e44b32b-6d75-4ac9-a643-96970dee4e3e" ,
"x-misp-object--532bbc5d-ad5f-4281-88f9-a027f31718ae" ,
"indicator--362d20e1-90b1-45c8-b536-5e2fc281fe8a" ,
"x-misp-object--0d641165-660b-4c56-a989-5f27840d94f1" ,
"indicator--9e1132f7-a6f0-4966-8d8e-a8ba91337184" ,
"x-misp-object--9ddbe62a-df3a-4968-8fb1-4b46e61d0abe" ,
"indicator--a4602179-8407-4714-8ce8-73e739f8f93e" ,
"x-misp-object--23e90ff7-f68e-4f1e-abfb-1d24b0480d18" ,
"indicator--368ea62b-9c92-41fd-aa29-ad77f6f49144" ,
"x-misp-object--ffa1925f-32e0-4ddf-ac99-db930609d495" ,
"indicator--b4c72aed-63bf-4f2a-8794-047d36abe533" ,
"x-misp-object--43e3402c-ec4a-4afc-859b-18cdd344f48f" ,
"relationship--91512ed2-e597-42c5-b299-43901b370416" ,
"relationship--0f08b67d-ecbd-4534-ba66-58d00f3d164f" ,
"relationship--d6fe8a5d-2dc8-4a11-b017-9d9b5472edd1" ,
"relationship--0adabebe-a803-496b-b9df-92ac716e2a40" ,
"relationship--b0826e6f-5b95-4ab2-bd8c-dc487ca5bc4a" ,
"relationship--f213c4b8-d44f-44bf-9650-d8b24a3b7e55" ,
"relationship--6a898df3-7e35-44a0-a63f-412e61a3fa74" ,
"relationship--dcafd270-9c09-43a4-9f40-ed06b3b7477a" ,
"relationship--20009e25-69d1-4c12-9e7f-a64f0b3aa126" ,
"relationship--ca4189f5-fc28-4ff3-b0d7-caba49bee06d"
] ,
"labels" : [
"Threat-Report" ,
"misp:tool=\"MISP-STIX-Converter\"" ,
"circl:incident-classification=\"malware\"" ,
"ms-caro-malware-full:malware-family=\"Banker\""
] ,
"object_marking_refs" : [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--5a3cc4fd-5fd0-4c16-a65a-4c62950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-02-09T14:04:47.000Z" ,
"modified" : "2018-02-09T14:04:47.000Z" ,
"first_observed" : "2018-02-09T14:04:47Z" ,
"last_observed" : "2018-02-09T14:04:47Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--5a3cc4fd-5fd0-4c16-a65a-4c62950d210f"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\"" ,
"osint:source-type=\"blog-post\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--5a3cc4fd-5fd0-4c16-a65a-4c62950d210f" ,
"value" : "https://www.welivesecurity.com/2017/09/13/downandexec-banking-malware-cdns-brazil/"
} ,
{
"type" : "x-misp-attribute" ,
"spec_version" : "2.1" ,
"id" : "x-misp-attribute--5a5c6f2a-afc8-41e1-8a1f-43b9950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-02-09T14:04:47.000Z" ,
"modified" : "2018-02-09T14:04:47.000Z" ,
"labels" : [
"misp:type=\"comment\"" ,
"misp:category=\"External analysis\"" ,
"osint:source-type=\"blog-post\""
] ,
"x_misp_category" : "External analysis" ,
"x_misp_type" : "comment" ,
"x_misp_value" : "Services like Netflix use content delivery networks (CDNs) to maximize bandwidth usage as it gives users greater speed when viewing the content, as the server is close to them and is part of the Netflix CDN. This results in faster loading times for series and movies, wherever you are in the world. But, apparently, the CDNs are starting to become a new way of spreading malware.\r\n\r\nThe attack chain is very extensive, and incorporates the execution of remote scripts (similar in some respects to the recent \u00e2\u20ac\u0153fileless\u00e2\u20ac\u009d banking malware trend), plus the use of CDNs for command and control (C&C), and other standard techniques for the execution and protection of malware.\r\n\r\nThe purpose of this article is to offer an analysis of the downAndExec standard that is making extensive use of JS scripts to download and execute \u00e2\u20ac\u201d in this particular instance, banking malware on victims\u00e2\u20ac\u2122 computers."
