2023-04-21 13:25:09 +00:00
{
2023-06-14 17:31:25 +00:00
"type" : "bundle" ,
"id" : "bundle--5abf6421-c1b8-477b-a9d2-9c0902de0b81" ,
"objects" : [
{
"type" : "identity" ,
"spec_version" : "2.1" ,
"id" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-03-31T10:46:24.000Z" ,
"modified" : "2018-03-31T10:46:24.000Z" ,
"name" : "CIRCL" ,
"identity_class" : "organization"
} ,
{
"type" : "report" ,
"spec_version" : "2.1" ,
"id" : "report--5abf6421-c1b8-477b-a9d2-9c0902de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-03-31T10:46:24.000Z" ,
"modified" : "2018-03-31T10:46:24.000Z" ,
"name" : "OSINT - Crypter-as-a-Service Helps jRAT Fly Under The Radar" ,
"published" : "2018-03-31T10:46:39Z" ,
"object_refs" : [
"observed-data--5abf642d-5fa8-4bac-bf78-73e102de0b81" ,
"url--5abf642d-5fa8-4bac-bf78-73e102de0b81" ,
"indicator--5abf6444-4ca4-45dd-8726-be5302de0b81" ,
"indicator--5abf6445-9c80-40f4-a5ac-be5302de0b81" ,
"indicator--5abf6445-2224-46ea-84ca-be5302de0b81" ,
"indicator--5abf6446-89d4-4118-883c-be5302de0b81" ,
"indicator--5abf6446-c920-40b2-9756-be5302de0b81" ,
"indicator--5abf6447-4110-4acd-926f-be5302de0b81" ,
"indicator--5abf6447-68f0-439b-82ed-be5302de0b81" ,
"indicator--5abf6448-ef50-4db5-af30-be5302de0b81" ,
"observed-data--5abf659e-4cb8-4867-934a-bffd02de0b81" ,
"file--5abf659e-4cb8-4867-934a-bffd02de0b81" ,
"artifact--5abf659e-4cb8-4867-934a-bffd02de0b81" ,
"observed-data--5abf65e2-70f8-455b-a6a7-73e602de0b81" ,
"file--5abf65e2-70f8-455b-a6a7-73e602de0b81" ,
"artifact--5abf65e2-70f8-455b-a6a7-73e602de0b81" ,
"indicator--5abf6633-5e18-4ccb-88ed-bdd602de0b81" ,
"x-misp-attribute--5abf66b8-94b4-4306-bc6b-9b3a02de0b81" ,
"indicator--5abf66e1-b310-4869-bcf2-bca202de0b81" ,
"indicator--5abf66e2-5c9c-4390-ba87-bca202de0b81" ,
"observed-data--5abf66fd-8984-4e4c-9b22-bdd602de0b81" ,
"url--5abf66fd-8984-4e4c-9b22-bdd602de0b81" ,
"indicator--9f8377a2-614a-4c95-b23c-9843916ce750" ,
"x-misp-object--4887e799-a946-45b9-b17d-829e83965fb8" ,
"indicator--506f740b-a199-4f1e-b7ba-67e253b26d05" ,
"x-misp-object--19044ae8-56c6-4576-b6d2-67ea8f010aa1" ,
"indicator--ebbafa48-355a-4f73-9227-d05329f24cb7" ,
"x-misp-object--fc2df7b7-772d-4ad1-97fb-be696f3a14d2" ,
"indicator--bf58b01a-22fa-49d9-82b7-e3bfad752bd0" ,
"x-misp-object--c9dec079-cde4-4d06-ac74-b79ef362ad00" ,
"indicator--4496c403-6bc9-4d06-9f90-c56776eaaa02" ,
"x-misp-object--faaf775c-f3bc-4c06-986d-0eda27ef4706" ,
"indicator--e063f17d-444d-4129-ae42-2a5fe0de69cc" ,
"x-misp-object--c825cfef-d1db-481f-a382-9735dd1720cb" ,
"indicator--45b7f55b-64f2-4363-807a-aa68041fb61b" ,
"x-misp-object--92284358-1b21-472b-9385-89fb4fa7e8ef" ,
"indicator--7eebf218-879f-46fc-a3cc-d636fd99abe7" ,
"x-misp-object--e91e2a7b-10e6-4190-9b38-817b7eced5b9" ,
"relationship--cad2cc20-add4-41c4-b6cb-ae9229745791" ,
"relationship--10281790-e604-4b30-b47a-34c51108daf5" ,
"relationship--a8c37c4b-0987-4d0c-9819-b5d153e61671" ,
"relationship--e4c187c5-5cd0-4760-91e1-feb1ef64bfc3" ,
"relationship--acec2e68-3fb1-41f1-970f-67ca368e0076" ,
"relationship--26f314fe-04ba-4602-b9b2-e4c21473bd9a" ,
"relationship--a983e84a-b8f1-4138-a6fa-c84bcd919de3" ,
"relationship--6427899a-cc6d-4ebe-a88a-1f260ce3fe18"
] ,
"labels" : [
"Threat-Report" ,
"misp:tool=\"MISP-STIX-Converter\"" ,
"misp-galaxy:rat=\"jRAT\"" ,
"osint:source-type=\"blog-post\"" ,
"misp-galaxy:tool=\"qrat\"" ,
"misp-galaxy:rat=\"Quaverse\""
] ,
"object_marking_refs" : [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--5abf642d-5fa8-4bac-bf78-73e102de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-03-31T10:38:54.000Z" ,
"modified" : "2018-03-31T10:38:54.000Z" ,
"first_observed" : "2018-03-31T10:38:54Z" ,
"last_observed" : "2018-03-31T10:38:54Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--5abf642d-5fa8-4bac-bf78-73e102de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\"" ,
"osint:source-type=\"blog-post\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--5abf642d-5fa8-4bac-bf78-73e102de0b81" ,
"value" : "https://www.trustwave.com/Resources/SpiderLabs-Blog/Crypter-as-a-Service-Helps-jRAT-Fly-Under-The-Radar/"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5abf6444-4ca4-45dd-8726-be5302de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-03-31T10:34:44.000Z" ,
"modified" : "2018-03-31T10:34:44.000Z" ,
"description" : "Analyzed samples" ,
"pattern" : "[file:hashes.MD5 = '1eb3f344a0274bfa38c67f6b10650dcf']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-03-31T10:34:44Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5abf6445-9c80-40f4-a5ac-be5302de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-03-31T10:34:45.000Z" ,
"modified" : "2018-03-31T10:34:45.000Z" ,
"description" : "Analyzed samples" ,
"pattern" : "[file:hashes.MD5 = '64d72c5c86d3638034cd83178abcb82f']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-03-31T10:34:45Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5abf6445-2224-46ea-84ca-be5302de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-03-31T10:34:45.000Z" ,