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a5c771a-0068-47dc-8e20-47ad950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-01-15T09:40:42.000Z" ,
"modified" : "2018-01-15T09:40:42.000Z" ,
"description" : "NSIS/TrojanDropper.Agent.CL" ,
"pattern" : "[file:hashes.SHA1 = '30fc877887d6845007503f3abd44ec261a0d40c7']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-01-15T09:40:42Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a5c771b-1804-42f0-9701-4e5d950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-01-15T09:40:43.000Z" ,
"modified" : "2018-01-15T09:40:43.000Z" ,
"description" : "NSIS/TrojanDropper.Agent.CL" ,
"pattern" : "[file:hashes.SHA1 = '34f917aaba5684fbe56d3c57d48ef2a1aa7cf06d']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-01-15T09:40:43Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a5c771b-5054-4f25-914e-4aee950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-01-15T09:40:43.000Z" ,
"modified" : "2018-01-15T09:40:43.000Z" ,
"description" : "NSIS/TrojanDropper.Agent.CL" ,
"pattern" : "[file:hashes.SHA1 = 'bffaabcce3f4cced896f745a7ec4eba207028683']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-01-15T09:40:43Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a5c771b-6a2c-45ff-8d55-47b0950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-01-15T09:40:43.000Z" ,
"modified" : "2018-01-15T09:40:43.000Z" ,
"description" : "JS/TrojanDownloader.Agent.QPA" ,
"pattern" : "[file:hashes.MD5 = '2ad3b1669e8302035e24c838b3c08f2c']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-01-15T09:40:43Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a5c771c-9a58-45ea-a3c7-4555950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-01-15T09:40:44.000Z" ,
"modified" : "2018-01-15T09:40:44.000Z" ,
"description" : "Win32/Spy.Banker.ADYV" ,
"pattern" : "[file:hashes.MD5 = '51aed47cc54e9671f3ea71f8ee584952']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-01-15T09:40:44Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a5c7a0d-71d4-465e-b761-ae5c950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-02-09T14:04:48.000Z" ,
"modified" : "2018-02-09T14:04:48.000Z" ,
"pattern" : "[url:value = 'https://1402712571.rsc.cdn77.org']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-02-09T14:04:48Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a5c7a0e-4c48-42d5-acbc-ae5c950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-02-09T14:04:48.000Z" ,
"modified" : "2018-02-09T14:04:48.000Z" ,
"description" : "inactive" ,
"pattern" : "[url:value = 'https://1356485243.rsc.cdn77.org']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-02-09T14:04:48Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a5c7109-1514-4b03-aca8-c84f950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-01-15T09:14:49.000Z" ,
"modified" : "2018-01-15T09:14:49.000Z" ,
"pattern" : "[file:hashes.SHA1 = '37648e4b95636e3ee5a68e3fa8c0735125126c17' AND file:name = 'AppAdobeFPlayer_1497851813.exe' AND file:x_misp_state = 'Malicious']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-01-15T09:14:49Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a5c712c-c8f0-4033-a3c6-ae5c950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-01-15T09:15:24.000Z" ,
"modified" : "2018-01-15T09:15:24.000Z" ,
"pattern" : "[file:hashes.SHA1 = '38b7611bb20985512f86dc2c38247593e58a1df6' AND file:name = 'Consulta_Resultado05062017.exe' AND file:x_misp_state = 'Malicious']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-01-15T09:15:24Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a5c7153-7a80-4f92-a162-af7f950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-01-15T09:16:03.000Z" ,
"modified" : "2018-01-15T09:16:03.000Z" ,
"pattern" : "[file:hashes.SHA1 = '67458b503047852dd603080946842472e575b856' AND file:name = 'NotaFiscal.exe' AND file:x_misp_state = 'Malicious']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-01-15T09:16:03Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a5c7165-f8fc-41f9-84f1-4c94950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-01-15T09:16:21.000Z" ,
"modified" : "2018-01-15T09:16:21.000Z" ,
"pattern" : "[file:hashes.SHA1 = '8ea2c548bcb974a380fece046a7e3f0218632ff2' AND file:name = 'n\u00c3\u00a3o confirmado 923337.crdownload' AND file:x_misp_state = 'Malicious']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-01-15T09:16:21Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a5c717d-7e58-4fbf-8c33-c84f950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-01-15T09:16:45.000Z" ,
"modified" : "2018-01-15T09:16:45.000Z" ,
"pattern" : "[file:hashes.SHA1 = 'bffaabcce3f4cced896f745a7ec4eba2070286b3' AND file:name = '5ae9e0f3867ae8a317031fc9a5ed886e.virus' AND file:x_misp_state = 'Malicious']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-01-15T09:16:45Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a5c7192-cb54-4a77-8f2f-ae1e950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-01-15T09:17:06.000Z" ,
"modified" : "2018-01-15T09:17:06.000Z" ,
"pattern" : "[file:hashes.SHA1 = 'effb36259accdfff07c036c5a41b357692577265' AND file:name = 'Consulta_Resultado05062017.exe' AND file:x_misp_state = 'Malicious']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-01-15T09:17:06Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--352791b2-86bb-41ad-9481-10549ebea11f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-02-09T14:04:51.000Z" ,
"modified" : "2018-02-09T14:04:51.000Z" ,
"pattern" : "[file:hashes.MD5 = '51aed47cc54e9671f3ea71f8ee584952' AND file:hashes.SHA1 = '5c5d23fcb759d900c0158948695b43f63df4a99d' AND file:hashes.SHA256 = '08895e31448976adfbe419d1db92650bfb8b937f13597e6222fba965d3e999e0']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-02-09T14:04:51Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--db289675-d7e8-42b0-a80d-1d0f73eac08b" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-02-09T14:04:50.000Z" ,
"modified" : "2018-02-09T14:04:50.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/08895e31448976adfbe419d1db92650bfb8b937f13597e6222fba965d3e999e0/analysis/1509045877/" ,
"category" : "External analysis" ,
"comment" : "Win32/Spy.Banker.ADYV" ,
"uuid" : "5a7daa82-5084-4e96-b1b7-481e02de0b81"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "42/66" ,
"category" : "Other" ,
"comment" : "Win32/Spy.Banker.ADYV" ,
"uuid" : "5a7daa82-ce04-4a13-b4dc-4dd902de0b81"
} ,
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2017-10-26T19:24:37" ,
"category" : "Other" ,
"comment" : "Win32/Spy.Banker.ADYV" ,
"uuid" : "5a7daa83-7f20-42ba-9919-459c02de0b81"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--323bf06e-4c08-4825-9e3d-490b985d27f1" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-02-09T14:04:54.000Z" ,
"modified" : "2018-02-09T14:04:54.000Z" ,
"pattern" : "[file:hashes.MD5 = '2ad3b1669e8302035e24c838b3c08f2c' AND file:hashes.SHA1 = '21e6bfad68531acefa1a059015fb008742b5aeec' AND file:hashes.SHA256 = '15a739c1e02245e4f686ff46ca616ab73663fffac9c4de4290a1af4668405878']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-02-09T14:04:54Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--3c950c89-f255-4ce4-bdf5-b3cb9a34eada" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-02-09T14:04:53.000Z" ,
"modified" : "2018-02-09T14:04:53.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/15a739c1e02245e4f686ff46ca616ab73663fffac9c4de4290a1af4668405878/analysis/1509155544/" ,
"category" : "External analysis" ,
"comment" : "JS/TrojanDownloader.Agent.QPA" ,