"modified" : "2018-03-31T10:34:45.000Z" ,
"description" : "Analyzed samples" ,
"pattern" : "[file:hashes.MD5 = 'c52247ecffb2f7a42ef6fa0336671545']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-03-31T10:34:45Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5abf6446-89d4-4118-883c-be5302de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-03-31T10:34:46.000Z" ,
"modified" : "2018-03-31T10:34:46.000Z" ,
"description" : "Analyzed samples" ,
"pattern" : "[file:hashes.MD5 = 'ae77ffba57049418e5a720bf77d178a5']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-03-31T10:34:46Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5abf6446-c920-40b2-9756-be5302de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-03-31T10:34:46.000Z" ,
"modified" : "2018-03-31T10:34:46.000Z" ,
"description" : "Analyzed samples" ,
"pattern" : "[file:hashes.MD5 = '2f021a10804ac5db5ceb43b42f785a23']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-03-31T10:34:46Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5abf6447-4110-4acd-926f-be5302de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-03-31T10:34:47.000Z" ,
"modified" : "2018-03-31T10:34:47.000Z" ,
"description" : "Analyzed samples" ,
"pattern" : "[file:hashes.MD5 = 'daa0833d16cd9b6937803d1637284ad1']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-03-31T10:34:47Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5abf6447-68f0-439b-82ed-be5302de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-03-31T10:34:47.000Z" ,
"modified" : "2018-03-31T10:34:47.000Z" ,
"description" : "Analyzed samples" ,
"pattern" : "[file:hashes.MD5 = '6392741705126cb97a837cbb046cfe73']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-03-31T10:34:47Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5abf6448-ef50-4db5-af30-be5302de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-03-31T10:34:48.000Z" ,
"modified" : "2018-03-31T10:34:48.000Z" ,
"description" : "Analyzed samples" ,
"pattern" : "[file:hashes.MD5 = '8ae2c573bc0e0492efeabe78495c591e']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-03-31T10:34:48Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--5abf659e-4cb8-4867-934a-bffd02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-03-31T10:42:26.000Z" ,
"modified" : "2018-03-31T10:42:26.000Z" ,
"first_observed" : "2018-03-31T10:42:26Z" ,
"last_observed" : "2018-03-31T10:42:26Z" ,
"number_observed" : 1 ,
"object_refs" : [
"file--5abf659e-4cb8-4867-934a-bffd02de0b81" ,
"artifact--5abf659e-4cb8-4867-934a-bffd02de0b81"
] ,
"labels" : [
"misp:type=\"attachment\"" ,
"misp:category=\"External analysis\"" ,
"osint:source-type=\"blog-post\""
]
} ,
{
"type" : "file" ,
"spec_version" : "2.1" ,
"id" : "file--5abf659e-4cb8-4867-934a-bffd02de0b81" ,
"name" : "6a01676411d5a7970b01b7c95a2ed1970b-800wi.png" ,
"content_ref" : "artifact--5abf659e-4cb8-4867-934a-bffd02de0b81"
} ,
{
"type" : "artifact" ,
"spec_version" : "2.1" ,
"id" : "artifact--5abf659e-4cb8-4867-934a-bffd02de0b81" ,
"payload_bin" : " i V B O R w 0 K G g o A A A A N S U h E U g A A A f A A A A Q A C A Y A A A A e B g t Y A A A g A E l E Q V R 4 X u x d B 3 g U 1 d r + U k k I E K o Q O q J e A R U E B R V s i I q K A o o U F Z A r K C r Y C y q I A t c K o l c Q E U V U U E Q R U E A U s A F i 91 p + C 0 r v L f S Q n v 95 z 8 k 3 e / b s z O 4 S k 5 D N f v s 8 e Z K d n T l z 5 p 3 J v u f 9 a k x B Q U E B y U s Q E A Q E A U F A E B A E I g q B G C H w i L p f M l l B Q B A Q B A Q B Q U A h I A Q u D 4 I g I A g I A o K A I B C B C A i B R + B N k y k L A o K A I C A I C A J C 4 P I M C A K C g C A g C A g C E Y i A E H g E 3 j S Z s i A g C A g C g o A g I A Q u z 4 A g I A g I A o K A I B C B C A i B R + B N k y k L A o K A I C A I C A J C 4 P I M C A K C g C A g C A g C E Y i A E H g E 3 j S Z s i A g C A g C g o A g I A Q u z 4 A g I A g I A o K A I B C B C A i B R + B N k y k L A o K A I C A I C A J C 4 P I M C A K C g C A g C A g C E Y i A E H g E 3 j S Z s i A g C A g C g o A g I A Q u z 4 A g I A g I A o K A I B C B C A i B R + B N k y k L A o K A I C A I C A J C 4 P I M C A K C g C A g C A g C E Y i A E H g E 3 j S Z s i A g C A g C g o A g I A Q u z 4 A g I A g I A o K A I B C B C A i B R + B N k y k L A o K A I C A I C A J C 4 P I M C A K C g C A g C A g C E Y i A E H g E 3 j S Z s i A g C A g C g o A g I A Q u z 4 A g I A g I A o K A I B C B C A i B R + B N k y k L A o K A I C A I C A J C 4 P I M C A K C g C A g C A g C E Y i A E H g E 3 j S Z s i A g C A g C g o A g I A Q u z 4 A g I A g I A o K A I B C B C A i B R + B N k y k L A o K A I C A I C A J C 4 P I M C A K C g C A g C A g C E Y i A E H g E 3 j S Z s i A g C A g C g o A g I A Q u z 4 A g I A g I A o K A I B C B C A i B R + B N k y k L A o K A I C A I C A J C 4 P I M C A K C g C A g C A g C E Y i A E H g E 3 j S Z s i A g C A g C g o A g I A Q u z 4 A g I A g I A o K A I B C B C A i B R + B N k y k L A o K A I C A I C A J C 4 P I M C A K C g C A g C A g C E Y i A E H g E 3 j S Z s i A g C A g C g o A g I A Q u z 4 A g I A g I A o K A I B C B C A i B R + B N k y k L A o K A I C A I C A J C 4 P I M C A K C g C A g C A g C E Y i A E H g E 3 j S Z s i A g C A g C g o A g I A Q u z 4 A g I A g I A o K A I B C B C A i B R + B N k y k L A o K A I C A I C A J C 4 P I M C A K C g C A g C A g C E Y i A E H g E 3 j S Z s i A g C A g C g o A g I A Q u z 4 A g I A g I A o K A I B C B C A i B R + B N k y k L A o K A I C A I C A J C 4 P I M C A K C g C A g C A g C E Y i A E H g E 3 j S Z s i A g C A g C g o A g I A Q u z 4 A g I A g I A o K A I B C B C A i B R + B N k y k L A o K A I C A I C A J C 4 P I M C A K C g C A g C A g C E Y i A E H g E 3 j S Z s i A g C A g C g o A g I A Q u z 4 A g I A g I A o K A I B C B C A i B R + B N k y k L A o K A I C A I C A J C 4 P I M C A K C g C A g C A g C E Y i A E H g E 3 j S Z s i A g C A g C g o A g I A Q u z 4 A g I A g I A o K A I B C B C A i B R + B N k y k L A o K A I C A I C A J C 4 P / g G S g o K P g H R 5 f M o R k Z G b R //341eOXKlSklJaVkTlQMo8bExBTDKDKEICAICALRiYAQuHHfbULOz88nbIuLi1N75ebmEkjHfB8bG0v4wX55eXnqM+zD7+Pj49WxPBb2xefYF7/NY82xsD+fx+1YjM9j81g//PADjRgxgn799Vd1vjPPPJMefvhhOvnkk9UccD5s57F5HviMz2XOC9vxnudsH+s2L3Ms4BUKH8bLxtrt31EIPzq/pOSqBQFBwB2BqCdwLxWN7dnZ2ZSYmKiILycnR5FZhQoV1PusrCyKjY2h+PgERdbYF4QKQgIZZWdnUWJiBUVgIDIcn5SU5IyFYxISEtR7HIv9cDy2Z2Zmqs/wHufMycE89Fh5ebmUm5vnzAtj43yfffYZDRo0kLZu3arGyM8vUGNXr16dpkyZQl26dHHOzdeEY/ma8HhgHnjhc4yBa8QceF54j88wD32N2Q4euD5sw+c8FvbDdWh8MFaCgw/2Zyz1PHLVNdqLGyFy+eoSBAQBQUAI3EEgHNM3K08cBAIlijHIyJ9wQUYgbk3eeYpgmZyZYE1iA0kxseFYJm8QYG5ujiI6TdZ56sdrLHy2e/duevrpp+mll15SxM9KVqt7KP18Sk1NpZtvvpmGDBlCtWvXdoicCIsIf8Jlsva/pny1AME8eEGC68SxvLgxxwJeMTF6QeK7pniKjY0rvKZc51gQNxYbfI2MByvzUP+4ospDISSfCwKCQHlFIKoUeDjEbe8D1cmqFL+zsjL9lCQrbRAJyBoEXKGCVtpQqBiPFS/em+SNsUFcICtbaduq3VbHIMZNmzbRNddcQ99++60zBs6nzfxYAGgXAJvp27RpQ2+99RY1bNjQWRjYip+tByBnnhfmYloi+Jo0HrBEaKWNY1ml49iCArz3qXS9IMlV+GiVzthW8FP8GMt8hSLpUJ+X139euS5BQBCIbgSihsCDkbfbZ2wWZ3WsCRbqGEo7XpE1yIjVMt6DsPBeq/YcQowWiJDNzaaJnRUtiI5N2abSZhM7m6OZ+Jk0Z8+eTaNHj6a1a9c6ah2fYT/tgwd5k/oML8wB25s2bUrDhw+nrl27UsWKFdUiA3PQ5nptnsffPqXtM4tjzngxwUJpQ1Wz2wDXwcea1gNzLFNp88JIq/RcZx58P3ju/C8ajKiFxKP7i0yuXhCIRgSigsDDJW9zPw5Y8/l7tU+bfbQgM1NZMxnZxM/+XxA5m8UD/b8+n7aptFmlYsHAQWaIMEdg2quvvur4zs1gMiZr/NYEqP3heDHRwhc/YMAAeuyxx/z80Kb1AHNkpY3fpqmf/eNsPeAFCvvHtdsA16Txsokfpn4QPbsR8B7H+kzuMLFrcz0vSux/TjfCFhKPxq8wuWZBIHoRiFoCN8naJni8523aLO4jFCY2jgAH6cE/jveHDx9WJmQQmqmGzffYbipM81y8WPAdC+XsS1Vbt24tPfroo7RkyVJFzDqqXM8V/m7Mg89lK28em03seN+hQwd65JFHqHnzZsrcznMz58ELAZ4nj2u+Z3XP8zDnDFwqVkx2gv04Mt0ka7ZMsGrnhYBN3iZBe5G1kHj0fpnJlQsC0YZAuSdwL/M432j+3O23adrWatjnw2bVycFrMGnPmjWL1q1b55ixTbJmYuHzaDO3j5w54EybwGEKR6R3niJl3nfr1i20a9fuwrQuTk3TyhpjMXnD/83EzsFsvvdIe/OlsdWsWZPS0uoUzkWntXEqGROo15z1vNRVOgsWJnM+tlKlSmqhMHjwYBURb5rYgS9HouOcHMXOWLE74EiIXAg82r7C5HoFgehFIOoI3E15u5E3yET7vHUeNytvX/Q4fMfxSnE//vjjNHHihMKgNW26ZlM7K1j8dlPHtsLVhKvTtEIra30ukCgTJ8jZn7w1IZsWATf/OD4PJH7/Y/XYgb51PlYvIrRlgAPnsL9W++3plVemUlpamhNdb6azYQz2j2O+wN2NwE1yt4md/42FxKP3C02uXBCIJgTKNYG7mcaDKW/TnM1ky/5eM00sO1sTO4jp66+/pmuu6UO7du1ygsaCkTdI0ke4WmnzeZn4tDlbR4+bxG8qbah0TfTahO4j/rzCeWjlzqbxQJXuU+2BKt1eROgFCSwCdmCcJm+d+87zYIsBL0DY1D9w4EB68skn/ZS26VvX/nLk0+vIfCZwL9L2MqkLgUfTV5hcqyAQvQhEJYG7KW6TvPlvjjwHUfoKtGQ7Udh4bJCWdccddzjpVDbhMrG5K1xvRWuTd6BP23dsoGoH4aKKmvZr+x/rvmiw88eDK21T8fMiQke5B/rafYuI0047jeBqqFq1qiJ7Jm+2anAUu6m+wyVxm7SFxKP3S02uXBCIFgSihsCD+bqZsM3fpo8bpASy4WA2rRR1AZY335xB9957nxNpbZrJ/ZW1t2k7NFn7TOpuJKkVbiBZszqGydwXie5T7W7m+2BjIWWMyBwrmPIOdCO0bNmS3nnnHapWrZrjnjCD2WBSZ0sB5sGR92Y0um1Wt9W5mNGj5atLrlMQEASigsDDJW9Wz9gfZM0vKHEmb3zGqV4gn9dff13lVXP0uen/bdSoETVp0sRRw2ZeM5ubbZM+E6hJTOx
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--5abf65e2-70f8-455b-a6a7-73e602de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-03-31T10:42:26.000Z" ,
"modified" : "2018-03-31T10:42:26.000Z" ,
"first_observed" : "2018-03-31T10:42:26Z" ,
"last_observed" : "2018-03-31T10:42:26Z" ,
"number_observed" : 1 ,
"object_refs" : [
"file--5abf65e2-70f8-455b-a6a7-73e602de0b81" ,
"artifact--5abf65e2-70f8-455b-a6a7-73e602de0b81"
] ,
"labels" : [
"misp:type=\"attachment\"" ,
"misp:category=\"External analysis\"" ,
"osint:source-type=\"blog-post\""
]
} ,
{
"type" : "file" ,
"spec_version" : "2.1" ,
"id" : "file--5abf65e2-70f8-455b-a6a7-73e602de0b81" ,
"name" : "6a0133f264aa62970b01bb09fd6017970d-800wi.gif" ,
"content_ref" : "artifact--5abf65e2-70f8-455b-a6a7-73e602de0b81"
} ,
{
"type" : "artifact" ,
"spec_version" : "2.1" ,
"id" : "artifact--5abf65e2-70f8-455b-a6a7-73e602de0b81" ,