"uuid" : "5a7daa85-4e94-4767-b81b-491502de0b81"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "26/59" ,
"category" : "Other" ,
"comment" : "JS/TrojanDownloader.Agent.QPA" ,
"uuid" : "5a7daa85-34f4-42de-856c-427902de0b81"
} ,
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2017-10-28T01:52:24" ,
"category" : "Other" ,
"comment" : "JS/TrojanDownloader.Agent.QPA" ,
"uuid" : "5a7daa86-e0c4-4f48-a687-466c02de0b81"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--989dca8a-94e7-414f-9bb9-299b6407cfe4" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-02-09T14:04:57.000Z" ,
"modified" : "2018-02-09T14:04:57.000Z" ,
"pattern" : "[file:hashes.MD5 = 'c5d56198560f2e263c7ae1af6fccae6c' AND file:hashes.SHA1 = '37648e4b95636e3ee5a68e3fa8c0735125126c17' AND file:hashes.SHA256 = 'ce300e38c0adbba46b1d46066cc3be3e5ce990c6406cb3e1713936acd124d174']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-02-09T14:04:57Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--b8d9d264-06d8-465a-81c9-a4cd48c9deaa" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-02-09T14:04:55.000Z" ,
"modified" : "2018-02-09T14:04:55.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/ce300e38c0adbba46b1d46066cc3be3e5ce990c6406cb3e1713936acd124d174/analysis/1509045679/" ,
"category" : "External analysis" ,
"uuid" : "5a7daa87-4afc-47dd-876d-492602de0b81"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "45/67" ,
"category" : "Other" ,
"uuid" : "5a7daa88-e2ac-4bd7-a8c1-484502de0b81"
} ,
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2017-10-26T19:21:19" ,
"category" : "Other" ,
"uuid" : "5a7daa88-7f20-461d-890d-44bc02de0b81"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--ec87a3b7-5f72-4b59-8d53-6e2767f4328f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-02-09T14:05:00.000Z" ,
"modified" : "2018-02-09T14:05:00.000Z" ,
"pattern" : "[file:hashes.MD5 = '1a5748d445565bf35a3cb6e6b6959fe2' AND file:hashes.SHA1 = '67458b503047852dd603080946842472e575b856' AND file:hashes.SHA256 = 'd7b430e18426fad00576add9e88c6b0c78eb194376dfa416ab805f5757188990']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-02-09T14:05:00Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--8c9d5426-4f3b-4bfd-b166-40f4e69c8998" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-02-09T14:04:58.000Z" ,
"modified" : "2018-02-09T14:04:58.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/d7b430e18426fad00576add9e88c6b0c78eb194376dfa416ab805f5757188990/analysis/1509045752/" ,
"category" : "External analysis" ,
"uuid" : "5a7daa8a-7c2c-4d8b-b395-413b02de0b81"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "40/67" ,
"category" : "Other" ,
"uuid" : "5a7daa8b-6934-465e-8d8e-4ff202de0b81"
} ,
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2017-10-26T19:22:32" ,
"category" : "Other" ,
"uuid" : "5a7daa8b-a6c8-404d-af6d-4e1302de0b81"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5e44b32b-6d75-4ac9-a643-96970dee4e3e" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-02-09T14:05:02.000Z" ,
"modified" : "2018-02-09T14:05:02.000Z" ,
"pattern" : "[file:hashes.MD5 = 'ab4832be975c95ce0348416741225143' AND file:hashes.SHA1 = '30fc877887d6845007503f3abd44ec261a0d40c7' AND file:hashes.SHA256 = '74c115091077182b4e9f1dc141fd2c91c50b0c61fd22117f71f880ebc4fe72bc']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-02-09T14:05:02Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--532bbc5d-ad5f-4281-88f9-a027f31718ae" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-02-09T14:05:01.000Z" ,
"modified" : "2018-02-09T14:05:01.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/74c115091077182b4e9f1dc141fd2c91c50b0c61fd22117f71f880ebc4fe72bc/analysis/1509045590/" ,
"category" : "External analysis" ,