"payload_bin" : " R 0 l G O D l h q Q L 9 A f f / A I m I h / v b j f f Y s 6 q q q g 9 w 17 i 3 u P z 8 t e z B d v //4C+M3aCfn9//////69/f35VteLj+/ovZ+Pu1XY4vAPPz86jMyMXz9Km3ycLCwl22/t2OL8W7urnb83FucNjY2NPS02siSwBduaSJkAABiExNTfz8yrZeALyZqW93naSHZrdXgP+3n7Khpl+3t+zr6+Pj4nTB/pbcuc3NzQAvjpa028nV5FoAcOz//5KTo82wncjIyNbw01sALQtbXf/kmX3D3sioTVOg3qSou8+ogPDDlNPRyS+JlJ7j/wAAAN+23tnViMF0IdHOzazw8Nf8/OLa1Xyr2cTd4b6DZqrb8NjV1NeHj///wBg5gCMjdYelu/zP38TAvtrY1YYvgiFLmr29v0uNySksUfXw55/e3kue4wBVmpPG9tPZ3FxaKpF6P4fX/22RuyIjJFwAACl6wJ5LJFRl2Rk2Xy4AXf7tzY20jfzhtDZQzK6wswABLq+cgc7u/3+y5TUuh4/f///IkqTK9gQn4d/i5QAAXbSzssfGw87Jya6urX0nJ8zQ0vDww9TV10Ci5tuWV9nW2C8AgdvZ2Ln7vvj42VInJ4qx9rHo/9fm9J/r/0U8Z6vN7MvKyOHh4djZ2+r079vc3b7cxtv7tLHK8I5ZYYfS8MPFx6WgrS4AAKinqOzo5mXG/qSprOjp6uuzg0+t7GY5ZvDw2u/u7i4ALqteL9rw8Obm5cfM0R5esN3c2biW2pOJ2tva21dlhNjYvHediNDP0NXZ1d3Ak+fn6F623jlchNv83gAvs4DZ/bKy+Piyss/Mybb+4Oj/5P7m5EYyqZ1TAJzE5f/vwX0qAGJgYeHp9cj/3uP/zI/e34jW1qqMQYYsWf/y1f/qnYB92//4x0/A9vLLrHWczwUnX6urzsSi3C4uANUODl4uAPDwrN/fn/Dwylqs8PDw0s7w8KS72uGfT8vLzMjHyaqnm4HJpcJ9KaHBlv/43wAuLuDfw7LAztm6prnfksPYuNacddvq+fj4+PDw8P///////yH/C05FVFNDQVBFMi4wAwEAAAAh/wtYTVAgRGF0YVhNUDw/eHBhY2tldCBiZWdpbj0i77u/IiBpZD0iVzVNME1wQ2VoaUh6cmVTek5UY3prYzlkIj8+IDx4OnhtcG1ldGEgeG1sbnM6eD0iYWRvYmU6bnM6bWV0YS8iIHg6eG1wdGs9IkFkb2JlIFhNUCBDb3JlIDUuNi1jMTM4IDc5LjE1OTgyNCwgMjAxNi8wOS8xNC0wMTowOTowMSAgICAgICAgIj4gPHJkZjpSREYgeG1sbnM6cmRmPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5LzAyLzIyLXJkZi1zeW50YXgtbnMjIj4gPHJkZjpEZXNjcmlwdGlvbiByZGY6YWJvdXQ9IiIgeG1sbnM6eG1wPSJodHRwOi8vbnMuYWRvYmUuY29tL3hhcC8xLjAvIiB4bWxuczp4bXBNTT0iaHR0cDovL25zLmFkb2JlLmNvbS94YXAvMS4wL21tLyIgeG1sbnM6c3RSZWY9Imh0dHA6Ly9ucy5hZG9iZS5jb20veGFwLzEuMC9zVHlwZS9SZXNvdXJjZVJlZiMiIHhtcDpDcmVhdG9yVG9vbD0iQWRvYmUgUGhvdG9zaG9wIENDIDIwMTcgKFdpbmRvd3MpIiB4bXBNTTpJbnN0YW5jZUlEPSJ4bXAuaWlkOkQwREEyMTU1MkQ3MDExRTg4Nzc2RTNBOTVFMTkzMkUwIiB4bXBNTTpEb2N1bWVudElEPSJ4bXAuZGlkOkQwREEyMTU2MkQ3MDExRTg4Nzc2RTNBOTVFMTkzMkUwIj4gPHhtcE1NOkRlcml2ZWRGcm9tIHN0UmVmOmluc3RhbmNlSUQ9InhtcC5paWQ6RDBEQTIxNTMyRDcwMTFFODg3NzZFM0E5NUUxOTMyRTAiIHN0UmVmOmRvY3VtZW50SUQ9InhtcC5kaWQ6RDBEQTIxNTQyRDcwMTFFODg3NzZFM0E5NUUxOTMyRTAiLz4gPC9yZGY6RGVzY3JpcHRpb24+IDwvcmRmOlJERj4gPC94OnhtcG1ldGE+IDw/eHBhY2tldCBlbmQ9InIiPz4B//79/Pv6+fj39vX08/Lx8O/u7ezr6uno5+bl5OPi4eDf3t3c29rZ2NfW1dTT0tHQz87NzMvKycjHxsXEw8LBwL++vby7urm4t7a1tLOysbCvrq2sq6qpqKempaSjoqGgn56dnJuamZiXlpWUk5KRkI+OjYyLiomIh4aFhIOCgYB/fn18e3p5eHd2dXRzcnFwb25tbGtqaWhnZmVkY2JhYF9eXVxbWllYV1ZVVFNSUVBPTk1MS0pJSEdGRURDQkFAPz49PDs6OTg3NjU0MzIxMC8uLSwrKikoJyYlJCMiISAfHh0cGxoZGBcWFRQTEhEQDw4NDAsKCQgHBgUEAwIBAAAh+QQFlgD/ACwAAAAAqQL9AQAI/wAHCBxIsKDBgwgTKlzIsKHDhxAjSpxIsaLFixgzatzIsaPHjyBDihxJEqK/kyhTqlzJsqXLlzBjypxJs6bNmzhz6tzJs6fPn0CDCh1KtKjRo0iTyhSotKnTp1CjSp1KtarVq1izasXJdKvXr2DDih1LtqzZs1q7ol3Ltq3bt3Djyp17Ui3du3jz6t3Lt+9au34DCx5MuLBhw4BZ0vhyCQqUw5AjS55MubLPxCoptfnypY1nb5Qsix5NurTpu5hRzmjj4wmQL6896zlNu7bt27iVpvZ3qc2TOV9oBSsCxEfnJ7mTK1/OvOkNBc+jQ1eQVEGLlamo20zNr02wLxLaWP/59o1WmyJ62kRbicDEOpXdbuSJKWdUnvb3Tcxv6Uv6jUv47RSgSwOeVN9+7OnX3IIMNkiTditBaFR2qaTUggIVbjdAS5cUYcV3cHCgxghw+LaZNwkOgGB79tGEX4EtDQjjTTOqVCOBCjqo44463tCSj0lld50/QnK1IUtfBGPFACMA0MBJuXRh3hNtJFjAJSjRYUGOMr3IZYw53ujilwkiGJOYPKap5mkSptSmURemEmdOqbXRxQkc4OEPAyfZY4UanFVpownqmLDAnjjooKAceDy3gT/xQbeOl/nN54ukZZ7UXi8KKIBlgF4e8xyW/sjRKQWLQjfKAu0VMIowJnD/6qk/Xrq6gKkKoGrmmrz2KhqQKwEbZKdDGtlSG99oQYQCThAhCADQWNFZZ2X68qgc4CSjX3vXtkiroZQWOKOMJgRhAx2jNAHqtu75g666JjwaX6Xu+tHep+XacKCX+Morn68AB1zVdP5Bh9SbJyFc1IU3FHtTamp8w8s8RAAAAB4aYGKFd0UImhJ+2NpwzwYgr3rSyCc/Gq6CdES3K7nzzcPufJR+m0fINjMa3aQKDmhtzTijKfDQRNMlbEpHT2hdkcay5MU3dkwQRhithGHKORrI0MWdZTKAQy/g2FDyof5Y6+57NlNa3wJevxxmzzOnDffNYedssqZzI0py3EGT/1n034C/pbDCQs3pj+EaurTHNyEIYgrVptSzwjdWdGFPpgLM6mW3bBuKd6X40RH2gYPut24eXj/aMr2bQyrfvSiti+XaNXPr+q6B5647WUmf1LtQTJ8UPE27HfLNCNBA44ACGhCRixVXBMNPpgxocGiAuP7bH3TZzoyf1zcEUYjbpufdsgJbss4ydLqW2ukNPNNsQgHQqRy3u+z7vfv+/GNF8P+EAwqGVtKC371kN/7wAjQKUQg8cCB547EEIPpHwQpaUDIIJBIneOGFQgAADN/IhSkuSMISmjAvGUTJBLxwAkuMYnonjKEMZ1iWFNLwhjjMoVdsqMMe+vCHSeEhEP+HSMQiNs2ISEyiEol3pCU68YlPFCIUp0jFE0qxiljM4v6uqMUuelFgAumHGMdIxjKa8YxoTKMa18jGNrrxjXCMoxznSMc62vGOeMyjHvfIxz768Y+ADKQgB0nINoaxkIhMpCIXychGOvKRkIykJCdJyUrK8ZCWzKQmN8nJTnryk6AMpSgpiclRmvKUqEylKlfJyla6sh+
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5abf6633-5e18-4ccb-88ed-bdd602de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-03-31T10:42:59.000Z" ,
"modified" : "2018-03-31T10:42:59.000Z" ,
"description" : "One thing we noticed right away is that all the samples we collected attempted to download a jar file from https://vvrhhhnaijyj6s2m[.]onion[dot]top. We followed the onion link and found it is a service hosted by QUAverse." ,
"pattern" : "[url:value = 'https://vvrhhhnaijyj6s2m.onion.top']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-03-31T10:42:59Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-attribute" ,
"spec_version" : "2.1" ,
"id" : "x-misp-attribute--5abf66b8-94b4-4306-bc6b-9b3a02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-03-31T10:45:12.000Z" ,
"modified" : "2018-03-31T10:45:12.000Z" ,
"labels" : [
"misp:type=\"text\"" ,
"misp:category=\"Support Tool\""
] ,
"x_misp_category" : "Support Tool" ,
"x_misp_comment" : "Config of jRAT" ,
"x_misp_type" : "text" ,
"x_misp_value" : "{\r\n\t\"NETWORK\": [\r\n\t\t{\r\n\t\t\t\"PORT\": 1999,\r\n\t\t\t\"DNS\": \"174.127.99.225\"\r\n\t\t},\r\n\t\t{\r\n\t\t\t\"PORT\": 4987,\r\n\t\t\t\"DNS\": \"174.127.99.225\"\r\n\t\t}\r\n\t],\r\n\t\"INSTALL\": true,\r\n\t\"MODULE_PATH\": \"taM/Xkc/WE.xFP\",\r\n\t\"PLUGIN_FOLDER\": \"cHvEFmnnAYl\",\r\n\t\"JRE_FOLDER\": \"syeyIK\",\r\n\t\"JAR_FOLDER\": \"WEAvkYONVeS\",\r\n\t\"JAR_EXTENSION\": \"OSTZIm\",\r\n\t\"ENCRYPT_KEY\": \"gGgQBEKfxHgELZmseiHwZkjdB\",\r\n\t\"DELAY_INSTALL\": 2,\r\n\t\"NICKNAME\": \"User\",\r\n\t\"VMWARE\": false,\r\n\t\"PLUGIN_EXTENSION\": \"oCYYC\",\r\n\t\"WEBSITE_PROJECT\": \"https://jrat.io\",\r\n\t\"JAR_NAME\": \"dzjQhyXWvSo\",\r\n\t\"SECURITY\": [\r\n\t\t{\r\n\t\t\t\"REG\": [\r\n\t\t\t\t{\r\n\t\t\t\t\t\"VALUE\": \"\\\"SaveZoneInformation\\\"=dword:00000001\\r\\n\",\r\n\t\t\t\t\t\"KEY\": \"[HKEY_CURRENT_USER\\\\Software\\\\Microsoft\\\\Windows\\\\CurrentVersion\\\\Policies\\\\Attachments]\"\r\n\t\t\t\t},\r\n\t\t\t\t{\r\n\t\t\t\t\t\"VALUE\": \"\\\"LowRiskFileTypes\\\"=\\\".avi;.bat;.com;.cmd;.exe;.htm;.html;.lnk;.mpg;.mpeg;.mov;.mp3;.msi;.m3u;.rar;.reg;.txt;.vbs;.wav;.zip;.jar;\\\"\\r\\n\",\r\n\t\t\t\t\t\"KEY\": \"[HKEY_CURRENT_USER\\\\Software\\\\Microsoft\\\\Windows\\\\CurrentVersion\\\\Policies\\\\Associations]\"\r\n\t\t\t\t},\r\n\t\t\t\t{\r\n\t\t\t\t\t\"VALUE\": \"\\\"SaveZoneInformation\\\"=-\\r\\n\",\r\n\t\t\t\t\t\"KEY\": \"[HKEY_LOCAL_MACHINE\\\\SOFTWARE\\\\Microsoft\\\\Windows\\\\CurrentVersion\\\\Policies\\\\Attachments]\"\r\n\t\t\t\t},\r\n\t\t\t\t{\r\n\t\t\t\t\t\"VALUE\": \"\\\"LowRiskFileTypes\\\"=-\\r\\n\",\r\n\t\t\t\t\t\"KEY\": \"[HKEY_LOCAL_MACHINE\\\\SOFTWARE\\\\Microsoft\\\\Windows\\\\CurrentVersion\\\\Policies\\\\Associations]\"\r\n\t\t\t\t}\r\n\t\t\t],\r\n\t\t\t\"NAME\": \"Open-File Security Warning\"\r\n\t\t},\r\n\t\t{\r\n\t\t\t\"REG\": [\r\n\t\t\t\t{\r\n\t\t\t\t\t\"VALUE\": \"\\\"SEE_MASK_NOZONECHECKS\\\"=\\\"1\\\"\\r\\n\",\r\n\t\t\t\t\t\"KEY\": \"[HKEY_CURRENT_USER\\\\Environment]\"\r\n\t\t\t\t},\r\n\t\t\t\t{\r\n\t\t\t\t\t\"VALUE\": \"\\\"SEE_MASK_NOZONECHECKS\\\"=\\\"1\\\"\\r\\n\",\r\n\t\t\t\t\t\"KEY\": \"[HKEY_LOCAL_MACHINE\\\\SYSTEM\\\\CurrentControlSet\\\\Control\\\\Session Manager\\\\Environment]\"\r\n\t\t\t\t}\r\n\t\t\t],\r\n\t\t\t\"NAME\": \"Disable Zone Checking\"\r\n\t\t},\r\n\t\t{\r\n\t\t\t\"REG\": [\r\n\t\t\t\t{\r\n\t\t\t\t\t\"VALUE\": \"\\\"ConsentPromptBehaviorAdmin\\\"=dword:00000000\\r\\n\\\"ConsentPromptBehaviorUser\\\"=dword:00000000\\r\\n\\\"EnableLUA\\\"=dword:00000000\\r\\n\\\"PromptOnSecureDesktop\\\"=dword:00000000\\r\\n\",\r\n\t\t\t\t\t\"KEY\": \"[HKEY_LOCAL_MACHINE\\\\SOFTWARE\\\\Microsoft\\\\Windows\\\\CurrentVersion\\\\Policies\\\\System]\"\r\n\t\t\t\t}\r\n\t\t\t],\r\n\t\t\t\"PROCESS\": [\r\n\t\t\t\t\"UserAccountControlSettings.exe\"\r\n\t\t\t],\r\n\t\t\t\"NAME\": \"User Account Control\"\r\n\t\t},\r\n\t\t{\r\n\t\t\t\"REG\": [\r\n\t\t\t\t{\r\n\t\t\t\t\t\"VALUE\": \"\\\"DisableTaskMgr\\\"=dword:00000002\\r\\n\",\r\n\t\t\t\t\t\"KEY\": \"[HKEY_CURRENT_USER\\\\Software\\\\Microsoft\\\\Windows\\\\CurrentVersion\\\\Policies\\\\System]\"\r\n\t\t\t\t}\r\n\t\t\t],\r\n\t\t\t\"PROCESS\": [\r\n\t\t\t\t\"Taskmgr.exe\"\r\n\t\t\t],\r\n\t\t\t\"NAME\": \"Task Manager\"\r\n\t\t},\r\n\t\t{\r\n\t\t\t\"REG\": [\r\n\t\t\t\t{\r\n\t\t\t\t\t\"VALUE\": \"\\\"DisableConfig\\\"=dword:00000001\\r\\n\\\"DisableSR\\\"=dword:00000001\\r\\n\",\r\n\t\t\t\t\t\"KEY\": \"[HKEY_LOCAL_MACHINE\\\\SOFTWARE\\\\Policies\\\\Microsoft\\\\Windows NT\\\\SystemRestore]\"\r\n\t\t\t\t}\r\n\t\t\t],\r\n\t\t\t\"NAME\": \"Restore System\"\r\n\t\t},\r\n\t\t{\r\n\t\t\t\"PROCESS\": [\r\n\t\t\t\t\"ProcessHacker.exe\"\r\n\t\t\t],\r\n\t\t\t\"NAME\": \"Process Hacker\"\r\n\t\t},\r\n\t\t{\r\n\t\t\t\"PROCESS\": [\r\n\t\t\t\t\"procexp.exe\"\r\n\t\t\t],\r\n\t\t\t\"NAME\": \"MsConfig\"\r\n\t\t},\r\n\t\t{\r\n\t\t\t\"PROCESS\": [\r\n\t\t\t\t\"MSASCui.exe\",\r\n\t\t\t\t\"MsMpEng.exe\",\r\n\t\t\t\t\"MpUXSrv.exe\",\r\n\t\t\t\t\"MpCmdRun.exe\",\r\n\t\t\t\t\"NisSrv.exe\",\r\n\t\t\t\t\"ConfigSecurityPolicy.exe\"\r\n\t\t\t],\r\n\t\t\t\"NAME\": \"Windows Defender\"\r\n\t\t},\r\n\t\t{\r\n\t\t\t\" P R O
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5abf66e1-b310-4869-bcf2-bca202de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-03-31T10:45:53.000Z" ,
"modified" : "2018-03-31T10:45:53.000Z" ,
"description" : "On port 1999" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '174.127.99.225' AND network-traffic:dst_port = '1999']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-03-31T10:45:53Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst|port\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5abf66e2-5c9c-4390-ba87-bca202de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-03-31T10:45:54.000Z" ,
"modified" : "2018-03-31T10:45:54.000Z" ,
"description" : "On port 4987" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '174.127.99.225' AND network-traffic:dst_port = '4987']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-03-31T10:45:54Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst|port\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--5abf66fd-8984-4e4c-9b22-bdd602de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-03-31T10:46:21.000Z" ,