"comment" : "NSIS/TrojanDropper.Agent.CL" ,
"uuid" : "5a7daa8d-995c-4415-90b2-41a602de0b81"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "36/66" ,
"category" : "Other" ,
"comment" : "NSIS/TrojanDropper.Agent.CL" ,
"uuid" : "5a7daa8d-7378-4f23-913b-467a02de0b81"
} ,
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2017-10-26T19:19:50" ,
"category" : "Other" ,
"comment" : "NSIS/TrojanDropper.Agent.CL" ,
"uuid" : "5a7daa8d-bf5c-453b-8111-49d202de0b81"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--362d20e1-90b1-45c8-b536-5e2fc281fe8a" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-02-09T14:05:05.000Z" ,
"modified" : "2018-02-09T14:05:05.000Z" ,
"pattern" : "[file:hashes.MD5 = '71b6a493388e7d0b40c83ce903bc6b04' AND file:hashes.SHA1 = '34f917aaba5684fbe56d3c57d48ef2a1aa7cf06d' AND file:hashes.SHA256 = '027cc450ef5f8c5f653329641ec1fed91f694e0d229928963b30f6b0d7d3a745']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-02-09T14:05:05Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--0d641165-660b-4c56-a989-5f27840d94f1" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-02-09T14:05:03.000Z" ,
"modified" : "2018-02-09T14:05:03.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/027cc450ef5f8c5f653329641ec1fed91f694e0d229928963b30f6b0d7d3a745/analysis/1517914078/" ,
"category" : "External analysis" ,
"comment" : "NSIS/TrojanDropper.Agent.CL" ,
"uuid" : "5a7daa8f-e930-4c13-b96f-493d02de0b81"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "59/65" ,
"category" : "Other" ,
"comment" : "NSIS/TrojanDropper.Agent.CL" ,
"uuid" : "5a7daa90-99dc-4e0c-b651-4bbc02de0b81"
} ,
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2018-02-06T10:47:58" ,
"category" : "Other" ,
"comment" : "NSIS/TrojanDropper.Agent.CL" ,
"uuid" : "5a7daa90-e0ec-488b-87f7-418802de0b81"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--9e1132f7-a6f0-4966-8d8e-a8ba91337184" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-02-09T14:05:08.000Z" ,
"modified" : "2018-02-09T14:05:08.000Z" ,
"pattern" : "[file:hashes.MD5 = '5ae9e0f3867ae8a317031fc9a5ed886e' AND file:hashes.SHA1 = 'bffaabcce3f4cced896f745a7ec4eba2070286b3' AND file:hashes.SHA256 = '45211c815cac28a399e3ad01d742b5811dae54d93918e969c685d4e8356d7c28']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-02-09T14:05:08Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--9ddbe62a-df3a-4968-8fb1-4b46e61d0abe" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-02-09T14:05:06.000Z" ,
"modified" : "2018-02-09T14:05:06.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/45211c815cac28a399e3ad01d742b5811dae54d93918e969c685d4e8356d7c28/analysis/1505331152/" ,
"category" : "External analysis" ,
"uuid" : "5a7daa92-a268-4a80-8fe2-422502de0b81"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "39/64" ,
"category" : "Other" ,
"uuid" : "5a7daa92-9ac8-48be-a710-4ceb02de0b81"
} ,
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2017-09-13T19:32:32" ,
"category" : "Other" ,
"uuid" : "5a7daa93-b3d4-4672-b604-454802de0b81"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--a4602179-8407-4714-8ce8-73e739f8f93e" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-02-09T14:05:10.000Z" ,
"modified" : "2018-02-09T14:05:10.000Z" ,
"pattern" : "[file:hashes.MD5 = 'e383d317b3c7bbd65a7c303746b7f12d' AND file:hashes.SHA1 = '38b7611bb20985512f86dc2c38247593e58a1df6' AND file:hashes.SHA256 = '6b08e5d92c7067eae8e222f2d13ba2a59fe36421eb2ece5054b5d97c593a38e2']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-02-09T14:05:10Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--23e90ff7-f68e-4f1e-abfb-1d24b0480d18" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-02-09T14:05:08.000Z" ,