"modified" : "2018-03-31T10:46:21.000Z" ,
"first_observed" : "2018-03-31T10:46:21Z" ,
"last_observed" : "2018-03-31T10:46:21Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--5abf66fd-8984-4e4c-9b22-bdd602de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--5abf66fd-8984-4e4c-9b22-bdd602de0b81" ,
"value" : "https://pastebin.com/raw/PvKLJAWP"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--9f8377a2-614a-4c95-b23c-9843916ce750" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-03-31T10:36:19.000Z" ,
"modified" : "2018-03-31T10:36:19.000Z" ,
"pattern" : "[file:hashes.MD5 = '2f021a10804ac5db5ceb43b42f785a23' AND file:hashes.SHA1 = 'edcbc508c19118f11daac029020f2a55f5cdc115' AND file:hashes.SHA256 = 'a42909490789d8ceb0c62f3a8cfd8d9d6e94d4e4199c4d31dffb6a2b36a67771']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-03-31T10:36:19Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--4887e799-a946-45b9-b17d-829e83965fb8" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-03-31T10:36:18.000Z" ,
"modified" : "2018-03-31T10:36:18.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/a42909490789d8ceb0c62f3a8cfd8d9d6e94d4e4199c4d31dffb6a2b36a67771/analysis/1522272575/" ,
"category" : "External analysis" ,
"comment" : "Analyzed samples" ,
"uuid" : "5abf64a2-60b8-4859-8de4-4fee02de0b81"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "24/60" ,
"category" : "Other" ,
"comment" : "Analyzed samples" ,
"uuid" : "5abf64a2-1e6c-4181-bf62-4fee02de0b81"
} ,
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2018-03-28T21:29:35" ,
"category" : "Other" ,
"comment" : "Analyzed samples" ,
"uuid" : "5abf64a2-300c-4d8e-93e1-4fee02de0b81"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--506f740b-a199-4f1e-b7ba-67e253b26d05" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-03-31T10:36:22.000Z" ,
"modified" : "2018-03-31T10:36:22.000Z" ,
"pattern" : "[file:hashes.MD5 = 'ae77ffba57049418e5a720bf77d178a5' AND file:hashes.SHA1 = 'ff179cd437f2e4b93758adbe77e19e34610074ec' AND file:hashes.SHA256 = 'eb42177017e06ac8afc21f8d3b713417bf25da0f3de678a52625cf9f6bf5a050']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-03-31T10:36:22Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--19044ae8-56c6-4576-b6d2-67ea8f010aa1" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-03-31T10:36:20.000Z" ,
"modified" : "2018-03-31T10:36:20.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/eb42177017e06ac8afc21f8d3b713417bf25da0f3de678a52625cf9f6bf5a050/analysis/1522335324/" ,
"category" : "External analysis" ,
"comment" : "Analyzed samples" ,
"uuid" : "5abf64a4-4468-4e18-9d35-4fee02de0b81"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "29/59" ,
"category" : "Other" ,
"comment" : "Analyzed samples" ,
"uuid" : "5abf64a5-7660-4946-bbb2-4fee02de0b81"
} ,
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2018-03-29T14:55:24" ,
"category" : "Other" ,
"comment" : "Analyzed samples" ,
"uuid" : "5abf64a5-0124-4e58-a6dd-4fee02de0b81"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--ebbafa48-355a-4f73-9227-d05329f24cb7" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-03-31T10:36:24.000Z" ,
"modified" : "2018-03-31T10:36:24.000Z" ,
"pattern" : "[file:hashes.MD5 = '6392741705126cb97a837cbb046cfe73' AND file:hashes.SHA1 = '54b13ce9069beee3cd0a2ffe3bb404d5d92144ed' AND file:hashes.SHA256 = 'aefe7a967c92cb76af1defac59d88a2d57d0c6526c94f782ac0e19935be1e30c']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-03-31T10:36:24Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--fc2df7b7-772d-4ad1-97fb-be696f3a14d2" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-03-31T10:36:22.000Z" ,
"modified" : "2018-03-31T10:36:22.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/aefe7a967c92cb76af1defac59d88a2d57d0c6526c94f782ac0e19935be1e30c/analysis/1522121609/" ,
"category" : "External analysis" ,
"comment" : "Analyzed samples" ,
"uuid" : "5abf64a7-1990-458d-a62d-4fee02de0b81"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "30/59" ,
"category" : "Other" ,
"comment" : "Analyzed samples" ,
"uuid" : "5abf64a7-7ba0-45e3-9966-4fee02de0b81"
} ,
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2018-03-27T03:33:29" ,
"category" : "Other" ,
"comment" : "Analyzed samples" ,
"uuid" : "5abf64a7-98c0-4d7e-9346-4fee02de0b81"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--bf58b01a-22fa-49d9-82b7-e3bfad752bd0" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-03-31T10:36:26.000Z" ,
"modified" : "2018-03-31T10:36:26.000Z" ,
"pattern" : "[file:hashes.MD5 = '64d72c5c86d3638034cd83178abcb82f' AND file:hashes.SHA1 = 'cf1f9dba740778df3bea9a7903b030aa9b916d90' AND file:hashes.SHA256 = '7aff36d38eaad0bd01d04c71dbafa4e637008be17e06397c9191826671be4964']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-03-31T10:36:26Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--c9dec079-cde4-4d06-ac74-b79ef362ad00" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-03-31T10:36:25.000Z" ,