"modified" : "2018-02-09T14:05:08.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/6b08e5d92c7067eae8e222f2d13ba2a59fe36421eb2ece5054b5d97c593a38e2/analysis/1509045704/" ,
"category" : "External analysis" ,
"uuid" : "5a7daa95-e77c-431d-bc9c-4cdc02de0b81"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "39/67" ,
"category" : "Other" ,
"uuid" : "5a7daa95-db80-4bcf-8c20-450a02de0b81"
} ,
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2017-10-26T19:21:44" ,
"category" : "Other" ,
"uuid" : "5a7daa95-88e8-49fe-be81-421b02de0b81"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--368ea62b-9c92-41fd-aa29-ad77f6f49144" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-02-09T14:05:13.000Z" ,
"modified" : "2018-02-09T14:05:13.000Z" ,
"pattern" : "[file:hashes.MD5 = '782eace45e76c28862396a2b6d5b3f1c' AND file:hashes.SHA1 = '8ea2c548bcb974a380fece046a7e3f0218632ff2' AND file:hashes.SHA256 = '66d9360a2a41a119a9337539e110d79f6e74e405755029d9241bf9afc20beed6']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-02-09T14:05:13Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--ffa1925f-32e0-4ddf-ac99-db930609d495" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-02-09T14:05:11.000Z" ,
"modified" : "2018-02-09T14:05:11.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/66d9360a2a41a119a9337539e110d79f6e74e405755029d9241bf9afc20beed6/analysis/1510180391/" ,
"category" : "External analysis" ,
"uuid" : "5a7daa97-96ac-4b57-877e-4cc502de0b81"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "41/67" ,
"category" : "Other" ,
"uuid" : "5a7daa97-1e08-4336-bef5-44c302de0b81"
} ,
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2017-11-08T22:33:11" ,
"category" : "Other" ,
"uuid" : "5a7daa98-6474-4cc5-85d9-481a02de0b81"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--b4c72aed-63bf-4f2a-8794-047d36abe533" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-02-09T14:05:15.000Z" ,
"modified" : "2018-02-09T14:05:15.000Z" ,
"pattern" : "[file:hashes.MD5 = 'b917b09c778d7aa7e5a2d98a5fba5b1e' AND file:hashes.SHA1 = 'effb36259accdfff07c036c5a41b357692577265' AND file:hashes.SHA256 = '91301d3daab1a87dfc8b4e39f8a120ea5523e04ac86fee970cecc6760e05c8fe']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-02-09T14:05:15Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--43e3402c-ec4a-4afc-859b-18cdd344f48f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-02-09T14:05:13.000Z" ,
"modified" : "2018-02-09T14:05:13.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/91301d3daab1a87dfc8b4e39f8a120ea5523e04ac86fee970cecc6760e05c8fe/analysis/1509045798/" ,
"category" : "External analysis" ,
"uuid" : "5a7daa9a-b7e8-4340-a315-416602de0b81"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "38/67" ,
"category" : "Other" ,
"uuid" : "5a7daa9a-f554-4959-827d-4d0702de0b81"
} ,
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2017-10-26T19:23:18" ,
"category" : "Other" ,
"uuid" : "5a7daa9a-d1fc-4984-9be0-45e902de0b81"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
"id" : "relationship--91512ed2-e597-42c5-b299-43901b370416" ,
"created" : "2018-02-16T08:57:16.000Z" ,
"modified" : "2018-02-16T08:57:16.000Z" ,
2023-04-21 13:25:09 +00:00
"relationship_type" : "analysed-with" ,
2023-06-14 17:31:25 +00:00
"source_ref" : "indicator--352791b2-86bb-41ad-9481-10549ebea11f" ,
"target_ref" : "x-misp-object--db289675-d7e8-42b0-a80d-1d0f73eac08b"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
"id" : "relationship--0f08b67d-ecbd-4534-ba66-58d00f3d164f" ,
"created" : "2018-02-16T08:57:17.000Z" ,
"modified" : "2018-02-16T08:57:17.000Z" ,
2023-04-21 13:25:09 +00:00
"relationship_type" : "analysed-with" ,
2023-06-14 17:31:25 +00:00
"source_ref" : "indicator--323bf06e-4c08-4825-9e3d-490b985d27f1" ,
"target_ref" : "x-misp-object--3c950c89-f255-4ce4-bdf5-b3cb9a34eada"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
"id" : "relationship--d6fe8a5d-2dc8-4a11-b017-9d9b5472edd1" ,
"created" : "2018-02-16T08:57:17.000Z" ,
"modified" : "2018-02-16T08:57:17.000Z" ,
2023-04-21 13:25:09 +00:00
"relationship_type" : "analysed-with" ,
2023-06-14 17:31:25 +00:00
"source_ref" : "indicator--989dca8a-94e7-414f-9bb9-299b6407cfe4" ,
"target_ref" : "x-misp-object--b8d9d264-06d8-465a-81c9-a4cd48c9deaa"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
"id" : "relationship--0adabebe-a803-496b-b9df-92ac716e2a40" ,
"created" : "2018-02-16T08:57:17.000Z" ,
"modified" : "2018-02-16T08:57:17.000Z" ,
2023-04-21 13:25:09 +00:00
"relationship_type" : "analysed-with" ,
2023-06-14 17:31:25 +00:00
"source_ref" : "indicator--ec87a3b7-5f72-4b59-8d53-6e2767f4328f" ,
"target_ref" : "x-misp-object--8c9d5426-4f3b-4bfd-b166-40f4e69c8998"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
"id" : "relationship--b0826e6f-5b95-4ab2-bd8c-dc487ca5bc4a" ,
"created" : "2018-02-16T08:57:17.000Z" ,
"modified" : "2018-02-16T08:57:17.000Z" ,
2023-04-21 13:25:09 +00:00
"relationship_type" : "analysed-with" ,
2023-06-14 17:31:25 +00:00
"source_ref" : "indicator--5e44b32b-6d75-4ac9-a643-96970dee4e3e" ,
"target_ref" : "x-misp-object--532bbc5d-ad5f-4281-88f9-a027f31718ae"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
"id" : "relationship--f213c4b8-d44f-44bf-9650-d8b24a3b7e55" ,
"created" : "2018-02-16T08:57:17.000Z" ,
"modified" : "2018-02-16T08:57:17.000Z" ,
2023-04-21 13:25:09 +00:00
"relationship_type" : "analysed-with" ,
2023-06-14 17:31:25 +00:00
"source_ref" : "indicator--362d20e1-90b1-45c8-b536-5e2fc281fe8a" ,
"target_ref" : "x-misp-object--0d641165-660b-4c56-a989-5f27840d94f1"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
"id" : "relationship--6a898df3-7e35-44a0-a63f-412e61a3fa74" ,
"created" : "2018-02-16T08:57:17.000Z" ,
"modified" : "2018-02-16T08:57:17.000Z" ,
2023-04-21 13:25:09 +00:00
"relationship_type" : "analysed-with" ,
2023-06-14 17:31:25 +00:00
"source_ref" : "indicator--9e1132f7-a6f0-4966-8d8e-a8ba91337184" ,
"target_ref" : "x-misp-object--9ddbe62a-df3a-4968-8fb1-4b46e61d0abe"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
"id" : "relationship--dcafd270-9c09-43a4-9f40-ed06b3b7477a" ,
"created" : "2018-02-16T08:57:17.000Z" ,
"modified" : "2018-02-16T08:57:17.000Z" ,
2023-04-21 13:25:09 +00:00
"relationship_type" : "analysed-with" ,
2023-06-14 17:31:25 +00:00
"source_ref" : "indicator--a4602179-8407-4714-8ce8-73e739f8f93e" ,
"target_ref" : "x-misp-object--23e90ff7-f68e-4f1e-abfb-1d24b0480d18"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
"id" : "relationship--20009e25-69d1-4c12-9e7f-a64f0b3aa126" ,
"created" : "2018-02-16T08:57:17.000Z" ,
"modified" : "2018-02-16T08:57:17.000Z" ,
2023-04-21 13:25:09 +00:00
"relationship_type" : "analysed-with" ,
2023-06-14 17:31:25 +00:00
"source_ref" : "indicator--368ea62b-9c92-41fd-aa29-ad77f6f49144" ,
"target_ref" : "x-misp-object--ffa1925f-32e0-4ddf-ac99-db930609d495"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
"id" : "relationship--ca4189f5-fc28-4ff3-b0d7-caba49bee06d" ,
"created" : "2018-02-16T08:57:17.000Z" ,
"modified" : "2018-02-16T08:57:17.000Z" ,
2023-04-21 13:25:09 +00:00
"relationship_type" : "analysed-with" ,
2023-06-14 17:31:25 +00:00
"source_ref" : "indicator--b4c72aed-63bf-4f2a-8794-047d36abe533" ,
"target_ref" : "x-misp-object--43e3402c-ec4a-4afc-859b-18cdd344f48f"
} ,
{
"type" : "marking-definition" ,
"spec_version" : "2.1" ,
"id" : "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ,
"created" : "2017-01-20T00:00:00.000Z" ,
"definition_type" : "tlp" ,
"name" : "TLP:WHITE" ,
"definition" : {
"tlp" : "white"
}
}
2023-04-21 13:25:09 +00:00
]
}