"modified" : "2018-03-31T10:36:25.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/7aff36d38eaad0bd01d04c71dbafa4e637008be17e06397c9191826671be4964/analysis/1522274126/" ,
"category" : "External analysis" ,
"comment" : "Analyzed samples" ,
"uuid" : "5abf64a9-d1d4-49a9-8a98-4fee02de0b81"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "26/49" ,
"category" : "Other" ,
"comment" : "Analyzed samples" ,
"uuid" : "5abf64aa-f510-47f9-9a22-4fee02de0b81"
} ,
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2018-03-28T21:55:26" ,
"category" : "Other" ,
"comment" : "Analyzed samples" ,
"uuid" : "5abf64aa-e2d8-4be0-a606-4fee02de0b81"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--4496c403-6bc9-4d06-9f90-c56776eaaa02" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-03-31T10:36:29.000Z" ,
"modified" : "2018-03-31T10:36:29.000Z" ,
"pattern" : "[file:hashes.MD5 = '1eb3f344a0274bfa38c67f6b10650dcf' AND file:hashes.SHA1 = 'a495a93bec5e5cd234dc13c680e15a5e331d19b1' AND file:hashes.SHA256 = '8e4e858584704d7df6b0c3221a2b1d169f072e40aec0cc74340dbe4b6b15e60f']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-03-31T10:36:29Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--faaf775c-f3bc-4c06-986d-0eda27ef4706" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-03-31T10:36:27.000Z" ,
"modified" : "2018-03-31T10:36:27.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/8e4e858584704d7df6b0c3221a2b1d169f072e40aec0cc74340dbe4b6b15e60f/analysis/1522335418/" ,
"category" : "External analysis" ,
"comment" : "Analyzed samples" ,
"uuid" : "5abf64ab-d81c-4d74-b375-4fee02de0b81"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "31/59" ,
"category" : "Other" ,
"comment" : "Analyzed samples" ,
"uuid" : "5abf64ac-ea60-4fcb-95bf-4fee02de0b81"
} ,
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2018-03-29T14:56:58" ,
"category" : "Other" ,
"comment" : "Analyzed samples" ,
"uuid" : "5abf64ac-6abc-4be2-a17a-4fee02de0b81"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--e063f17d-444d-4129-ae42-2a5fe0de69cc" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-03-31T10:36:31.000Z" ,
"modified" : "2018-03-31T10:36:31.000Z" ,
"pattern" : "[file:hashes.MD5 = 'c52247ecffb2f7a42ef6fa0336671545' AND file:hashes.SHA1 = '82822da7d5cf63fd472895c389d0a7e8a9e698c7' AND file:hashes.SHA256 = '8ab8abba46e9b64ce27b03a25dabd69706bf90e2ebede22b211a2da37676ce55']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-03-31T10:36:31Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--c825cfef-d1db-481f-a382-9735dd1720cb" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-03-31T10:36:30.000Z" ,
"modified" : "2018-03-31T10:36:30.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/8ab8abba46e9b64ce27b03a25dabd69706bf90e2ebede22b211a2da37676ce55/analysis/1522276988/" ,
"category" : "External analysis" ,
"comment" : "Analyzed samples" ,
"uuid" : "5abf64ae-d24c-44f7-a725-4fee02de0b81"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "31/60" ,
"category" : "Other" ,
"comment" : "Analyzed samples" ,
"uuid" : "5abf64ae-332c-4626-86e2-4fee02de0b81"
} ,
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2018-03-28T22:43:08" ,
"category" : "Other" ,
"comment" : "Analyzed samples" ,
"uuid" : "5abf64ae-8c44-4904-b8c6-4fee02de0b81"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--45b7f55b-64f2-4363-807a-aa68041fb61b" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-03-31T10:36:34.000Z" ,
"modified" : "2018-03-31T10:36:34.000Z" ,
"pattern" : "[file:hashes.MD5 = 'daa0833d16cd9b6937803d1637284ad1' AND file:hashes.SHA1 = 'ae7a6b6235a4d827cef54152bca237a30cff9f1e' AND file:hashes.SHA256 = '445a73d4dc4c76b73d35233b2bfba3ee178eb2605def1542c2267375db1ee24c']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-03-31T10:36:34Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--92284358-1b21-472b-9385-89fb4fa7e8ef" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-03-31T10:36:32.000Z" ,
"modified" : "2018-03-31T10:36:32.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/445a73d4dc4c76b73d35233b2bfba3ee178eb2605def1542c2267375db1ee24c/analysis/1522142541/" ,
"category" : "External analysis" ,
"comment" : "Analyzed samples" ,
"uuid" : "5abf64b0-3598-45c7-a58c-4fee02de0b81"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "33/59" ,
"category" : "Other" ,
"comment" : "Analyzed samples" ,
"uuid" : "5abf64b1-43c4-4ce3-9e6c-4fee02de0b81"
} ,
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2018-03-27T09:22:21" ,
"category" : "Other" ,
"comment" : "Analyzed samples" ,
"uuid" : "5abf64b1-50c0-46e8-b52d-4fee02de0b81"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--7eebf218-879f-46fc-a3cc-d636fd99abe7" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-03-31T10:36:36.000Z" ,
"modified" : "2018-03-31T10:36:36.000Z" ,
"pattern" : "[file:hashes.MD5 = '8ae2c573bc0e0492efeabe78495c591e' AND file:hashes.SHA1 = '3fd3e9a0b0e9cfceccbc0fef6eb19da2e066bc6e' AND file:hashes.SHA256 = 'a0c261c86f3e46f1b6ccd5bc8f706ffe77ff70528ca7961fd8fbd6529a1be993']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-03-31T10:36:36Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--e91e2a7b-10e6-4190-9b38-817b7eced5b9" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-03-31T10:36:34.000Z" ,
"modified" : "2018-03-31T10:36:34.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/a0c261c86f3e46f1b6ccd5bc8f706ffe77ff70528ca7961fd8fbd6529a1be993/analysis/1522275361/" ,
"category" : "External analysis" ,
"comment" : "Analyzed samples" ,
"uuid" : "5abf64b2-c0d8-4443-8392-4fee02de0b81"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "29/59" ,
"category" : "Other" ,
"comment" : "Analyzed samples" ,
"uuid" : "5abf64b3-3f1c-4128-bddf-4fee02de0b81"
} ,
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2018-03-28T22:16:01" ,
"category" : "Other" ,
"comment" : "Analyzed samples" ,
"uuid" : "5abf64b3-f7e0-4ada-bc17-4fee02de0b81"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
"id" : "relationship--cad2cc20-add4-41c4-b6cb-ae9229745791" ,
"created" : "2018-03-31T10:36:35.000Z" ,
"modified" : "2018-03-31T10:36:35.000Z" ,
2023-04-21 13:25:09 +00:00
"relationship_type" : "analysed-with" ,
2023-06-14 17:31:25 +00:00
"source_ref" : "indicator--9f8377a2-614a-4c95-b23c-9843916ce750" ,
"target_ref" : "x-misp-object--4887e799-a946-45b9-b17d-829e83965fb8"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
"id" : "relationship--10281790-e604-4b30-b47a-34c51108daf5" ,
"created" : "2018-03-31T10:36:35.000Z" ,
"modified" : "2018-03-31T10:36:35.000Z" ,
2023-04-21 13:25:09 +00:00
"relationship_type" : "analysed-with" ,
2023-06-14 17:31:25 +00:00
"source_ref" : "indicator--506f740b-a199-4f1e-b7ba-67e253b26d05" ,
"target_ref" : "x-misp-object--19044ae8-56c6-4576-b6d2-67ea8f010aa1"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
"id" : "relationship--a8c37c4b-0987-4d0c-9819-b5d153e61671" ,
"created" : "2018-03-31T10:36:36.000Z" ,
"modified" : "2018-03-31T10:36:36.000Z" ,
2023-04-21 13:25:09 +00:00
"relationship_type" : "analysed-with" ,
2023-06-14 17:31:25 +00:00
"source_ref" : "indicator--ebbafa48-355a-4f73-9227-d05329f24cb7" ,
"target_ref" : "x-misp-object--fc2df7b7-772d-4ad1-97fb-be696f3a14d2"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
"id" : "relationship--e4c187c5-5cd0-4760-91e1-feb1ef64bfc3" ,
"created" : "2018-03-31T10:36:36.000Z" ,
"modified" : "2018-03-31T10:36:36.000Z" ,
2023-04-21 13:25:09 +00:00
"relationship_type" : "analysed-with" ,
2023-06-14 17:31:25 +00:00
"source_ref" : "indicator--bf58b01a-22fa-49d9-82b7-e3bfad752bd0" ,
"target_ref" : "x-misp-object--c9dec079-cde4-4d06-ac74-b79ef362ad00"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
"id" : "relationship--acec2e68-3fb1-41f1-970f-67ca368e0076" ,
"created" : "2018-03-31T10:36:36.000Z" ,
"modified" : "2018-03-31T10:36:36.000Z" ,
2023-04-21 13:25:09 +00:00
"relationship_type" : "analysed-with" ,
2023-06-14 17:31:25 +00:00
"source_ref" : "indicator--4496c403-6bc9-4d06-9f90-c56776eaaa02" ,
"target_ref" : "x-misp-object--faaf775c-f3bc-4c06-986d-0eda27ef4706"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
"id" : "relationship--26f314fe-04ba-4602-b9b2-e4c21473bd9a" ,
"created" : "2018-03-31T10:36:36.000Z" ,
"modified" : "2018-03-31T10:36:36.000Z" ,
2023-04-21 13:25:09 +00:00
"relationship_type" : "analysed-with" ,
2023-06-14 17:31:25 +00:00
"source_ref" : "indicator--e063f17d-444d-4129-ae42-2a5fe0de69cc" ,
"target_ref" : "x-misp-object--c825cfef-d1db-481f-a382-9735dd1720cb"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
"id" : "relationship--a983e84a-b8f1-4138-a6fa-c84bcd919de3" ,
"created" : "2018-03-31T10:36:36.000Z" ,
"modified" : "2018-03-31T10:36:36.000Z" ,
2023-04-21 13:25:09 +00:00
"relationship_type" : "analysed-with" ,
2023-06-14 17:31:25 +00:00
"source_ref" : "indicator--45b7f55b-64f2-4363-807a-aa68041fb61b" ,
"target_ref" : "x-misp-object--92284358-1b21-472b-9385-89fb4fa7e8ef"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
"id" : "relationship--6427899a-cc6d-4ebe-a88a-1f260ce3fe18" ,
"created" : "2018-03-31T10:36:36.000Z" ,
"modified" : "2018-03-31T10:36:36.000Z" ,
2023-04-21 13:25:09 +00:00
"relationship_type" : "analysed-with" ,
2023-06-14 17:31:25 +00:00
"source_ref" : "indicator--7eebf218-879f-46fc-a3cc-d636fd99abe7" ,
"target_ref" : "x-misp-object--e91e2a7b-10e6-4190-9b38-817b7eced5b9"
} ,
{
"type" : "marking-definition" ,
"spec_version" : "2.1" ,
"id" : "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ,
"created" : "2017-01-20T00:00:00.000Z" ,
"definition_type" : "tlp" ,
"name" : "TLP:WHITE" ,
"definition" : {
"tlp" : "white"
}
}
2023-04-21 13:25:09 +00:00
]
}